Package org.apache.wss4j.common.ext

Examples of org.apache.wss4j.common.ext.WSSecurityException

493
494
495
496
497
498
499
500
501
502
503
            } else if (WSConstants.PW_DIGEST.equals(type)) {
                reqData.setPwType(WSConstants.PASSWORD_DIGEST);
            } else if (WSConstants.PW_NONE.equals(type)) {
                reqData.setPwType(null);
            } else {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty", "Unknown password type encoding: " + type);
            }
        }
       
        boolean addNonce =
View Full Code Here
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
       
        String keyId = getString(WSHandlerConstants.SIG_KEY_ID, mc);
        if (keyId != null) {
            Integer id = WSHandlerConstants.getKeyIdentifier(keyId);
            if (id == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Signature: unknown key identification"
                );
            }
            int tmp = id;
            if (!(tmp == WSConstants.ISSUER_SERIAL
                    || tmp == WSConstants.BST_DIRECT_REFERENCE
                    || tmp == WSConstants.X509_KEY_IDENTIFIER
                    || tmp == WSConstants.SKI_KEY_IDENTIFIER
                    || tmp == WSConstants.THUMBPRINT_IDENTIFIER
                    || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER
                    || tmp == WSConstants.KEY_VALUE)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Signature: illegal key identification"
                );
            }
            actionToken.setKeyIdentifierId(tmp);
View Full Code Here
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
        //
        String encKeyId = getString(WSHandlerConstants.ENC_KEY_ID, mc);
        if (encKeyId != null) {
            Integer id = WSHandlerConstants.getKeyIdentifier(encKeyId);
            if (id == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: unknown key identification"
                );
            }
            int tmp = id;
            actionToken.setKeyIdentifierId(tmp);
            if (!(tmp == WSConstants.ISSUER_SERIAL
                    || tmp == WSConstants.X509_KEY_IDENTIFIER
                    || tmp == WSConstants.SKI_KEY_IDENTIFIER
                    || tmp == WSConstants.BST_DIRECT_REFERENCE
                    || tmp == WSConstants.THUMBPRINT_IDENTIFIER
                    || tmp == WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty",
                        "WSHandler: Encryption: illegal key identification"
                );
            }
        }
        String encSymAlgo = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
        actionToken.setSymmetricAlgorithm(encSymAlgo);

        String encKeyTransport =
            getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
        actionToken.setKeyTransportAlgorithm(encKeyTransport);
       
        String derivedKeyReference = getString(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, mc);
        actionToken.setDerivedKeyTokenReference(derivedKeyReference);
       
        String derivedKeyIdentifier = getString(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, mc);
        if (derivedKeyIdentifier != null) {
            Integer id = WSHandlerConstants.getKeyIdentifier(derivedKeyIdentifier);
            actionToken.setDerivedKeyIdentifier(id);
        }
       
        String derivedKeyLength = getString(WSHandlerConstants.DERIVED_ENCRYPTION_KEY_LENGTH, mc);
        if (derivedKeyLength != null) {
            try {
                int dKL = Integer.parseInt(derivedKeyLength);
                if (dKL > 0) {
                    actionToken.setDerivedKeyLength(dKL);
                }
            } catch (NumberFormatException e) {
                LOG.warn("Error in configuring a derived key length: " + e.getMessage());
            }
        }
       
        boolean use200512Namespace = decodeUse200512Namespace(reqData);
        reqData.setUse200512Namespace(use200512Namespace);
       
        String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
        actionToken.setDigestAlgorithm(digestAlgo);

        String mgfAlgo = getString(WSHandlerConstants.ENC_MGF_ALGO, mc);
        actionToken.setMgfAlgorithm(mgfAlgo);
       
        String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
        if (encSymEncKey != null) {
            boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
            actionToken.setEncSymmetricEncryptionKey(encSymEndKeyBoolean);
        }
       
        String encUser = getString(WSHandlerConstants.ENCRYPTION_USER, mc);
        if (encUser != null) {
            actionToken.setUser(encUser);
        } else {
            actionToken.setUser(reqData.getUsername());
        }
        if (actionToken.isEncSymmetricEncryptionKey() && actionToken.getUser() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", "WSHandler: Encryption: no username");
        }

        handleSpecialUser(reqData);
View Full Code Here
941
942
943
944
945
946
947
948
949
950
        }
        if ("1".equals(value) || "true".equals(value)) {
            return true;
        }

