Java Code Examples for org.apache.ws.security.WSSecurityException#FAILURE
The following examples show how to use
org.apache.ws.security.WSSecurityException#FAILURE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CustomSamlValidator.java From steady with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential returnedCredential = super.validate(credential, data);
//
// Do some custom validation on the assertion
//
AssertionWrapper assertion = credential.getAssertion();
if (!"www.example.com".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSAML1Assertion && assertion.getSaml1() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (confirmationMethod == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSenderVouches
&& !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
return returnedCredential;
}
Example 2
| Source File: CustomSamlValidator.java From steady with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential returnedCredential = super.validate(credential, data);
//
// Do some custom validation on the assertion
//
AssertionWrapper assertion = credential.getAssertion();
if (!"www.example.com".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSAML1Assertion && assertion.getSaml1() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (confirmationMethod == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSenderVouches
&& !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
return returnedCredential;
}
Example 3
| Source File: CustomSamlValidator.java From steady with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential returnedCredential = super.validate(credential, data);
//
// Do some custom validation on the assertion
//
AssertionWrapper assertion = credential.getAssertion();
if (!"www.example.com".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSAML1Assertion && assertion.getSaml1() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (confirmationMethod == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSenderVouches
&& !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
return returnedCredential;
}
Example 4
| Source File: CustomSamlValidator.java From steady with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential returnedCredential = super.validate(credential, data);
//
// Do some custom validation on the assertion
//
AssertionWrapper assertion = credential.getAssertion();
if (!"www.example.com".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSAML1Assertion && assertion.getSaml1() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (confirmationMethod == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
} else if (!requireSenderVouches
&& !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
}
return returnedCredential;
}
Example 5
| Source File: ServerCrypto.java From carbon-identity with Apache License 2.0 | 5 votes |
|
private boolean validateCertPath(KeyStore ks, Certificate[] certs) throws WSSecurityException {
try {
// Generate cert path
java.util.List certList = java.util.Arrays.asList(certs);
CertPath path = this.getCertificateFactory().generateCertPath(certList);
// Use the certificates in the keystore as TrustAnchors
PKIXParameters param = new PKIXParameters(ks);
// Do not check a revocation list
param.setRevocationEnabled(false);
// Verify the trust path using the above settings
String provider = properties
.getProperty("org.apache.ws.security.crypto.merlin.cert.provider");
CertPathValidator certPathValidator;
if (provider == null || provider.length() == 0) {
certPathValidator = CertPathValidator.getInstance("PKIX");
} else {
certPathValidator = CertPathValidator.getInstance("PKIX", provider);
}
certPathValidator.validate(path, param);
} catch (NoSuchProviderException | NoSuchAlgorithmException | CertificateException |
InvalidAlgorithmParameterException | CertPathValidatorException | KeyStoreException ex) {
throw new WSSecurityException(WSSecurityException.FAILURE, "certpath",
new Object[]{ex.getMessage()}, ex);
}
return true;
}
Example 6
| Source File: CryptoCoverageUtil.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Checks that the references provided refer to the required
* signed/encrypted elements as defined by the XPath expressions in {@code
* xPaths}.
*/
public static void checkCoverage(
Element soapEnvelope,
final Collection<WSDataRef> refs,
final XPath xpath,
Collection<String> xPaths,
CoverageType type,
CoverageScope scope
) throws WSSecurityException {
// For each XPath
for (String xpathString : xPaths) {
// Get the matching nodes
NodeList list;
try {
list = (NodeList)xpath.evaluate(
xpathString,
soapEnvelope,
XPathConstants.NODESET);
} catch (XPathExpressionException e) {
// The xpath's are not valid in the config.
throw new WSSecurityException(WSSecurityException.FAILURE);
}
// If we found nodes then we need to do the check.
if (list.getLength() != 0) {
// For each matching element, check for a ref that
// covers it.
for (int x = 0; x < list.getLength(); x++) {
final Element el = (Element)list.item(x);
boolean instanceMatched = CryptoCoverageUtil.matchElement(refs, type, scope, el);
// We looked through all of the refs, but the element was
// not signed.
if (!instanceMatched) {
throw new WSSecurityException("The " + getCoverageTypeString(type)
+ " does not cover the required elements ("
+ xpathString + ").");
}
}
}
}
}
Example 7
| Source File: CryptoCoverageUtil.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Checks that the references provided refer to the required
* signed/encrypted elements as defined by the XPath expressions in {@code
* xPaths}.
*/
public static void checkCoverage(
Element soapEnvelope,
final Collection<WSDataRef> refs,
final XPath xpath,
Collection<String> xPaths,
CoverageType type,
CoverageScope scope
) throws WSSecurityException {
// For each XPath
for (String xpathString : xPaths) {
// Get the matching nodes
NodeList list;
try {
list = (NodeList)xpath.evaluate(
xpathString,
soapEnvelope,
XPathConstants.NODESET);
} catch (XPathExpressionException e) {
// The xpath's are not valid in the config.
throw new WSSecurityException(WSSecurityException.FAILURE);
}
// If we found nodes then we need to do the check.
if (list.getLength() != 0) {
// For each matching element, check for a ref that
// covers it.
for (int x = 0; x < list.getLength(); x++) {
final Element el = (Element)list.item(x);
boolean instanceMatched = CryptoCoverageUtil.matchElement(refs, type, scope, el);
// We looked through all of the refs, but the element was
// not signed.
if (!instanceMatched) {
throw new WSSecurityException("The " + getCoverageTypeString(type)
+ " does not cover the required elements ("
+ xpathString + ").");
}
}
}
}
}
Example 8
| Source File: CryptoCoverageUtil.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Checks that the references provided refer to the required
* signed/encrypted elements as defined by the XPath expressions in {@code
* xPaths}.
