Examples of com.sun.xml.wss.XWSSecurityException

com.sun.xml.wss.XWSSecurityException
Top level exception used to describe various Errors while processing Secure SOAP messages.

           Callback[] callbacks = new Callback[] { pkCallback };
           _handler.handle(callbacks);


           return pkCallback.getKey(); 
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

View Full Code Here

           Callback[] callbacks = new Callback[] { pkCallback };
           _handler.handle(callbacks);


           return pkCallback.getKey(); 
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
     }

View Full Code Here

                    XMLStreamBuffer mark = new XMLStreamBufferMark(headerBlockNamespaces, creator);
                    GenericSecuredHeader gsh = new GenericSecuredHeader(reader, soapVersion, creator, (HashMap) namespaces, staxIF, context.getEncHeaderContent());
                    headers.add(gsh);


                } catch (XMLStreamBufferException ex) {
                    throw new XWSSecurityException("Error occurred while reading SOAP Header" + ex);
                }
            }
            while (reader.isWhiteSpace()) {
                reader.next();
            }

View Full Code Here

                                }
                            }
                        } else {
                            //unrecognized valuetype
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1616_UNRECOGNIZED_BST_VALUETYPE(valueType));
                            throw new XWSSecurityException(LogStringsMessages.WSS_1616_UNRECOGNIZED_BST_VALUETYPE(valueType));
                        }


                        break;
                    }
                    case ENCRYPTED_KEY_ELEMENT: {
                        EncryptedKey ek = new EncryptedKey(message, context, (HashMap) currentParentNS);
                        ArrayList<String> list = (ArrayList) ek.getPendingReferenceList();
                        if (list != null) {
                            findAndReplaceED(list, ek);
                            if (ek.getPendingReferenceList().size() > 0) {
                                if (pendingElement == null) {
                                    pendingElement = ek;
                                }//else{
                                addSecurityHeader(ek);
                                //}
                            }
                        } else {
                            addSecurityHeader(ek);
                        }
                        if (ek.getPolicy() != null) {
                            context.getInferredSecurityPolicy().append(ek.getPolicy());
                        }
                        break;
                    }
                    case ENCRYPTED_DATA_ELEMENT: {
                        EncryptedData ed = new EncryptedData(message, context, currentParentNS);
                        handleEncryptedData(ed, currentParentNS);
                        break;
                    }


                    case ENCRYPTED_HEADER_ELEMENT: {
                        throw new XWSSecurityException("wsse11:EncryptedHeader not allowed inside SecurityHeader");
                        //break;
                    }


                    case REFERENCE_LIST_ELEMENT: {
                        ReferenceListHeader refList = new ReferenceListHeader(message, context);
                        if (pendingElement == null) {
                            pendingElement = refList;
                        } else {
                            addSecurityHeader(refList);
                        }


                        context.getInferredSecurityPolicy().append(refList.getPolicy());
                        break;
                    }
                    case SIGNATURE_ELEMENT: {
                        Signature sig = new Signature(context, currentParentNS, creator);
                        sig.process(message);
                        if (!sig.isValidated()) {
                            if (pendingElement == null) {
                                pendingElement = sig;
                            } else {
                                addSecurityHeader(sig);
                            }
                        } else {
                            if (!processedHeaders.contains(sig)) {
                                processedHeaders.add(sig);
                            }
                        }
                        context.getInferredSecurityPolicy().append(sig.getPolicy());
                        break;
                    }
                    case DERIVED_KEY_ELEMENT: {
                        DerivedKeyToken dkt = new DerivedKeyToken(message, context, (HashMap) currentParentNS);
                        processedHeaders.add(dkt);
                        break;
                    }
                    case SIGNATURE_CONFIRMATION_ELEMENT: {
                        SignatureConfirmation signConfirm = new SignatureConfirmation(message, creator, (HashMap) currentParentNS, staxIF);
                        WSSPolicy policy = signConfirm.getPolicy();
                        signConfirm.validate(context);
                        processedHeaders.add(signConfirm);
                        context.getInferredSecurityPolicy().append(signConfirm.getPolicy());
                        break;
                    }
                    case SECURITY_CONTEXT_TOKEN: {
                        SecurityContextToken sct = new SecurityContextToken(message, context, (HashMap) currentParentNS);
                        processedHeaders.add(sct);
                        break;
                    }
                    case SAML_ASSERTION_ELEMENT: {
                        SAMLAssertion samlAssertion = new SAMLAssertion(message, context, null, (HashMap) currentParentNS);
                        processedHeaders.add(samlAssertion);
                        if (samlAssertion.isHOK()) {
                            if (!samlAssertion.validateSignature()) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1614_SAML_SIGNATURE_INVALID());
                                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION,
                                        LogStringsMessages.WSS_1614_SAML_SIGNATURE_INVALID(),
                                        new Exception(LogStringsMessages.WSS_1614_SAML_SIGNATURE_INVALID()));
                            }
                        }
                        samlAssertion.validate(context);
                        samlAssertion.getKey();
                        // Set in the extraneous property only if not already set
                        // workaround in the case where there are two HOK assertions in the request
                        if (context.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION) == null && samlAssertion.isHOK()) {
                            context.getExtraneousProperties().put(MessageConstants.INCOMING_SAML_ASSERTION, samlAssertion);
                        }
                        context.getInferredSecurityPolicy().append(samlAssertion.getPolicy());
                        if (context.isTrustMessage() && !context.isClient()) {
                            IssuedTokenContext ctx;
                            if (context.getTrustContext() == null) {
                                ctx = new IssuedTokenContextImpl();
                                ctx.setAuthnContextClass(MessageConstants.PREVIOUS_SESSION_AUTH_TYPE);
                                context.setTrustContext(ctx);
                            } else {
                                ctx = context.getTrustContext();
                                if (ctx.getAuthnContextClass() != null) {
                                    ctx.setAuthnContextClass(MessageConstants.PREVIOUS_SESSION_AUTH_TYPE);
                                    context.setTrustContext(ctx);
                                }
                            }
                        }
//                        } else if (!context.isTrustMessage()) {
//                            context.getInferredSecurityPolicy().append(samlAssertion.getPolicy());
//                        }


