Subject: Collected Debian patches for <libxmltooling-java>
Author: Matthew Vernon <matthew@debian.org>

The libxmltooling-java package is maintained in Git rather than
maintaining patches as separate files, and separating the patches
doesn't seem to be worth the effort.  They are therefore all included
in this single Debian patch.

For full commit history and separated commits, see the packaging Git
repository.
--- libxmltooling-java-1.4.2.orig/pom.xml
+++ libxmltooling-java-1.4.2/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>net.shibboleth</groupId>
         <artifactId>parent-v2</artifactId>
-        <version>1</version>
+        <version>debian</version>
     </parent>
 
     <groupId>org.opensaml</groupId>
@@ -44,7 +44,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15</artifactId>
-            <version>1.46</version>
+            <version>1.49</version>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
@@ -80,23 +80,26 @@
 
         <!-- Runtime dependencies -->
         <dependency>
-            <groupId>${xerces.groupId}</groupId>
+            <groupId>xml-apis</groupId>
             <artifactId>xml-apis</artifactId>
+	    <version>debian</version>
         </dependency>
         <dependency>
-            <groupId>${xerces.groupId}</groupId>
+            <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
+	    <version>debian</version>
         </dependency>
         <dependency>
-            <groupId>${xerces.groupId}</groupId>
+            <groupId>xalan</groupId>
             <artifactId>serializer</artifactId>
+	    <version>debian</version>
         </dependency>
         <dependency>
             <groupId>xml-resolver</groupId>
             <artifactId>xml-resolver</artifactId>
         </dependency>
         <dependency>
-            <groupId>${xalan.groupId}</groupId>
+            <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
         </dependency>
 
@@ -104,6 +107,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
+	    <version>debian</version>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
--- libxmltooling-java-1.4.2.orig/src/main/java/org/opensaml/xml/security/x509/X509Util.java
+++ libxmltooling-java-1.4.2/src/main/java/org/opensaml/xml/security/x509/X509Util.java
@@ -39,11 +39,12 @@ import javax.security.auth.x500.X500Prin
 
 import org.apache.commons.ssl.TrustMaterial;
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERString;
+import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
 import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.util.Arrays;
@@ -153,14 +154,14 @@ public class X509Util {
         List<String> commonNames = new LinkedList<String>();
         try {
             ASN1InputStream asn1Stream = new ASN1InputStream(dn.getEncoded());
-            DERObject parent = asn1Stream.readObject();
+            ASN1Primitive parent = asn1Stream.readObject();
 
             String cn = null;
-            DERObject dnComponent;
+            ASN1Primitive dnComponent;
             DERSequence grandChild;
-            DERObjectIdentifier componentId;
+            ASN1ObjectIdentifier componentId;
             for (int i = 0; i < ((DERSequence) parent).size(); i++) {
-                dnComponent = ((DERSequence) parent).getObjectAt(i).getDERObject();
+                dnComponent = ((DERSequence) parent).getObjectAt(i).toASN1Primitive();
                 if (!(dnComponent instanceof DERSet)) {
                     log.debug("No DN components.");
                     continue;
@@ -168,17 +169,17 @@ public class X509Util {
 
                 // Each DN component is a set
                 for (int j = 0; j < ((DERSet) dnComponent).size(); j++) {
-                    grandChild = (DERSequence) ((DERSet) dnComponent).getObjectAt(j).getDERObject();
+                    grandChild = (DERSequence) ((DERSet) dnComponent).getObjectAt(j).toASN1Primitive();
 
                     if (grandChild.getObjectAt(0) != null
-                            && grandChild.getObjectAt(0).getDERObject() instanceof DERObjectIdentifier) {
-                        componentId = (DERObjectIdentifier) grandChild.getObjectAt(0).getDERObject();
+			&& grandChild.getObjectAt(0).toASN1Primitive() instanceof ASN1ObjectIdentifier) {
+                        componentId = (ASN1ObjectIdentifier) grandChild.getObjectAt(0).toASN1Primitive();
 
                         if (CN_OID.equals(componentId.getId())) {
                             // OK, this dn component is actually a cn attribute
                             if (grandChild.getObjectAt(1) != null
-                                    && grandChild.getObjectAt(1).getDERObject() instanceof DERString) {
-                                cn = ((DERString) grandChild.getObjectAt(1).getDERObject()).getString();
+				&& grandChild.getObjectAt(1).toASN1Primitive() instanceof ASN1String) {
+                                cn = ((ASN1String) grandChild.getObjectAt(1).toASN1Primitive()).getString();
                                 commonNames.add(cn);
                             }
                         }
@@ -465,8 +466,15 @@ public class X509Util {
         if (EDI_PARTY_ALT_NAME.equals(nameType) || X400ADDRESS_ALT_NAME.equals(nameType)
                 || OTHER_ALT_NAME.equals(nameType)) {
 
-            // these have no defined representation, just return a DER-encoded byte[]
-            return ((DERObject) nameValue).getDEREncoded();
+            // these have no defined representation, just return a DER-encoded byte[] (or null if that fails)
+	    byte [] x;
+	    try {
+		x = ((ASN1Primitive) nameValue).getEncoded(ASN1Encoding.DER);
+	    } catch (java.io.IOException e) {
+		x = null;
+	    }
+	    return x;
+
         }
 
         log.warn("Encountered unknown alt name type '{}', adding as-is", nameType);
