Package com.sun.xml.wss

Examples of com.sun.xml.wss.XWSSecurityException

1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
                    if (expirationTime != null) {
                        expires = calendarFormatter2.parse(expirationTime);
                    }
                } catch (java.text.ParseException xpe) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0233_INVALID_EXPIRE_BEFORE_CREATION(), xpe);
                    throw new XWSSecurityException(xpe.getMessage());
                }
            }
        }

View Full Code Here
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
        try {
            Callback[] callbacks = new Callback[]{dynamicCallback};
            callbackHandler.handle(callbacks);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0235_FAILED_LOCATE_SAML_ASSERTION(), e);
            throw new XWSSecurityException(e);
        }
        Element assertion = samlPolicy.getAssertion();
        if (assertion == null) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0236_NULL_SAML_ASSERTION());
            throw new XWSSecurityException("SAML Assertion not set into Policy by CallbackHandler");
        }

        return assertion;
    }
View Full Code Here
1596
1597
1598
1599
1600
1601
1602
1603
1604
        try {
            Callback[] callbacks = new Callback[]{dynamicCallback};
            callbackHandler.handle(callbacks);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0237_FAILED_DYNAMIC_POLICY_CALLBACK(), e);
            throw new XWSSecurityException(e);
        }
        return (AuthenticationTokenPolicy.SAMLAssertionBinding) dynamicCallback.getSecurityPolicy();
    }
View Full Code Here
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
    public KerberosContext doKerberosLogin() throws XWSSecurityException {
        String loginModule = configAssertions.getProperty(DefaultCallbackHandler.KRB5_LOGIN_MODULE);
        String servicePrincipal = configAssertions.getProperty(DefaultCallbackHandler.KRB5_SERVICE_PRINCIPAL);
        boolean credentialDelegation = Boolean.valueOf(configAssertions.getProperty(DefaultCallbackHandler.KRB5_CREDENTIAL_DELEGATION));
        if (loginModule == null || loginModule.equals("")) {
            throw new XWSSecurityException("Login Module for Kerberos login is not set or could not be obtained");
        }
        if (servicePrincipal == null || servicePrincipal.equals("")) {
            throw new XWSSecurityException("Kerberos Service Principal is not set or could not be obtained");
        }
        return new KerberosLogin().login(loginModule, servicePrincipal, credentialDelegation);
    }
View Full Code Here
1769
1770
1771
1772
1773
1774
1775
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "LoadClass: could not load class " + classname, e);
            }
        }
        log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1521_ERROR_GETTING_USER_CLASS());
        throw new XWSSecurityException("Could not find User Class " + classname);
    }
View Full Code Here
311
312
313
314
315
316
317
318
319
320
321
                //DirectReference directRef = elementFactory.createDirectReference();
                //DirectReference dReference = (DirectReference) reference;
                DirectReference dReference = (DirectReference) reference;               
                String uri = dReference.getURI();
                if (isBSP && !uri.startsWith("#")) {
                    throw new XWSSecurityException("Violation of BSP R5204 " + ": When a SECURITY_TOKEN_REFERENCE uses a Direct Reference to an INTERNAL_SECURITY_TOKEN, it MUST use a Shorthand XPointer Reference");
                }

