--- wss4j-1.5.7.orig/debian/build.xml
+++ wss4j-1.5.7/debian/build.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
--- wss4j-1.5.7.orig/debian/copyright
+++ wss4j-1.5.7/debian/copyright
@@ -0,0 +1,35 @@
+This package was debianized by Thierry Carrez on
+Wed, 22 Jul 2009 14:17:32 +0200
+
+Source tarballs are rebuilt from the source ZIP files downloaded from
+http://www.apache.org/dist/ws/wss4j/
+
+Copyright:
+ Copyright (C) 2003-2006 The Apache Software Foundation
+
+Authors:
+ Davanum Srinivas
+ Werner Dittmann
+ Ias
+ Ruchith Fernando
+ Fred Dushin
+ Colm O hEigeartaigh
+ Nandana Mihindukulasooriya
+
+License:
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+On Debian GNU/Linux and Ubuntu systems, the complete text of the Apache 2.0
+License can be found in the /usr/share/common-licenses/Apache-2.0 file.
+
+The same license and copyright applies to the Debian packaging.
--- wss4j-1.5.7.orig/debian/README.Debian
+++ wss4j-1.5.7/debian/README.Debian
@@ -0,0 +1,4 @@
+Please note that in order to reduce dependencies, the Debian WSS4J package
+currently doesn't provide SAML token support.
+
+-- Thierry Carrez Wed, 22 Jul 2009 15:29:08 +0200
--- wss4j-1.5.7.orig/debian/changelog
+++ wss4j-1.5.7/debian/changelog
@@ -0,0 +1,5 @@
+wss4j (1.5.7-0ubuntu1) karmic; urgency=low
+
+ * Initial release (LP: #403003)
+
+ -- Thierry Carrez Wed, 22 Jul 2009 15:29:35 +0200
--- wss4j-1.5.7.orig/debian/compat
+++ wss4j-1.5.7/debian/compat
@@ -0,0 +1 @@
+5
--- wss4j-1.5.7.orig/debian/rules
+++ wss4j-1.5.7/debian/rules
@@ -0,0 +1,26 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/ant.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
+
+SRCARCHIVE := http://www.apache.org/dist/ws/wss4j
+SRCDIRECTORY := $(shell echo $(DEB_UPSTREAM_VERSION) | sed 'y/\./_/')
+JAVA_HOME := /usr/lib/jvm/default-java
+DEB_ANT_CLEAN_TARGET := debian-clean
+DEB_ANT_BUILDFILE := debian/build.xml
+DEB_JARS := axis commons-logging xalan2 bcprov jaxrpc xml-security
+
+binary-post-install/lib$(DEB_SOURCE_PACKAGE)-java::
+ dh_install -plib$(DEB_SOURCE_PACKAGE)-java build/$(DEB_SOURCE_PACKAGE)-$(DEB_UPSTREAM_VERSION).jar usr/share/java
+ dh_link -plib$(DEB_SOURCE_PACKAGE)-java usr/share/java/$(DEB_SOURCE_PACKAGE)-$(DEB_UPSTREAM_VERSION).jar usr/share/java/$(DEB_SOURCE_PACKAGE).jar
+
+get-orig-source:
+ mkdir -p orig_tmp
+ cd orig_tmp && \
+ wget $(SRCARCHIVE)/$(SRCDIRECTORY)/wss4j-src-$(DEB_UPSTREAM_VERSION).zip && \
+ unzip wss4j-src-$(DEB_UPSTREAM_VERSION).zip && \
+ tar czf ../../wss4j_$(DEB_UPSTREAM_VERSION).orig.tar.gz wss4j && \
+ cd ..
+ rm -rf orig_tmp
+
--- wss4j-1.5.7.orig/debian/control
+++ wss4j-1.5.7/debian/control
@@ -0,0 +1,20 @@
+Source: wss4j
+Section: java
+Priority: optional
+Maintainer: Ubuntu Developers
+Build-Depends-Indep: default-jdk,
+ libaxis-java,
+ libbcprov-java,
+ libcommons-logging-java,
+ libxalan2-java,
+ libxml-security-java
+Build-Depends: ant, debhelper (>= 5), cdbs (>= 0.4.5.3)
+Standards-Version: 3.8.2
+
+Package: libwss4j-java
+Architecture: all
+Depends: default-jre-headless | java2-runtime-headless, ${misc:Depends}
+Description: Apache WSS4J WS-Security implementation
+ Apache WSS4J is an implementation of the OASIS Web Services Security
+ framework (WS-Security). It can be used to sign and verify SOAP Messages
+ with WS-Security information.