*/
public static void checkCoverage(
Element soapEnvelope,
final Collection<WSDataRef> refs,
final XPath xpath,
Collection<String> xPaths,
CoverageType type,
CoverageScope scope
) throws WSSecurityException {
// For each XPath
for (String xpathString : xPaths) {
// Get the matching nodes
NodeList list;
try {
list = (NodeList)xpath.evaluate(
xpathString,
soapEnvelope,
XPathConstants.NODESET);
} catch (XPathExpressionException e) {
// The xpath's are not valid in the config.
throw new WSSecurityException(WSSecurityException.FAILURE);
}
// If we found nodes then we need to do the check.
if (list.getLength() != 0) {
// For each matching element, check for a ref that
// covers it.
for (int x = 0; x < list.getLength(); x++) {
final Element el = (Element)list.item(x);
boolean instanceMatched = CryptoCoverageUtil.matchElement(refs, type, scope, el);
// We looked through all of the refs, but the element was
// not signed.
if (!instanceMatched) {
throw new WSSecurityException("The " + getCoverageTypeString(type)
+ " does not cover the required elements ("
+ xpathString + ").");
}
}
}
}
}
Example 9
| Source File: CryptoCoverageUtil.java From steady with Apache License 2.0 | 4 votes |
|
/**
* Checks that the references provided refer to the required
* signed/encrypted elements as defined by the XPath expressions in {@code
* xPaths}.
*/
public static void checkCoverage(
Element soapEnvelope,
final Collection<WSDataRef> refs,
final XPath xpath,
Collection<String> xPaths,
CoverageType type,
CoverageScope scope
) throws WSSecurityException {
// For each XPath
for (String xpathString : xPaths) {
// Get the matching nodes
NodeList list;
try {
list = (NodeList)xpath.evaluate(
xpathString,
soapEnvelope,
XPathConstants.NODESET);
} catch (XPathExpressionException e) {
// The xpath's are not valid in the config.
throw new WSSecurityException(WSSecurityException.FAILURE);
}
// If we found nodes then we need to do the check.
if (list.getLength() != 0) {
// For each matching element, check for a ref that
// covers it.
for (int x = 0; x < list.getLength(); x++) {
final Element el = (Element)list.item(x);
boolean instanceMatched = CryptoCoverageUtil.matchElement(refs, type, scope, el);
// We looked through all of the refs, but the element was
// not signed.
if (!instanceMatched) {
throw new WSSecurityException("The " + getCoverageTypeString(type)
+ " does not cover the required elements ("
+ xpathString + ").");
}
}
}
}
}
Example 10
| Source File: ServerCrypto.java From carbon-identity with Apache License 2.0 | 4 votes |
|
@Override
/**
* This first looks into the primary keystore and then looks at the other trust stores
*
* @see org.apache.ws.security.components.crypto.Crypto#getCertificates(String)
*/
public X509Certificate[] getCertificates(String alias) throws WSSecurityException {
Certificate[] certs = new Certificate[0];
Certificate cert = null;
try {
if (this.keystore != null) {
// There's a chance that there can only be a set of trust stores
certs = keystore.getCertificateChain(alias);
if (certs == null || certs.length == 0) {
// no cert chain, so lets check if getCertificate gives us a
// result.
cert = keystore.getCertificate(alias);
}
}
if (certs == null && cert == null && this.trustStores != null) {
// Now look into the trust stores
Iterator trustStoreIter = this.trustStores.iterator();
while (trustStoreIter.hasNext()) {
KeyStore store = (KeyStore) trustStoreIter.next();
certs = store.getCertificateChain(alias);
if (certs != null) {
break; // found the certs
} else {
cert = store.getCertificate(alias);
}
}
}
if (certs == null && cert == null && this.cacerts != null) {
// There's a chance that there can only be a set of ca store
certs = cacerts.getCertificateChain(alias);
if (certs == null || certs.length == 0) {
// no cert chain, so lets check if getCertificate gives us a
// result.
cert = cacerts.getCertificate(alias);
}
}
if (cert != null) {
certs = new Certificate[]{cert};
} else if (certs == null) {
// At this pont we don't have certs or a cert
return new X509Certificate[0];
}
} catch (KeyStoreException e) {
throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
}
X509Certificate[] x509certs = new X509Certificate[0];
if (certs != null) {
x509certs = new X509Certificate[certs.length];
for (int i = 0; i < certs.length; i++) {
x509certs[i] = (X509Certificate) certs[i];
}
}
return x509certs;
}
