public static String getAttachmentId(String xopUri) throws WSSecurityException { try { return URLDecoder.decode(xopUri.substring("cid:".length()), StandardCharsets.UTF_8.name()); } catch (UnsupportedEncodingException e) { throw new WSSecurityException( WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[] {"Attachment ID cannot be decoded: " + xopUri} ); } } }
private String getEncodingMethodAlgorithm(Element parent) throws WSSecurityException { Element encMethod = getNode(parent, WSS4JConstants.ENC_NS, "EncryptionMethod", 0); if (encMethod == null) { LOG.fine("EncryptionMethod element is not available"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } return encMethod.getAttribute("Algorithm"); }
public void checkSymmetricEncryptionAlgorithm( String symmetricAlgorithm ) throws WSSecurityException { Set<String> encryptionMethods = algorithmSuite.getEncryptionMethods(); if (!encryptionMethods.isEmpty() && !encryptionMethods.contains(symmetricAlgorithm)) { LOG.debug( "The encryption algorithm does not match the requirement" ); throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY); } }
@Override public void validate( InboundSecurityToken inboundSecurityToken, WSSSecurityProperties wssSecurityProperties) throws WSSecurityException { try { inboundSecurityToken.verify(); } catch (XMLSecurityException e) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e); } } }
public static void createEncryptedKeySha1IdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, Key key) throws XMLStreamException, XMLSecurityException { try { MessageDigest sha = MessageDigest.getInstance("SHA-1"); byte[] data = sha.digest(key.getEncoded()); createEncryptedKeySha1IdentifierStructure(abstractOutputProcessor, outputProcessorChain, XMLUtils.encodeToString(data)); } catch (NoSuchAlgorithmException e) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e); } }
@Override public Principal getPrincipal() throws WSSecurityException { if (this.principal == null) { try { this.principal = new PublicKeyPrincipalImpl(getPublicKey()); } catch (XMLSecurityException e) { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e); } } return this.principal; } }
X509IssuerSerialTokenImpl( WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto, CallbackHandler callbackHandler, X509IssuerSerialType x509IssuerSerialType, String id, WSSSecurityProperties securityProperties) throws XMLSecurityException { super(WSSecurityTokenConstants.X509V3Token, wsInboundSecurityContext, crypto, callbackHandler, id, WSSecurityTokenConstants.KeyIdentifier_IssuerSerial, securityProperties, false); if (x509IssuerSerialType.getX509IssuerName() == null || x509IssuerSerialType.getX509SerialNumber() == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo"); } this.x509IssuerSerialType = x509IssuerSerialType; }
@Override public Principal getPrincipal() throws WSSecurityException { if (this.principal == null) { try { this.principal = new PublicKeyPrincipalImpl(getPublicKey()); } catch (XMLSecurityException e) { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e); } } return this.principal; } }
@Override public Principal getPrincipal() throws WSSecurityException { if (this.principal == null) { try { this.principal = new PublicKeyPrincipalImpl(getPublicKey()); } catch (XMLSecurityException e) { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e); } } return this.principal; } }
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException { try { X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto, sigCrypto.getDefaultX509Identifier()); SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]}); samlKeyInfo.setPublicKey(certs[0].getPublicKey()); return samlKeyInfo; } catch (Exception ex) { LOG.log(Level.FINE, "Error in loading the certificates: " + ex.getMessage(), ex); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex); } }
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException { try { X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto, sigCrypto.getDefaultX509Identifier()); SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]}); samlKeyInfo.setPublicKey(certs[0].getPublicKey()); return samlKeyInfo; } catch (Exception ex) { LOG.log(Level.FINE, "Error in loading the certificates: " + ex.getMessage(), ex); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex); } }
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException { try { X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto, sigCrypto.getDefaultX509Identifier()); SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]}); samlKeyInfo.setPublicKey(certs[0].getPublicKey()); return samlKeyInfo; } catch (Exception ex) { LOG.log(Level.FINE, "Error in loading the certificates: " + ex.getMessage(), ex); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex); } }
public void handleBSPRule(BSPRule bspRule) throws WSSecurityException { if (disableBSPRules) { return; } if (!ignoredBSPRules.contains(bspRule)) { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[] {"BSP:" + bspRule.name() + ": " + bspRule.getMsg()} ); } else { LOG.debug("BSP:{}: {}", bspRule.name(), bspRule.getMsg()); } }
private byte[] decryptPayload( Element root, byte[] secretKeyBytes, String symEncAlgo ) throws WSSecurityException { SecretKey key = KeyUtils.prepareSecretKey(symEncAlgo, secretKeyBytes); try { XMLCipher xmlCipher = EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key); return xmlCipher.decryptToByteArray(root); } catch (XMLEncryptionException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex); } }
public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass, String callbackProperty) throws WSSecurityException { //Then try to get the password from the given callback handler Object o = SecurityUtils.getSecurityPropertyValue(callbackProperty, message); try { return SecurityUtils.getCallbackHandler(o); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } }
public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) throws WSSecurityException { try { XMLCipher cipher = XMLCipher.getInstance(symEncAlgo); cipher.setSecureValidation(true); cipher.init(mode, key); return cipher; } catch (XMLEncryptionException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex); } }
protected boolean isValidatedLocally(Credential credential, RequestData data) throws WSSecurityException { if (!alwaysValidateToSts && credential.getSamlAssertion() != null) { try { samlValidator.validate(credential, data); return samlValidator.isTrustVerificationSucceeded(); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "invalidSAMLsecurity"); } } return false; }
public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) throws WSSecurityException { try { XMLCipher cipher = XMLCipher.getInstance(symEncAlgo); cipher.setSecureValidation(true); cipher.init(mode, key); return cipher; } catch (XMLEncryptionException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex); } }
public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass, String callbackProperty) throws WSSecurityException { //Then try to get the password from the given callback handler Object o = SecurityUtils.getSecurityPropertyValue(callbackProperty, message); try { return SecurityUtils.getCallbackHandler(o); } catch (Exception ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); } }
private PrivateKey getPrivateKey( RequestData data, X509Certificate[] certs, PublicKey publicKey ) throws WSSecurityException { try { if (certs != null) { return data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler()); } return data.getDecCrypto().getPrivateKey(publicKey, data.getCallbackHandler()); } catch (WSSecurityException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex); } }