--- wss4j-1.5.7.orig/debian/patches/build.patch
+++ wss4j-1.5.7/debian/patches/build.patch
@@ -0,0 +1,52 @@
+diff -Nur -x '*.orig' -x '*~' wss4j/build.xml wss4j.new/build.xml
+--- wss4j/build.xml 2009-04-16 10:23:04.000000000 +0200
++++ wss4j.new/build.xml 2009-07-22 14:47:56.000000000 +0200
+@@ -122,17 +122,8 @@
+
+
+
+-
+
+
+-
+-
+-
+-
+-
+
+
+
++
++
+
+
+
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/message/WSSecDKSign.java wss4j.new/src/org/apache/ws/security/message/WSSecDKSign.java
+--- wss4j/src/org/apache/ws/security/message/WSSecDKSign.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/message/WSSecDKSign.java 2009-07-20 15:30:17.000000000 +0200
+@@ -28,7 +28,7 @@
+ import org.apache.ws.security.conversation.ConversationException;
+ import org.apache.ws.security.message.token.Reference;
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.transform.STRTransform;
+ import org.apache.ws.security.util.WSSecurityUtil;
+ import org.apache.xml.security.algorithms.SignatureAlgorithm;
+@@ -295,7 +295,7 @@
+ Element ctx = createSTRParameter(document);
+ transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ sig.addDocument("#" + strUri, transforms);
+- } else if (elemName.equals("Assertion")) { // Assertion
++ } /* else if (elemName.equals("Assertion")) { // Assertion
+ String id = SAMLUtil.getAssertionId(envel, elemName, nmSpace);
+
+ Element body =
+@@ -319,7 +319,7 @@
+ body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
+ sig.addDocument("#" + id, transforms);
+
+- } else {
++ } */ else {
+ Element body = (Element) WSSecurityUtil.findElement(envel, elemName, nmSpace);
+ if (body == null) {
+ throw new WSSecurityException(
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/message/WSSecSignature.java wss4j.new/src/org/apache/ws/security/message/WSSecSignature.java
+--- wss4j/src/org/apache/ws/security/message/WSSecSignature.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/message/WSSecSignature.java 2009-07-20 15:30:17.000000000 +0200
+@@ -1,4 +1,4 @@
+-/*
++/* /*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+@@ -31,7 +31,7 @@
+ import org.apache.ws.security.message.token.Reference;
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+ import org.apache.ws.security.message.token.X509Security;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.transform.STRTransform;
+ import org.apache.ws.security.util.WSSecurityUtil;
+ import org.apache.xml.security.algorithms.SignatureAlgorithm;
+@@ -551,7 +551,7 @@
+ Element ctx = createSTRParameter(document);
+ transforms.addTransform(STRTransform.implementedTransformURI, ctx);
+ sig.addDocument("#" + strUri, transforms, digestAlgo);
+- } else if (elemName.equals("Assertion")) { // Assertion
++ }/* else if (elemName.equals("Assertion")) { // Assertion
+ String id = null;
+ id = SAMLUtil.getAssertionId(envelope, elemName, nmSpace);
+
+@@ -574,7 +574,7 @@
+ WSSecurityUtil.setNamespace(body, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ body.setAttributeNS(WSConstants.WSU_NS, prefix + ":Id", id);
+ sig.addDocument("#" + id, transforms, digestAlgo);
+- } else {
++ }*/ else {
+ Element body =
+ (Element)WSSecurityUtil.findElement(envelope, elemName, nmSpace);
+ if (body == null) {
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java wss4j.new/src/org/apache/ws/security/message/WSSignEnvelope.java
+--- wss4j/src/org/apache/ws/security/message/WSSignEnvelope.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/message/WSSignEnvelope.java 2009-07-20 15:30:17.000000000 +0200
+@@ -31,7 +31,7 @@
+ import org.apache.ws.security.message.token.Reference;