                String valueType = dReference.getValueType();
                if (MessageConstants.DKT_VALUETYPE.equals(valueType) ||
                        MessageConstants.DKT_13_VALUETYPE.equals(valueType)) {
View Full Code Here
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
                String algo = SecurityUtil.getSecretKeyAlgorithm(context.getAlgorithmSuite().getEncryptionAlgorithm());
                KerberosContext krbContext = context.getKerberosContext();
                if (krbContext != null) {
                    String encodedRef = (String) context.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE);
                    if (!referenceValue.equals(encodedRef)) {
                        throw new XWSSecurityException("SecretKey could not be obtained, Incorrect Kerberos Context found");
                    }
                    returnKey = krbContext.getSecretKey(algo);
                } else {
                    throw new XWSSecurityException("SecretKey could not be obtained, Kerberos Context not set");
                }
            } else if (MessageConstants.EncryptedKeyIdentifier_NS.equals(valueType)) {
                //for policy verification
                SymmetricKeyBinding skBinding = new SymmetricKeyBinding();
                AuthenticationTokenPolicy.X509CertificateBinding x509Binding = new AuthenticationTokenPolicy.X509CertificateBinding();
View Full Code Here
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
            throws XWSSecurityException {
        String algo = wssContext.getAlgorithmSuite().getSymmetricKeyAlgorithm();
        AuthenticationTokenPolicy.UsernameTokenBinding untBinding = new AuthenticationTokenPolicy.UsernameTokenBinding();
        String decodedSalt = token.getSalt();
        if (decodedSalt == null) {
            throw new XWSSecurityException("Salt retrieved from UsernameToken is null");
        }
        byte[] salt = null;
        try {
            salt = Base64.decode(decodedSalt);
        } catch (Base64DecodingException ex) {
            logger.log(Level.SEVERE, com.sun.xml.wss.logging.LogStringsMessages.WSS_0144_UNABLETO_DECODE_BASE_64_DATA(ex), ex);
            throw new XWSSecurityException("exception during decoding the salt ");
        }
        String password = null;
        try {
            password = wssContext.getSecurityEnvironment().authenticateUser(wssContext.getExtraneousProperties(), token.getUsernameValue());
        } catch (XWSSecurityException ex) {
             throw new XWSSecurityException("exception during retrieving the password using the username");
        }
        if (password == null) {
            throw new XWSSecurityException("Password retrieved from UsernameToken is null");
        }
        String iterate = token.getIterations();
        if (iterate == null) {
            throw new XWSSecurityException("Value of Iterations  retrieved from UsernameToken is null");
        }
        int iterations = Integer.parseInt(iterate);
        PasswordDerivedKey pdk = new PasswordDerivedKey();
        SecretKey sKey = null;
        byte[] verifySignature = null;
        if ((purpose == Purpose.DECRYPT)) {
            salt[0] = MessageConstants.VALUE_FOR_ENCRYPTION;
            if (isSymmetric) {
                try {
                    verifySignature = pdk.generate160BitKey(password, iterations, salt);
                } catch (UnsupportedEncodingException ex) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), ex);
                    throw new XWSSecurityException("error during generating 160 bit key ");
                }
                untBinding.setSecretKey(verifySignature);
                sKey = untBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(algo));
                untBinding.setSecretKey(sKey);
                wssContext.setUsernameTokenBinding(untBinding);
                byte[] secretKey = untBinding.getSecretKey().getEncoded();
                SecretKey key = pdk.generate16ByteKeyforEncryption(secretKey);
                sKey = key;
            } else {
                byte[] decSignature = null;
                try {
                    decSignature = pdk.generate160BitKey(password, iterations, salt);
                } catch (UnsupportedEncodingException ex) {
                   logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), ex);
                   throw new XWSSecurityException("error during generating 160 bit key ");
                }
                byte[] keyof128Bits = new byte[16];
                for (int i = 0; i < 16; i++) {
                    keyof128Bits[i] = decSignature[i];
                }
                untBinding.setSecretKey(keyof128Bits);
                sKey = untBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(algo));
                untBinding.setSecretKey(sKey);
            }
        } else if (purpose == Purpose.VERIFY) {
            salt[0] = MessageConstants.VALUE_FOR_SIGNATURE;
            try {
                verifySignature = pdk.generate160BitKey(password, iterations, salt);
            } catch (UnsupportedEncodingException ex) {
               logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), ex);
               throw new XWSSecurityException("error during generating 160 bit key ");
            }
            untBinding.setSecretKey(verifySignature);
            sKey = untBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(algo));
            untBinding.setSecretKey(sKey);
        //return sKey;
        } else {
            //handles RequiredDerivedKeys case
            salt[0] = MessageConstants.VALUE_FOR_ENCRYPTION;
            byte[] key = null;
            try {
                key = pdk.generate160BitKey(password, iterations, salt);
            } catch (UnsupportedEncodingException ex) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), ex);
                throw new XWSSecurityException("error during generating 160 bit key ");
            }
            byte[] sKeyof16ByteLength = new byte[16];
            for (int i = 0; i < 16; i++) {
                sKeyof16ByteLength[i] = key[i];
            }
View Full Code Here
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
            SCTokenConfiguration config = new DefaultSCTokenConfiguration(protocol, scId, !wssContext.isExpired(), !wssContext.isInboundMessage());
            ctx = IssuedTokenManager.getInstance().createIssuedTokenContext(config, null);
            try {
                IssuedTokenManager.getInstance().getIssuedToken(ctx);
            } catch (WSTrustException e) {
                throw new XWSSecurityException(e);
            }

