modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (11 lines): - line 305: //TODO check whether the encrptedDataFound is an UsernameToken - line 694: // TODO earlier this was wsep.getType() == WSConstants.PART_TYPE_ELEMENT - line 736: * TODO must write unit tests - line 803: // TODO removing this with WSS4J 1.6 migration. We do not have a way to get alias - line 807: // TODO this validation we are doing in SignatureProcessor.handleToken (WSS4J) So why we need to do again ? - line 816: * TODO - This is directly copied from WSS4J (SignatureTrustValidator). - line 904: // TODO we need to configure enable revocation ... - line 926: * TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later - line 1015: //TODO This can be integrated with supporting token processing - line 1077: // TODO wsu id must present. We need to find the scenario where it is not set - line 1079: // dataRefUri = dataRef.getProtectedElement().getAttribute("Id"); // TODO check whether this is correct modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (9 lines): - line 132: } //TODO SAMLToken - line 139: //TODO Need a better fix - line 208: // TODO was encr.setUseKeyIdentifier(true); - verify - line 591: tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this - line 630: //TODO Need a better fix - line 642: // TODO was encr.setUseKeyIdentifier(true); verify - line 699: //TODO make this lifetime configurable ??? - line 825: //TODO check for an existing token and use it - line 901: //TODO : Support processing IssuedToken and SecConvToken assertoins modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (7 lines): - line 224: //TODO we do not need to pass keysize as it is taken from algorithm it self - verify - line 347: // TODO putting different types of objects. Need to figure out a way to add single types of objects - line 587: tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this - line 607: //TODO Need a better fix - line 706: //TODO Need a better fix - line 713: sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); // TODO what is the correct algorith ? For sure one is redundant - line 870: //TODO We do not have a separate usage type for Kerberos token, let's use custom token modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (6 lines): - line 579: //TODO copy all the properties of service ramp conf to sts ramp conf - line 736: //TODO : Provide the overriding mechanism to provide a custom way of - line 1182: // TODO can we remove this ? - line 1415: //TODO This is a hack, this should not come under USE_REQ_SIG_CERT - line 1730: //TODO Is there a more efficient way to do this ? better search algorithm - line 1748: // TODO Do we need to go through the whole tree to find element by id ? Verify modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (6 lines): - line 260: // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())" - line 288: // TODO changed the order - verify - line 315: //TODO Shall we always include a timestamp? - line 375: // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())" - line 492: // TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader()) - line 643: // TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader()) modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java (5 lines): - line 395: * the RahasData.getKeyType. TODO make sure this implementation is correct. - line 397: * TODO - Do we need to support that ? - line 638: // TODO do we need to remove this ? - line 693: // TODO do we need to use the same time as specified in the conditions ? - line 784: // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ? modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java (4 lines): - line 263: // TODO what if principal is null ? - line 362: // TODO a duplicate method !! - line 409: //TODO Remove this after discussing - line 569: //TODO Remove this after discussing modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java (4 lines): - line 84: // TODO TODO Sanka - line 85: throw new UnsupportedOperationException("TODO Sanka"); - line 92: // TODO TODO Sanka - line 93: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (4 lines): - line 212: // TODO may contain deifferent types of objects as values, therefore cannot use strongly type maps - line 435: if (policyData != null) { // TODO do we need this null check ? - line 590: if (policyData != null) { // TODO do we need this null check ? - line 688: * TODO Confirm and remove. modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java (3 lines): - line 97: // TODO TODO - line 102: // TODO TODO - line 107: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java (3 lines): - line 194: //TODO if Axis Service is null at this point, do we have to create a dummy one ?? - line 247: //TODO remove this once AXIS2-4114 is fixed - line 552: //TODO : This is a hack , MUST FIX modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java (2 lines): - line 179: // TODO check whether there is an efficient method of doing this - line 574: * TODO Passing WSSecEncryptedKey is an overhead. We should be able to create encrypted ephemeral modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java (2 lines): - line 29: // TODO TODO - line 38: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (2 lines): - line 95: //TODO these checks have to be done before the convertion to avoid unnecessary convertion to LLOM -> DOOM - line 279: //TODO : This is a hack , MUST FIX modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java (2 lines): - line 285: // TODO TODO - line 293: // TODO TODO modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java (2 lines): - line 78: WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. - line 80: // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java (2 lines): - line 123: // TODO TODO Sanka - line 124: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java (2 lines): - line 153: // TODO TODO Sanka - line 154: throw new UnsupportedOperationException("TODO Sanka"); modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java (2 lines): - line 120: // TODO: we need to handle situation where the token itself is contained within the - line 121: // TODO: element modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java (1 line): - line 149: //TODO remove following check, we don't need this check here as we do a check to see whether modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java (1 line): - line 67: * that due to a bug in this method. TODO Need to get it fixed modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java (1 line): - line 79: * @param tokenCallbackHandler The token callback class. TODO Why ? modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java (1 line): - line 55: //TODO replace this with a proper (WSSPolicyException) exception modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java (1 line): - line 45: break; // TODO process all the token that must be set .. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java (1 line): - line 45: break; // TODO process all the token that must be set .. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java (1 line): - line 68: * TODO: Handling the isOptional:TRUE case modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java (1 line): - line 143: //TODO: Get these constants from the WS-Trust impl's constants modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (1 line): - line 395: * TODO :- modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (1 line): - line 478: * // TODO changes this keytype to an enumeration modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2KeyInfo.java (1 line): - line 22: * TODO : This class should be moved to WSS4J once a new version of it is avaliable modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java (1 line): - line 104: // TODO in next major release convert this to a typed map modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java (1 line): - line 158: // TODO more meaningful exception modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java (1 line): - line 99: //TODO: imple modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java (1 line): - line 52: //TODO check for spec specific error codes modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java (1 line): - line 216: //TODO Should we refactor this class ?? with a SuppotingTokenBase and sub classes modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java (1 line): - line 100: // TODO: Optimize this :-) modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java (1 line): - line 93: // TODO : SAML2KeyInfo element needs to be moved to WSS4J. modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java (1 line): - line 181: // FIXME move the String constants to a QName modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java (1 line): - line 58: //TODO check why this returns an Address element modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java (1 line): - line 60: //TODO check why this returns an Address element modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java (1 line): - line 122: // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ? modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java (1 line): - line 61: //TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2