        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                "empty",
                "WSHandler: illegal " + configTag + " parameter"
        );
    }
View Full Code Here
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
            cbClass =
                Loader.loadClass(getClassLoader(requestData.getMsgContext()),
                                 callbackHandlerClass,
                                 CallbackHandler.class);
        } catch (ClassNotFoundException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", e,
                    "WSHandler: cannot load callback handler class: " + callbackHandlerClass
            );
        }
        try {
            cbHandler = cbClass.newInstance();
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", e,
                    "WSHandler: cannot create instance of callback handler: " + callbackHandlerClass
            );
        }
        return cbHandler;
View Full Code Here
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
            // from the message context
            //
            String password = getPassword(requestData.getMsgContext());
            if (password == null) {
                String err = "provided null or empty password";
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty", "WSHandler: application " + err);
            }
            WSPasswordCallback pwCb = constructPasswordCallback(username, doAction);
            pwCb.setPassword(password);
            return pwCb;
View Full Code Here
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
        // Call back the application to get the password
        //
        try {
            cbHandler.handle(callbacks);
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                    "empty", e, "WSHandler: password callback failed");
        }
        return pwCb;
    }
View Full Code Here
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
                        "partDefs: '" + mode + "' ,'" + nmSpace + "' ,'" + element + "'"
                    );
                }
                encPart = new WSEncryptionPart(element, nmSpace, mode);
            } else {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty", "WSHandler: wrong part definition: " + tmpS);
            }
            encPart.setRequired(required);
            parts.add(encPart);
        }
View Full Code Here
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
                for (String certConstraint : certConstraintsList) {
                    try {
                        subjectCertConstraints.add(Pattern.compile(certConstraint.trim()));
                    } catch (PatternSyntaxException ex) {
                        LOG.debug(ex.getMessage(), ex);
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
                    }
                }
                reqData.setSubjectCertConstraints(subjectCertConstraints);
            }
        }
View Full Code Here
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
        // perform signature verification
        //
        if ((certs == null || certs.length == 0 || certs[0] == null)
            && secretKey == null
            && publicKey == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        }
       
        // Check for compliance against the defined AlgorithmSuite
        AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
        if (algorithmSuite != null) {
            AlgorithmSuiteValidator algorithmSuiteValidator = new
                AlgorithmSuiteValidator(algorithmSuite);

            if (principal instanceof WSDerivedKeyTokenPrincipal) {
                algorithmSuiteValidator.checkDerivedKeyAlgorithm(
                    ((WSDerivedKeyTokenPrincipal)principal).getAlgorithm()
                );
                algorithmSuiteValidator.checkSignatureDerivedKeyLength(
                    ((WSDerivedKeyTokenPrincipal)principal).getLength()
                );
            } else {
                Key key = null;
                if (certs != null && certs[0] != null) {
                    key = certs[0].getPublicKey();
                } else if (publicKey != null) {
                    key = publicKey;
                }

                if (key instanceof PublicKey) {
                    algorithmSuiteValidator.checkAsymmetricKeyLength((PublicKey)key);
                } else {
                    algorithmSuiteValidator.checkSymmetricKeyLength(secretKey.length);
                }
            }
        }
       
        XMLSignature xmlSignature =
            verifyXMLSignature(elem, certs, publicKey, secretKey, signatureMethod, data, wsDocInfo);
        byte[] signatureValue = xmlSignature.getSignatureValue().getValue();
        String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();

        List<WSDataRef> dataRefs = 
            buildProtectedRefs(
                elem.getOwnerDocument(), xmlSignature.getSignedInfo(), data, wsDocInfo
            );
        if (dataRefs.size() == 0) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        }
       
        int actionPerformed = WSConstants.SIGN;
        if (principal instanceof UsernameTokenPrincipal) {
            actionPerformed = WSConstants.UT_SIGN;
View Full Code Here
TOP

Related Classes of org.apache.wss4j.common.ext.WSSecurityException

  • org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator
  • org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator
  • org.apache.cxf.rs.security.xml.EncryptionUtils
  • org.apache.cxf.rs.security.xml.XmlEncOutInterceptor
  • org.apache.cxf.rs.security.xml.XmlSecOutInterceptor
  • org.apache.cxf.sts.token.validator.SAMLTokenValidator
  • org.apache.cxf.systest.sts.claims.ClaimsValidator
  • org.apache.cxf.systest.sts.claims.StaxClaimsValidator
  • org.apache.cxf.systest.ws.saml.Saml2AudienceRestrictionValidator
  • org.apache.cxf.ws.security.trust.AbstractSTSClient
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.