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+ import org.apache.ws.security.message.token.X509Security;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.transform.STRTransform;
+ import org.apache.ws.security.util.WSSecurityUtil;
+ import org.apache.xml.security.algorithms.SignatureAlgorithm;
+@@ -416,7 +416,7 @@
+ transforms.addTransform(
+ STRTransform.implementedTransformURI, ctx);
+ sig.addDocument("#" + secRefId, transforms);
+- } else if (elemName.equals("Assertion")) { // Assertion
++ } /*else if (elemName.equals("Assertion")) { // Assertion
+
+ String id = null;
+ id = SAMLUtil.getAssertionId(envelope, elemName, nmSpace);
+@@ -443,7 +443,7 @@
+ id);
+ sig.addDocument("#" + id, transforms);
+
+- } else {
++ } */ else {
+ Element body = (Element) WSSecurityUtil.findElement(
+ envelope, elemName, nmSpace);
+ if (body == null) {
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java wss4j.new/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
+--- wss4j/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java 2009-07-20 15:30:17.000000000 +0200
+@@ -30,8 +30,8 @@
+ import org.apache.ws.security.message.token.DerivedKeyToken;
+ import org.apache.ws.security.message.token.Reference;
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+-import org.apache.ws.security.saml.SAMLKeyInfo;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLKeyInfo;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.util.Base64;
+ import org.w3c.dom.Element;
+
+@@ -165,13 +165,14 @@
+ this.secret = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
+ } else if (processor instanceof SecurityContextTokenProcessor) {
+ this.secret = ((SecurityContextTokenProcessor) processor).getSecret();
+- } else if (processor instanceof SAMLTokenProcessor) {
++/* } else if (processor instanceof SAMLTokenProcessor) {
+ SAMLTokenProcessor samlp = (SAMLTokenProcessor) processor;
+ SAMLKeyInfo keyInfo =
+ SAMLUtil.getSAMLKeyInfo(samlp.getSamlTokenElement(), crypto, cb);
+ // TODO Handle malformed SAML tokens where they don't have the
+ // secret in them
+ this.secret = keyInfo.getSecret();
++*/
+ } else {
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_CHECK, "unsupportedKeyId"
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/processor/ReferenceListProcessor.java wss4j.new/src/org/apache/ws/security/processor/ReferenceListProcessor.java
+--- wss4j/src/org/apache/ws/security/processor/ReferenceListProcessor.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/processor/ReferenceListProcessor.java 2009-07-20 15:30:17.000000000 +0200
+@@ -37,8 +37,8 @@
+ import org.apache.ws.security.components.crypto.Crypto;
+ import org.apache.ws.security.message.token.Reference;
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+-import org.apache.ws.security.saml.SAMLKeyInfo;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLKeyInfo;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.util.WSSecurityUtil;
+ import org.apache.xml.security.encryption.XMLCipher;
+ import org.apache.xml.security.encryption.XMLEncryptionException;
+@@ -290,8 +290,8 @@
+ }
+ Processor p = wsDocInfo.getProcessor(id);
+ if (!(p instanceof EncryptedKeyProcessor
+- || p instanceof DerivedKeyTokenProcessor
+- || p instanceof SAMLTokenProcessor)
++ || p instanceof DerivedKeyTokenProcessor )
++/* || p instanceof SAMLTokenProcessor) */
+ ) {
+ // Try custom token
+ WSPasswordCallback pwcb = new WSPasswordCallback(id, WSPasswordCallback.CUSTOM_TOKEN);
+@@ -320,14 +320,14 @@
+ } else if (p instanceof DerivedKeyTokenProcessor) {
+ DerivedKeyTokenProcessor dkp = (DerivedKeyTokenProcessor) p;
+ decryptedData = dkp.getKeyBytes(WSSecurityUtil.getKeyLength(algorithm));
+- } else if (p instanceof SAMLTokenProcessor) {
