(ws-wss4j) branch coheigea/saml-refactor-new updated: Moving SignatureTrustValidator out of DOM API

coheigea Tue, 08 Jul 2025 06:47:46 -0700

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git



The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by 
this push:
     new 1e9802ca8 Moving SignatureTrustValidator out of DOM API
1e9802ca8 is described below

commit 1e9802ca82d20546da58797198fb3489d533df78
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Tue Jul 8 14:39:10 2025 +0100

    Moving SignatureTrustValidator out of DOM API
---
 .../org/apache/wss4j}/dom/validate/SignatureTrustValidator.java  | 4 +++-
 .../services/org.apache.wss4j.api.dom.validate.Validator         | 2 +-
 .../wss4j/common/saml/validate/SamlAssertionValidator.java       | 9 ++++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git 
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/validate/SignatureTrustValidator.java
 
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
similarity index 97%
rename from 
ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/validate/SignatureTrustValidator.java
rename to 
ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
index 2322f1b93..192de0674 100644
--- 
a/ws-security-api-dom/src/main/java/org/apache/wss4j/api/dom/validate/SignatureTrustValidator.java
+++ 
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.wss4j.api.dom.validate;
+package org.apache.wss4j.dom.validate;
 
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
@@ -29,6 +29,8 @@ import javax.xml.namespace.QName;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.api.dom.WSConstants;
+import org.apache.wss4j.api.dom.validate.Credential;
+import org.apache.wss4j.api.dom.validate.Validator;
 import org.apache.wss4j.api.dom.RequestData;
 
 /**
diff --git 
a/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.api.dom.validate.Validator
 
b/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.api.dom.validate.Validator
index 591bb4732..2ec16ca7a 100644
--- 
a/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.api.dom.validate.Validator
+++ 
b/ws-security-dom/src/main/resources/META-INF/services/org.apache.wss4j.api.dom.validate.Validator
@@ -1,3 +1,3 @@
-org.apache.wss4j.api.dom.validate.SignatureTrustValidator
+org.apache.wss4j.dom.validate.SignatureTrustValidator
 org.apache.wss4j.dom.validate.TimestampValidator
 org.apache.wss4j.dom.validate.UsernameTokenValidator
diff --git 
a/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/validate/SamlAssertionValidator.java
 
b/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/validate/SamlAssertionValidator.java
index 5535a71d2..2d854f9c7 100644
--- 
a/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/validate/SamlAssertionValidator.java
+++ 
b/ws-security-saml/src/main/java/org/apache/wss4j/common/saml/validate/SamlAssertionValidator.java
@@ -26,7 +26,7 @@ import javax.xml.namespace.QName;
 
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.api.dom.validate.Credential;
-import org.apache.wss4j.api.dom.validate.SignatureTrustValidator;
+import org.apache.wss4j.api.dom.validate.Validator;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
@@ -44,7 +44,7 @@ import org.opensaml.saml.common.SAMLVersion;
  * checks that the Subject contains a KeyInfo (and processes it) for the 
holder-of-key case,
  * and verifies that the Assertion is signed as well for holder-of-key.
  */
-public class SamlAssertionValidator extends SignatureTrustValidator {
+public class SamlAssertionValidator implements Validator {
 
     private static final org.slf4j.Logger LOG =
         org.slf4j.LoggerFactory.getLogger(SamlAssertionValidator.class);
@@ -216,7 +216,10 @@ public class SamlAssertionValidator extends 
SignatureTrustValidator {
         SAMLKeyInfo samlKeyInfo = samlAssertion.getSignatureKeyInfo();
         trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
         trustCredential.setCertificates(samlKeyInfo.getCerts());
-        return super.validate(trustCredential, data);
+
+        // Delegate to signature validator
+        Validator validator = 
data.getWssConfig().getValidator(WSConstants.SIGNATURE);
+        return validator.validate(trustCredential, data);
     }
 
     /**

(ws-wss4j) branch coheigea/saml-refactor-new updated: Moving SignatureTrustValidator out of DOM API

Reply via email to