                        break;
                    }
                    case STR_ELEMENT: {
                        SecurityTokenProcessor str = new SecurityTokenProcessor(context, null);
                        str.resolveReference(message);
                        break;
                    }
                    default: {
                        // Throw Exception if an unrecognized Security Header is present
                        if (message.getEventType() == XMLStreamReader.START_ELEMENT
                                && getSecurityElementType() == -1) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1613_UNRECOGNIZED_SECURITY_ELEMENT(message.getLocalName()));
                            throw new XWSSecurityException(LogStringsMessages.WSS_1613_UNRECOGNIZED_SECURITY_ELEMENT(message.getLocalName()));
                        }
                    }
                }
                if (StreamUtil._break(message, MessageConstants.WSSE_SECURITY_LNAME, MessageConstants.WSSE_NS)) {
                    break;
                }
                eventType = getSecurityElementType();
                if (eventType == -1 && !StreamUtil.isStartElement(message)) {
                    if (StreamUtil._break(message, MessageConstants.WSSE_SECURITY_LNAME, MessageConstants.WSSE_NS)) {
                        break;
                    } else {
                        message.next();
                    }
                }
            }
            message.next();
        } catch (XMLStreamException ex) {
            //ex.printStackTrace();
            logger.log(Level.FINE, "Error occurred while reading SOAP Headers", ex);
            throw new XWSSecurityException(ex);
        } catch (XMLStreamBufferException ex) {
            //  ex.printStackTrace();
            logger.log(Level.FINE, "Error occurred while reading SOAP Headers", ex);
            throw new XWSSecurityException(ex);
        }
    }

View Full Code Here

                    }
                    if (refList.getPendingReferenceList().isEmpty()) {
                        pendingElement = null;
                    } else {
                        String uri = refList.getPendingReferenceList().get(0);
                        throw new XWSSecurityException("Reference with ID " + uri + " was not found in the message");
                    }


                }
            } catch (XMLStreamException e) {
                // TODO need to throw more meaningful exception
                throw new WebServiceException(e);
            } catch (XWSSecurityException xse) {
                throw new WebServiceException(xse);
            }
        }


        ArrayList clonedBufferedHeaders = (ArrayList) bufferedHeaders.clone();
        if (clonedBufferedHeaders.size() > 0) {
            for (int i = 0; i < clonedBufferedHeaders.size(); i++) {
                SecurityHeaderElement she = (SecurityHeaderElement) clonedBufferedHeaders.get(i);
                processSecurityHeader(she);
            }
        }
        if (processedHeaders.size() > 0) {
            for (int i = 0; i < processedHeaders.size(); i++) {
                SecurityHeaderElement she = (SecurityHeaderElement) processedHeaders.get(i);
                processProcessedHeaders(she);
            }
        }


        try {
            if (message == null) {
                message = getEmptyBody();
            }
        } catch (XMLStreamException xse) {
            throw new XWSSecurityException(xse);
        }


