/** * Advance the current position by the given number of bytes. * * @param length the number of bytes to skip. * @throws WSSecurityException if length is negative. */ public void skip(int length) throws WSSecurityException { if (length < 0) { throw new WSSecurityException( WSSecurityException.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling", new Object[] { "Unsupported DER format" } ); } pos += length; }
/** * Advance the current position by the given number of bytes. * * @param length the number of bytes to skip. * @throws WSSecurityException if length is negative. */ public void skip(int length) throws WSSecurityException { if (length < 0) { throw new WSSecurityException( WSSecurityException.UNSUPPORTED_SECURITY_TOKEN, "noSKIHandling", new Object[] { "Unsupported DER format" } ); } pos += length; }
public void checkEncryptionKeyWrapAlgorithm( String keyWrapAlgorithm ) throws WSSecurityException { Set<String> keyWrapAlgorithms = algorithmSuite.getKeyWrapAlgorithms(); if (!keyWrapAlgorithms.isEmpty() && !keyWrapAlgorithms.contains(keyWrapAlgorithm)) { LOG.debug( "The Key transport method does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
private static void signObject(Signature signature) throws WSSecurityException { if (signature != null) { try { Signer.signObject(signature); } catch (SignatureException ex) { throw new WSSecurityException("Error signing a SAML assertion", ex); } } }
private static void signObject(Signature signature) throws WSSecurityException { if (signature != null) { try { Signer.signObject(signature); } catch (SignatureException ex) { throw new WSSecurityException("Error signing a SAML assertion", ex); } } }
public void checkSymmetricEncryptionAlgorithm( String symmetricAlgorithm ) throws WSSecurityException { Set<String> encryptionMethods = algorithmSuite.getEncryptionMethods(); if (!encryptionMethods.isEmpty() && !encryptionMethods.contains(symmetricAlgorithm)) { LOG.debug( "The encryption algorithm does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
public void checkEncryptionKeyWrapAlgorithm( String keyWrapAlgorithm ) throws WSSecurityException { Set<String> keyWrapAlgorithms = algorithmSuite.getKeyWrapAlgorithms(); if (!keyWrapAlgorithms.isEmpty() && !keyWrapAlgorithms.contains(keyWrapAlgorithm)) { LOG.debug( "The Key transport method does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
public void checkSymmetricEncryptionAlgorithm( String symmetricAlgorithm ) throws WSSecurityException { Set<String> encryptionMethods = algorithmSuite.getEncryptionMethods(); if (!encryptionMethods.isEmpty() && !encryptionMethods.contains(symmetricAlgorithm)) { LOG.debug( "The encryption algorithm does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Check the C14n Algorithm */ public void checkC14nAlgorithm( String c14nAlgorithm ) throws WSSecurityException { Set<String> allowedC14nAlgorithms = algorithmSuite.getC14nAlgorithms(); if (!allowedC14nAlgorithms.isEmpty() && !allowedC14nAlgorithms.contains(c14nAlgorithm)) { LOG.debug( "C14nMethod " + c14nAlgorithm + " does not match required value" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
@Override /** * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream) */ public X509Certificate loadCertificate(InputStream in) throws WSSecurityException { X509Certificate cert; try { cert = (X509Certificate) getCertificateFactory().generateCertificate(in); } catch (CertificateException e) { throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "parseError"); } return cert; }
@Override /** * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream) */ public X509Certificate loadCertificate(InputStream in) throws WSSecurityException { X509Certificate cert; try { cert = (X509Certificate) getCertificateFactory().generateCertificate(in); } catch (CertificateException e) { throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "parseError"); } return cert; }
@Override /** * @see org.apache.ws.security.components.crypto.Crypto#loadCertificate(java.io.InputStream) */ public X509Certificate loadCertificate(InputStream in) throws WSSecurityException { X509Certificate cert; try { cert = (X509Certificate) getCertificateFactory().generateCertificate(in); } catch (CertificateException e) { throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "parseError"); } return cert; }
/** * Check the C14n Algorithm */ public void checkC14nAlgorithm( String c14nAlgorithm ) throws WSSecurityException { Set<String> allowedC14nAlgorithms = algorithmSuite.getC14nAlgorithms(); if (!allowedC14nAlgorithms.isEmpty() && !allowedC14nAlgorithms.contains(c14nAlgorithm)) { LOG.debug( "C14nMethod " + c14nAlgorithm + " does not match required value" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Check Derived Key algorithm */ public void checkDerivedKeyAlgorithm( String algorithm ) throws WSSecurityException { Set<String> derivedKeyAlgorithms = algorithmSuite.getDerivedKeyAlgorithms(); if (!derivedKeyAlgorithms.isEmpty() && !derivedKeyAlgorithms.contains(algorithm)) { LOG.debug( "The Derived Key Algorithm does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Check the Signature Method */ public void checkSignatureMethod( String signatureMethod ) throws WSSecurityException { Set<String> allowedSignatureMethods = algorithmSuite.getSignatureMethods(); if (!allowedSignatureMethods.isEmpty() && !allowedSignatureMethods.contains(signatureMethod)) { LOG.debug( "SignatureMethod " + signatureMethod + " does not match required values" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Check the symmetric key length */ public void checkSymmetricKeyLength( int secretKeyLength ) throws WSSecurityException { if (secretKeyLength < (algorithmSuite.getMinimumSymmetricKeyLength() / 8) || secretKeyLength > (algorithmSuite.getMaximumSymmetricKeyLength() / 8)) { LOG.debug( "The symmetric key length does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Check the symmetric key length */ public void checkSymmetricKeyLength( int secretKeyLength ) throws WSSecurityException { if (secretKeyLength < (algorithmSuite.getMinimumSymmetricKeyLength() / 8) || secretKeyLength > (algorithmSuite.getMaximumSymmetricKeyLength() / 8)) { LOG.debug( "The symmetric key length does not match the requirement" ); throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); } }
/** * Validate the signature of the Assertion against the Profile. This does not actually * verify the signature itself (see the verifySignature method for this) * @throws WSSecurityException */ public void validateSignatureAgainstProfile() throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); try { validator.validate(sig); } catch (ValidationException ex) { throw new WSSecurityException("SAML signature validation failed", ex); } } }
/** * Validate the signature of the Assertion against the Profile. This does not actually * verify the signature itself (see the verifySignature method for this) * @throws WSSecurityException */ public void validateSignatureAgainstProfile() throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); try { validator.validate(sig); } catch (ValidationException ex) { throw new WSSecurityException("SAML signature validation failed", ex); } } }
private static List findElements(OMElement elem, String expression) throws WSSecurityException { try { XPath xp = new AXIOMXPath(expression); //Set namespaces SimpleNamespaceContext nsCtx = new SimpleNamespaceContext(); nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS); nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS); nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS); nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS); xp.setNamespaceContext(nsCtx); return xp.selectNodes(elem); } catch (JaxenException e) { throw new WSSecurityException(e.getMessage(), e); } }