Java Code Examples for org.apache.ws.security.WSSecurityException#INVALID_SECURITY
The following examples show how to use
org.apache.ws.security.WSSecurityException#INVALID_SECURITY .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
}
return cipherValue;
} else {
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
List<WSSecurityEngineResult> result =
proc.handleToken(child, data, docInfo);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
}
}
}
Example 2
| Source File: SAMLUtils.java From steady with Apache License 2.0 | 5 votes |
|
public static void validateSAMLResults(
List<WSSecurityEngineResult> results,
Message message,
Element body
) throws WSSecurityException {
List<WSSecurityEngineResult> samlResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
if (samlResults.isEmpty()) {
return;
}
List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN, signedResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_SIGN, signedResults);
for (WSSecurityEngineResult samlResult : samlResults) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)samlResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!SAMLUtils.checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) {
LOG.warning("Assertion fails holder-of-key requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
if (!SAMLUtils.checkSenderVouches(assertionWrapper, tlsCerts, body, signedResults)) {
LOG.warning("Assertion fails sender-vouches requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
}
Example 3
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
}
return cipherValue;
} else {
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
List<WSSecurityEngineResult> result =
proc.handleToken(child, data, docInfo);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
}
}
}
Example 4
| Source File: SAMLUtils.java From steady with Apache License 2.0 | 5 votes |
|
public static void validateSAMLResults(
List<WSSecurityEngineResult> results,
Message message,
Element body
) throws WSSecurityException {
List<WSSecurityEngineResult> samlResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
if (samlResults.isEmpty()) {
return;
}
List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN, signedResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_SIGN, signedResults);
for (WSSecurityEngineResult samlResult : samlResults) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)samlResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!SAMLUtils.checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) {
LOG.warning("Assertion fails holder-of-key requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
if (!SAMLUtils.checkSenderVouches(assertionWrapper, tlsCerts, body, signedResults)) {
LOG.warning("Assertion fails sender-vouches requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
}
Example 5
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
}
return cipherValue;
} else {
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
List<WSSecurityEngineResult> result =
proc.handleToken(child, data, docInfo);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
}
}
}
Example 6
| Source File: SAMLUtils.java From steady with Apache License 2.0 | 5 votes |
|
public static void validateSAMLResults(
List<WSSecurityEngineResult> results,
Message message,
Element body
) throws WSSecurityException {
List<WSSecurityEngineResult> samlResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
if (samlResults.isEmpty()) {
return;
}
List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN, signedResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_SIGN, signedResults);
for (WSSecurityEngineResult samlResult : samlResults) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)samlResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!SAMLUtils.checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) {
LOG.warning("Assertion fails holder-of-key requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
if (!SAMLUtils.checkSenderVouches(assertionWrapper, tlsCerts, body, signedResults)) {
LOG.warning("Assertion fails sender-vouches requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
}
Example 7
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
String encryptionAlgorithm = X509Util.getEncAlgo(child);
// For the SPNEGO case just return the decoded cipher value and decrypt it later
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
}
}
if (cipherValue == null) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
}
return cipherValue;
} else {
try {
EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(createCrypto(true));
data.setCallbackHandler(createHandler());
List<WSSecurityEngineResult> result =
proc.handleToken(child, data, docInfo);
return
(byte[])result.get(0).get(
WSSecurityEngineResult.TAG_SECRET
);
} catch (IOException e) {
throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
}
}
}
Example 8
| Source File: SAMLUtils.java From steady with Apache License 2.0 | 5 votes |
|
public static void validateSAMLResults(
List<WSSecurityEngineResult> results,
Message message,
Element body
) throws WSSecurityException {
List<WSSecurityEngineResult> samlResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_SIGNED, samlResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.ST_UNSIGNED, samlResults);
if (samlResults.isEmpty()) {
return;
}
List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SIGN, signedResults);
WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_SIGN, signedResults);
for (WSSecurityEngineResult samlResult : samlResults) {
AssertionWrapper assertionWrapper =
(AssertionWrapper)samlResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!SAMLUtils.checkHolderOfKey(assertionWrapper, signedResults, tlsCerts)) {
LOG.warning("Assertion fails holder-of-key requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
if (!SAMLUtils.checkSenderVouches(assertionWrapper, tlsCerts, body, signedResults)) {
LOG.warning("Assertion fails sender-vouches requirements");
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
}
}
}
