modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (11 lines): - line 284: //TODO check whether the encrptedDataFound is an UsernameToken - line 654: // TODO earlier this was wsep.getType() == WSConstants.PART_TYPE_ELEMENT - line 696: * TODO must write unit tests - line 763: // TODO removing this with WSS4J 1.6 migration. We do not have a way to get alias - line 767: // TODO this validation we are doing in SignatureProcessor.handleToken (WSS4J) So why we need to do again ? - line 776: * TODO - This is directly copied from WSS4J (SignatureTrustValidator). - line 864: // TODO we need to configure enable revocation ... - line 886: * TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later - line 976: //TODO This can be integrated with supporting token processing - line 1038: // TODO wsu id must present. We need to find the scenario where it is not set - line 1040: // dataRefUri = dataRef.getProtectedElement().getAttribute("Id"); // TODO check whether this is correct modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (9 lines): - line 134: } //TODO SAMLToken - line 141: //TODO Need a better fix - line 210: // TODO was encr.setUseKeyIdentifier(true); - verify - line 593: tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this - line 632: //TODO Need a better fix - line 644: // TODO was encr.setUseKeyIdentifier(true); verify - line 710: //TODO make this lifetime configurable ??? - line 837: //TODO check for an existing token and use it - line 913: //TODO : Support processing IssuedToken and SecConvToken assertoins modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (7 lines): - line 224: //TODO we do not need to pass keysize as it is taken from algorithm it self - verify - line 345: // TODO putting different types of objects. Need to figure out a way to add single types of objects - line 585: tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this - line 605: //TODO Need a better fix - line 704: //TODO Need a better fix - line 711: sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); // TODO what is the correct algorith ? For sure one is redundant - line 877: //TODO We do not have a separate usage type for Kerberos token, let's use custom token modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (6 lines): - line 591: //TODO copy all the properties of service ramp conf to sts ramp conf - line 748: //TODO : Provide the overriding mechanism to provide a custom way of - line 1194: // TODO can we remove this ? - line 1427: //TODO This is a hack, this should not come under USE_REQ_SIG_CERT - line 1749: //TODO Is there a more efficient way to do this ? better search algorithm - line 1767: // TODO Do we need to go through the whole tree to find element by id ? Verify modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (6 lines): - line 271: // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())" - line 301: // TODO changed the order - verify - line 328: //TODO Shall we always include a timestamp? - line 388: // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())" - line 505: // TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader()) - line 658: // TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader()) modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java (5 lines): - line 395: * the RahasData.getKeyType. TODO make sure this implementation is correct. - line 397: * TODO - Do we need to support that ? - line 638: // TODO do we need to remove this ? - line 690: // TODO do we need to use the same time as specified in the conditions ? - line 781: // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ? modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java (4 lines): - line 263: // TODO what if principal is null ? - line 362: // TODO a duplicate method !! - line 409: //TODO Remove this after discussing - line 569: //TODO Remove this after discussing modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java (4 lines): - line 84: // TODO TODO Sanka - line 85: throw new UnsupportedOperationException("TODO Sanka"); - line 92: // TODO TODO Sanka - line 93: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (4 lines): - line 213: // TODO may contain deifferent types of objects as values, therefore cannot use strongly type maps - line 434: if (policyData != null) { // TODO do we need this null check ? - line 590: if (policyData != null) { // TODO do we need this null check ? - line 688: * TODO Confirm and remove. modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java (3 lines): - line 97: // TODO TODO - line 102: // TODO TODO - line 107: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (3 lines): - line 234: //TODO if Axis Service is null at this point, do we have to create a dummy one ?? - line 287: //TODO remove this once AXIS2-4114 is fixed - line 630: //TODO : This is a hack , MUST FIX modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java (2 lines): - line 179: // TODO check whether there is an efficient method of doing this - line 574: * TODO Passing WSSecEncryptedKey is an overhead. We should be able to create encrypted ephemeral modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java (2 lines): - line 29: // TODO TODO - line 38: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java (2 lines): - line 332: // TODO TODO - line 340: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (2 lines): - line 96: //TODO these checks have to be done before the convertion to avoid unnecessary convertion to LLOM -> DOOM - line 270: //TODO : This is a hack , MUST FIX modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java (2 lines): - line 76: WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. - line 77: // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java (2 lines): - line 123: // TODO TODO Sanka - line 124: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java (2 lines): - line 153: // TODO TODO Sanka - line 154: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java (2 lines): - line 120: // TODO: we need to handle situation where the token itself is contained within the - line 121: // TODO: element modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java (1 line): - line 67: * that due to a bug in this method. TODO Need to get it fixed modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java (1 line): - line 149: //TODO remove following check, we don't need this check here as we do a check to see whether modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java (1 line): - line 55: //TODO replace this with a proper (WSSPolicyException) exception modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java (1 line): - line 45: break; // TODO process all the token that must be set .. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java (1 line): - line 45: break; // TODO process all the token that must be set .. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java (1 line): - line 68: * TODO: Handling the isOptional:TRUE case modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java (1 line): - line 143: //TODO: Get these constants from the WS-Trust impl's constants modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (1 line): - line 396: * TODO :- modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (1 line): - line 478: * // TODO changes this keytype to an enumeration modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2KeyInfo.java (1 line): - line 22: * TODO : This class should be moved to WSS4J once a new version of it is avaliable modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java (1 line): - line 104: // TODO in next major release convert this to a typed map modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java (1 line): - line 158: // TODO more meaningful exception modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java (1 line): - line 99: //TODO: imple modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java (1 line): - line 52: //TODO check for spec specific error codes modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java (1 line): - line 216: //TODO Should we refactor this class ?? with a SuppotingTokenBase and sub classes modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java (1 line): - line 100: // TODO: Optimize this :-) modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java (1 line): - line 93: // TODO : SAML2KeyInfo element needs to be moved to WSS4J. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java (1 line): - line 181: // FIXME move the String constants to a QName modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java (1 line): - line 58: //TODO check why this returns an Address element modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java (1 line): - line 60: //TODO check why this returns an Address element modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java (1 line): - line 128: // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ? modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java (1 line): - line 61: //TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2