Examples of org.jboss.ws.extensions.security.exception.WSSecurityException

• org.jboss.ws.extensions.security.exception.WSSecurityException
  @author Jason T. Greene

      {
         return new X509IssuerSerial(message, token);
      }
      else
      {
         throw new WSSecurityException("Unkown token reference type: " + tokenRefType);
      }
   }

      {
         Calendar cal = SimpleTypeBindings.unmarshalDateTime(token.getCreated());
         Calendar ref = Calendar.getInstance();
         ref.add(Calendar.SECOND, -TIMESTAMP_FRESHNESS_THRESHOLD);
         if (ref.after(cal))
            throw new WSSecurityException("Request rejected since a stale timestamp has been provided: " + token.getCreated());
      }
      String nonce = token.getNonce();
      if (nonce != null)
      {
         if (nonceStore.hasNonce(nonce))
            throw new WSSecurityException("Request rejected since a message with the same nonce has been recently received; nonce = " + nonce);
         nonceStore.putNonce(nonce);
      }
   }

         cipher = XMLCipher.getInstance();
         key = cipher.loadEncryptedKey(element);
      }
      catch (XMLSecurityException e)
      {
         throw new WSSecurityException("Could not parse encrypted key: " + e.getMessage(), e);
      }

      KeyInfo info = key.getKeyInfo();

      if (info == null)
         throw new WSSecurityException("EncryptedKey element did not contain KeyInfo");

      PrivateKey privateKey = resolver.resolvePrivateKey(info);

      // Locate the reference list. We have to manually parse this because xml security doesn't handle
      // shorthand xpointer references (URI="#fooid")

      Element referenceList = Util.findElement(element, Constants.XENC_REFERENCELIST, Constants.XML_ENCRYPTION_NS);
      if (referenceList == null)
         throw new WSSecurityException("Encrypted key did not contain a reference list");

      this.list = new ReferenceList(referenceList);

      // Now use the element list to determine the encryption alg
      String alg = getKeyAlgorithm(element);
      if (alg == null)
         throw new WSSecurityException("Could not determine encrypted key algorithm!");

      try
      {
         cipher.init(XMLCipher.UNWRAP_MODE, privateKey);
         this.secretKey = (SecretKey) cipher.decryptKey(key, alg);
      }
      catch (XMLSecurityException e)
      {
         throw new WSSecurityException("Could not parse encrypted key: " + e.getMessage(), e);
      }

      this.document = element.getOwnerDocument();
      this.token = new X509Token(resolver.resolveCertificate(info), this.document);
   }

         cipher.init(XMLCipher.WRAP_MODE, token.getCert().getPublicKey());
         key = cipher.encryptKey(document, secretKey);
      }
      catch (XMLSecurityException e)
      {
         throw new WSSecurityException("Error encrypting key: " + e.getMessage(), e);
      }

      SecurityTokenReference reference = new SecurityTokenReference(Reference.getReference(tokenRefType, document, token));
      KeyInfo keyInfo = new KeyInfo(document);
      keyInfo.addUnknownElement(reference.getElement());

      {
         throw new FailedCheckException("Decryption was invalid.");
      }
      catch (Exception e)
      {
         throw new WSSecurityException("Could not decrypt element: " + e.getMessage(), e);
      }

      if (isContent)
         return Util.getWsuId(previous);

      ReferenceList list = key.getReferenceList();
      for (String uri : list.getAllReferences())
      {
         Element element = Util.findElementByWsuId(message.getDocumentElement(), uri);
         if (element == null)
            throw new WSSecurityException("A reference list refered to an element that was not found: " + uri);

         if (!isEncryptedData(element))
            throw new WSSecurityException("Malformed reference list, a non encrypted data element was referenced: " + uri);

         ids.add(decryptElement(element, key.getSecretKey()));
      }

      return ids;

   {
      String valueType = element.getAttribute("ValueType");
      if (X509Token.TYPE.equals(valueType))
         return new X509Token(element);
      else
         throw new WSSecurityException("Unkown Binary Security Token!!!");
   }

   public KeyIdentifier(Element element) throws WSSecurityException
   {
      this.doc = element.getOwnerDocument();

      if (! "KeyIdentifier".equals(element.getLocalName()))
         throw new WSSecurityException("Invalid message, invalid local name on a KeyIdentifier");

      String valueType = element.getAttribute("ValueType");
      if (valueType == null || valueType.length() == 0)
         throw new WSSecurityException("Inavliad message, KeyIdentifier element is missing an ValueType");

      if (! SKI_TYPE.equals(valueType))
         throw new WSSecurityException("Currently only SubjectKeyIdentifiers are supported, was passed: " + valueType);

      // Lets be soft on encoding type since other clients don't properly use it
      this.value = XMLUtils.getFullTextChildrenFromElement(element);
   }

   }

   public void referenceToken(BinarySecurityToken token) throws WSSecurityException
   {
      if (! (token instanceof X509Token))
         throw new WSSecurityException("KeyIdentifier tried to reference something besides an X509 token");

      X509Token x509 = (X509Token) token;
      X509Certificate cert = x509.getCert();

      // Maybee we should make one ourselves if it isn't there?
      byte[] encoded = cert.getExtensionValue("2.5.29.14");
      if (encoded == null)
         throw new WSSecurityException("Certificate did not contain a subject key identifier!");

      // We need to skip 4 bytes [(OCTET STRING) (LENGTH)[(OCTET STRING) (LENGTH) (Actual data)]]
      int trunc = encoded.length - 4;

      byte[] identifier = new byte[trunc];

      {
         return Base64.decode(value);
      }
      catch (Base64DecodingException e)
      {
         throw new WSSecurityException("Error decoding key identifier", e);
      }
   }