            //Retrive the context from issuedTokenContextMap
//            Enumeration elements = wssContext.getIssuedTokenContextMap().elements();
//            while (elements.hasMoreElements()) {
//                IssuedTokenContext ictx = (IssuedTokenContext)elements.nextElement();
//                Object tok = ictx.getSecurityToken();
//                String ctxid = null;
//               
//                if (tok instanceof com.sun.xml.ws.security.SecurityContextToken) {
//                    ctxid = ((com.sun.xml.ws.security.SecurityContextToken)tok).getIdentifier().toString();
//                    if (ctxid.equals(scId)) {
//                        ctx = ictx;
//                        break;
//                    }
//                }
//            }
            if (ctx == null || ctx.getSecurityPolicy().isEmpty()) {
                // Return null as scId still needs to be resolved
                return null;
            }
        } else {
            //Retrive the context from Session Manager's cache
            System.out.println("context.isExpired >>> " + wssContext.isExpired());
            ctx = ((SessionManager) wssContext.getExtraneousProperty("SessionManager")).getSecurityContext(scId, !wssContext.isExpired());
            URI sctId = null;
            String sctIns = null;
            String wsuId = null;
            com.sun.xml.ws.security.SecurityContextToken sct = (com.sun.xml.ws.security.SecurityContextToken) ctx.getSecurityToken();
            if (sct != null){
                sctId = sct.getIdentifier();
                sctIns = sct.getInstance();
                wsuId = sct.getWsuId();
            }else {
                SecurityContextTokenInfo sctInfo = ctx.getSecurityContextTokenInfo();
                sctId = URI.create(sctInfo.getIdentifier());
                sctIns = sctInfo.getInstance();
                wsuId = sctInfo.getExternalId()
            }
            ctx.setSecurityToken(WSTrustElementFactory.newInstance(protocol).createSecurityContextToken(sctId, sctIns, wsuId));           
        }

        //update otherparty subject with bootstrap credentials.
        Subject subj = ctx.getRequestorSubject();
        if (subj != null) {
            // subj will be null if this is the client side execution
            if (wssContext.getExtraneousProperty(MessageConstants.SCBOOTSTRAP_CRED_IN_SUBJ) == null) {
                //do it only once
                wssContext.getSecurityEnvironment().updateOtherPartySubject(
                        SecurityUtil.getSubject(wssContext.getExtraneousProperties()), subj);
                wssContext.getExtraneousProperties().put(MessageConstants.SCBOOTSTRAP_CRED_IN_SUBJ, "true");
            }
        }


        byte[] proofKey = null;
        //com.sun.xml.ws.security.SecurityContextToken scToken = (com.sun.xml.ws.security.SecurityContextToken)ctx.getSecurityToken();
        if (wssContext.getWSCInstance() != null) {
            if (wssContext.isExpired()) {
                proofKey = ctx.getProofKey();
            } else {
                SecurityContextTokenInfo sctInstanceInfo = ctx.getSecurityContextTokenInfo();
                proofKey = sctInstanceInfo.getInstanceSecret(wssContext.getWSCInstance());
            }
        } else {
            proofKey = ctx.getProofKey();
        }
        wssContext.setExtraneousProperty(MessageConstants.INCOMING_SCT, ctx.getSecurityToken());


        if (proofKey == null) {
            throw new XWSSecurityException("Could not locate SecureConversation session for Id:" + scId);
        }

        String algo = "AES"; // hardcoding for now
        if (wssContext.getAlgorithmSuite() != null) {
            algo = SecurityUtil.getSecretKeyAlgorithm(wssContext.getAlgorithmSuite().getEncryptionAlgorithm());
View Full Code Here
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
        if (encodedRef == null) {
            try {
                byte[] krbSha1 = MessageDigest.getInstance("SHA-1").digest(token.getTokenValue());
                encodedRef = Base64.encode(krbSha1);
            } catch (NoSuchAlgorithmException nsae) {
                throw new XWSSecurityException(nsae);
            }
        }
        String algo = SecurityUtil.getSecretKeyAlgorithm(wssContext.getAlgorithmSuite().getEncryptionAlgorithm());
        KerberosContext krbContext = wssContext.getKerberosContext();

        if (krbContext == null) {
            krbContext = wssContext.getSecurityEnvironment().doKerberosLogin(token.getTokenValue());
            wssContext.setKerberosContext(krbContext);
            try {
                wssContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(wssContext),
                        krbContext.getGSSContext().getSrcName(), krbContext.getDelegatedCredentials());
            } catch (GSSException gsse) {
                throw new XWSSecurityException(gsse);
            }
        }
        wssContext.setExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE, encodedRef);
        return krbContext.getSecretKey(algo);
    }
View Full Code Here
TOP

Related Classes of com.sun.xml.wss.XWSSecurityException

  • com.sun.xml.rpc.security.SecurityPluginUtil
  • com.sun.xml.ws.security.impl.IssuedTokenContextImpl
  • com.sun.xml.ws.security.impl.kerberos.KerberosLogin
  • com.sun.xml.ws.security.opt.impl.crypto.JAXBDataImpl
  • com.sun.xml.ws.security.opt.impl.dsig.DSigResolver
  • com.sun.xml.ws.security.opt.impl.dsig.SignatureElementFactory
  • com.sun.xml.ws.security.opt.impl.incoming.DerivedKeyToken
  • com.sun.xml.ws.security.opt.impl.incoming.EncryptedData
  • com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey
  • com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.