Examples of org.jboss.ws.extensions.security.exception.WSSecurityException

• org.jboss.ws.extensions.security.exception.WSSecurityException
  @author Jason T. Greene

         list.add(id);
         cipher.doFinal(message, element, target.isContent());
      }
      catch (Exception e)
      {
         throw new WSSecurityException("Error encrypting target: " + name, e);
      }
   }

         kgen.init(alg.size);
         return kgen.generateKey();
      }
      catch (NoSuchAlgorithmException e)
      {
         throw new WSSecurityException(e.getMessage());
      }
   }

         cipher = XMLCipher.getInstance(algorithms.get(algorithm).xmlName);
         cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
      }
      catch (XMLSecurityException e)
      {
         throw new WSSecurityException("Error initializing xml cipher" + e.getMessage(), e);
      }

      ReferenceList list = new ReferenceList();

      if (targets == null || targets.size() == 0)

      X509Certificate cert = null;
      if (alias != null || secDomainLabel != null)
      {
         cert = store.getCertificate(alias, secDomainLabel);
         if (cert == null)
            throw new WSSecurityException("Cannot load certificate from keystore; alias = " + alias);
      }
      else
      {
         List<PublicKey> publicKeys = SignatureKeysAssociation.getPublicKeys();
         if (publicKeys != null && publicKeys.size() == 1)
            cert = store.getCertificateByPublicKey(publicKeys.iterator().next());
         if (cert == null)
            throw new WSSecurityException("Cannot get the certificate for message encryption! Verify the keystore contents, " +
                "considering the certificate is obtained through the alias specified in the encrypt configuration element " +
                "or (server side only) through a single key used to sign the incoming message.");
      }
      return cert;
   }

      {
         return false;
      }
      catch (Exception e)
      {
         throw new WSSecurityException("Error probing cryptographic permissions", e);
      }
   }

      if (id != null && id.length() > 0)
         setId(id);

      Element child = Util.getFirstChildElement(element);
      if (child == null || ! Constants.WSSE_NS.equals(child.getNamespaceURI()) || ! "Username".equals(child.getLocalName()))
         throw new WSSecurityException("Username child expected in UsernameToken element");

      this.username = XMLUtils.getFullTextChildrenFromElement(child);

      child = Util.getNextSiblingElement(child);
      if (child == null || ! Constants.WSSE_NS.equals(child.getNamespaceURI()) || ! "Password".equals(child.getLocalName()))
         throw new WSSecurityException("Password child expected in UsernameToken element");

      this.password = XMLUtils.getFullTextChildrenFromElement(child);
      String passwordType = child.getAttribute("Type");
      this.digest = Constants.PASSWORD_DIGEST_TYPE.equals(passwordType);

      Iterator<Element> itNonce = DOMUtils.getChildElements(element, new QName(Constants.WSSE_NS, "Nonce"));
      if (itNonce != null && itNonce.hasNext())
      {
         Element elem = itNonce.next();
         String encodingType = elem.getAttribute("EncodingType");
         if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
            throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);
         this.nonce = XMLUtils.getFullTextChildrenFromElement(elem);
      }

      Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSU_NS, "Created"));
      if (itCreated != null && itCreated.hasNext())

      {
         JAASSecurityDomainAdaptorResolver sdResolver = (JAASSecurityDomainAdaptorResolver)ServiceLoader.loadService(JAASSecurityDomainAdaptorResolver.class.getName(),
               null);
         if (sdResolver == null)
         {
            throw new WSSecurityException("Could not get a jaas security domain resolver implementation implementing " + JAASSecurityDomainAdaptorResolver.class
                  + "; this is container specific, so please check your classpath is properly set if running on client side.");
         }
         try
         {
            sd = sdResolver.lookup(securityDomainConf.getJndi());
         }
         catch (Exception e)
         {
            throw new WSSecurityException("JNDI failure handling " + securityDomainConf.getJndi(), e);
         }
         // if we reached this point, means we have a JNDI name pointing to a valid JAAS Security Domain
         keyStore = sd.getKeyStore();
         trustStore = sd.getTrustStore();
         securityDomainAuthToken = securityDomainConf.getAuthToken();

         {
            storeURL = storeFile.toURL();
         }
         catch (MalformedURLException e)
         {
            throw new WSSecurityException("Problems loading " + type + ": " + e.getMessage(), e);
         }
      }

      if (storeType == null)
         storeType = System.getProperty(property + "Type");
      if (storeType == null)
         storeType = "jks";

      KeyStore keyStore = null;
      InputStream stream = null;
      try
      {
         log.debug("loadStore: " + storeURL);
         stream = storeURL.openStream();
         if (stream == null)
            throw new WSSecurityException("Cannot load store from: " + storeURL);

         keyStore = KeyStore.getInstance(storeType);
         if (keyStore == null)
            throw new WSSecurityException("Cannot get keystore for type: " + storeType);

         String decryptedPassword = decryptPassword(storePassword);
         if (decryptedPassword == null)
            throw new WSSecurityException("Cannot decrypt store password");

         keyStore.load(stream, decryptedPassword.toCharArray());
      }
      catch (RuntimeException rte)
      {
         throw rte;
      }
      catch (WSSecurityException ex)
      {
         throw ex;
      }
      catch (Exception ex)
      {
         throw new WSSecurityException("Problems loading " + type + ": " + ex.getMessage(), ex);
      }
      finally
      {
         if (stream != null)
         {

   private String decryptPassword(String password) throws WSSecurityException
   {
      log.trace("decrypt password: " + password);

      if (password == null)
         throw new WSSecurityException("Invalid null password for security store");

      if (password.charAt(0) == '{')
      {
         StringTokenizer tokenizer = new StringTokenizer(password, "{}");
         String keyStorePasswordCmdType = tokenizer.nextToken();
         String keyStorePasswordCmd = tokenizer.nextToken();
         if (keyStorePasswordCmdType.equals("EXT"))
         {
            password = execPasswordCmd(keyStorePasswordCmd);
         }
         else if (keyStorePasswordCmdType.equals("CLASS"))
         {
            password = invokePasswordClass(keyStorePasswordCmd);
         }
         else
         {
            throw new WSSecurityException("Unknown keyStorePasswordCmdType: " + keyStorePasswordCmdType);
         }
      }
      if (password == null)
         throw new WSSecurityException("Cannot decrypt password, result is null");

      log.trace("decrypted password: " + password);
      return password;
   }

         log.debug("Command exited with: " + status);
         return password;
      }
      catch (Exception e)
      {
         throw new WSSecurityException("Problems executing password cmd: " + keyStorePasswordCmd, e);
      }
   }