++ } /*else if (p instanceof SAMLTokenProcessor) {
+ SAMLTokenProcessor samlp = (SAMLTokenProcessor) p;
+ SAMLKeyInfo keyInfo =
+ SAMLUtil.getSAMLKeyInfo(samlp.getSamlTokenElement(), crypto, cb);
+ // TODO Handle malformed SAML tokens where they don't have the
+ // secret in them
+ decryptedData = keyInfo.getSecret();
+- }
++ }*/
+ } else if (secRef.containsKeyIdentifier()){
+ String sha = secRef.getKeyIdentifierValue();
+ WSPasswordCallback pwcb =
+diff -Nur -x '*.orig' -x '*~' wss4j/src/org/apache/ws/security/processor/SignatureProcessor.java wss4j.new/src/org/apache/ws/security/processor/SignatureProcessor.java
+--- wss4j/src/org/apache/ws/security/processor/SignatureProcessor.java 2009-04-15 09:48:44.000000000 +0200
++++ wss4j.new/src/org/apache/ws/security/processor/SignatureProcessor.java 2009-07-20 15:30:17.000000000 +0200
+@@ -42,8 +42,8 @@
+ import org.apache.ws.security.message.token.SecurityTokenReference;
+ import org.apache.ws.security.message.token.UsernameToken;
+ import org.apache.ws.security.message.token.X509Security;
+-import org.apache.ws.security.saml.SAMLKeyInfo;
+-import org.apache.ws.security.saml.SAMLUtil;
++//import org.apache.ws.security.saml.SAMLKeyInfo;
++//import org.apache.ws.security.saml.SAMLUtil;
+ import org.apache.ws.security.util.WSSecurityUtil;
+ import org.apache.xml.security.exceptions.XMLSecurityException;
+ import org.apache.xml.security.keys.KeyInfo;
+@@ -51,7 +51,7 @@
+ import org.apache.xml.security.signature.SignedInfo;
+ import org.apache.xml.security.signature.XMLSignature;
+ import org.apache.xml.security.signature.XMLSignatureException;
+-import org.opensaml.SAMLAssertion;
++//import org.opensaml.SAMLAssertion;
+ import org.w3c.dom.Element;
+ import org.w3c.dom.Node;
+
+@@ -208,7 +208,7 @@
+ byte[] secretKey = null;
+ UsernameToken ut = null;
+ DerivedKeyToken dkt = null;
+- SAMLKeyInfo samlKi = null;
++ //SAMLKeyInfo samlKi = null;
+ String customTokenId = null;
+ java.security.PublicKey publicKey = null;
+
+@@ -268,7 +268,7 @@
+ if (el.equals(WSSecurityEngine.binaryToken)) {
+ // TODO: Use results from BinarySecurityTokenProcessor
+ certs = getCertificatesTokenReference(token, crypto);
+- } else if (el.equals(WSSecurityEngine.SAML_TOKEN)) {
++/* } else if (el.equals(WSSecurityEngine.SAML_TOKEN)) {
+ if (crypto == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "noSigCryptoFile"
+@@ -277,7 +277,7 @@
+ samlKi = SAMLUtil.getSAMLKeyInfo(token, crypto, cb);
+ certs = samlKi.getCerts();
+ secretKey = samlKi.getSecret();
+-
++*/
+ } else if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
+ String encryptedKeyID = token.getAttributeNS(null,"Id");
+ EncryptedKeyProcessor encryptKeyProcessor =
+@@ -349,7 +349,7 @@
+ );
+ }
+ secretKey = pwcb.getKey();
+- } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) {
++/* } else if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) {
+ Element token =
+ secRef.getKeyIdentifierTokenElement(elem.getOwnerDocument(), wsDocInfo, cb);
+
+@@ -361,6 +361,7 @@
+ samlKi = SAMLUtil.getSAMLKeyInfo(token, crypto, cb);
+ certs = samlKi.getCerts();
+ secretKey = samlKi.getSecret();
++*/
+ } else {
+ certs = secRef.getKeyIdentifier(crypto);
+ }
+@@ -512,11 +513,12 @@
+ }
+ principal.setBasetokenId(basetokenId);
+ return principal;
+- } else if (samlKi != null) {
++/* } else if (samlKi != null) {
+ final SAMLAssertion assertion = samlKi.getAssertion();
+ CustomTokenPrincipal principal = new CustomTokenPrincipal(assertion.getId());
+ principal.setTokenObject(assertion);
+ return principal;
++*/
+ } else if (secretKey != null) {
+ // This is the custom key scenario
+ return new CustomTokenPrincipal(customTokenId);