        Message streamMsg = null;
        AttachmentSet as = securityContext.getDecryptedAttachmentSet();
        if (as == null || as.isEmpty()) {
            as = securityContext.getAttachmentSet();
        }        
        if (!context.getDisablePayloadBuffering() && (!context.isSecure() || "Fault".equals(message.getLocalName()))) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Buffering Payload from incomming message");
            }
            VerifiedMessageXMLStreamReader verifiedReader = new VerifiedMessageXMLStreamReader(message, bodyENVNS);
            streamMsg = new VerifiedStreamMessage(envelopeTag, headerTag, as, headers, bodyTag, verifiedReader, soapVersion, this.bodyENVNS);
        } else {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Not Buffering Payload from incomming message");
            }
            // FIXME: RJE -- remove cast once StreamMessage constr can take MessageHeaders
            streamMsg = new StreamMessage(envelopeTag, headerTag, as, (HeaderList) headers, bodyTag, message, soapVersion);
        }
        context.setMessage(streamMsg);
        boolean scCancel = false;
        /*if(streamMsg.isFault())
        return streamMsg;*/
        if (context.getAddressingVersion() != null) {
            String action = AddressingUtils.getAction(streamMsg.getHeaders(), context.getAddressingVersion(), context.getSOAPVersion());


            if (MessageConstants.MEX_GET.equals(action)) {
                return streamMsg;
            }
            if (MessageConstants.CANCEL_SECURITY_CONTEXT_TOKEN_ACTION.equals(action) ||
                    MessageConstants.CANCEL_SECURITY_CONTEXT_TOKEN_RESPONSE_ACTION.equals(action)) {
                scCancel = true;
            }
        }
        SecurityPolicy msgPolicy =  context.getSecurityPolicy();


        //boolean isTrust = context.isTrustMessage();
        if (PolicyUtils.isEmpty(msgPolicy)) {
            PolicyResolver opResolver =
                    (PolicyResolver) context.getExtraneousProperty(context.OPERATION_RESOLVER);
            if (opResolver != null) {
                msgPolicy = opResolver.resolvePolicy(context);
            }
        }
        if (context.isSecure() && context.getInferredSecurityPolicy().isEmpty()) {
            if (PolicyUtils.isEmpty(msgPolicy) || context.isMissingTimestampAllowed()) {
                return streamMsg;
            } else {
                throw new XWSSecurityException("Security Requirements not met - No Security header in message");
            }
        }


        // for policy verification, replace target uris with qnames for signature and encryption targets
        try {
            MessagePolicy inferredMessagePolicy = context.getInferredSecurityPolicy();
            for (int i = 0; i < inferredMessagePolicy.size(); i++) {
                WSSPolicy wssPolicy = (WSSPolicy) inferredMessagePolicy.get(i);
                if (PolicyTypeUtil.signaturePolicy(wssPolicy)) {
                    SignaturePolicy.FeatureBinding fb = (SignaturePolicy.FeatureBinding) wssPolicy.getFeatureBinding();
                    ArrayList targets = fb.getTargetBindings();
                    // replace uri target types with qname target types
                    modifyTargets(targets);
                } else if (PolicyTypeUtil.encryptionPolicy(wssPolicy)) {
                    EncryptionPolicy.FeatureBinding fb = (EncryptionPolicy.FeatureBinding) wssPolicy.getFeatureBinding();
                    ArrayList targets = fb.getTargetBindings();
                    // replace uri target types with qname target types
                    modifyTargets(targets);
                }
            }


        } catch (Exception ex) {
            throw new XWSSecurityException(ex);
        }


        if (scCancel) {
            boolean securedBody = false;
            boolean allHeaders = false;
            try {
                MessagePolicy mp = context.getInferredSecurityPolicy();
                for (int i = 0; i < mp.size(); i++) {
                    WSSPolicy wp = (WSSPolicy) mp.get(i);
                    if (PolicyTypeUtil.encryptionPolicy(wp)) {
                        EncryptionPolicy ep = (EncryptionPolicy) wp;
                        ArrayList list = ((EncryptionPolicy.FeatureBinding) ep.getFeatureBinding()).getTargetBindings();
                        for (int ei = 0; ei < list.size(); ei++) {
                            EncryptionTarget et = (EncryptionTarget) list.get(ei);
                            if (et.getValue().equals(Target.BODY)) {
                                securedBody = true;
                            }
                        }
                    } else if (PolicyTypeUtil.signaturePolicy(wp)) {
                        SignaturePolicy sp = (SignaturePolicy) wp;
                        ArrayList list = ((SignaturePolicy.FeatureBinding) sp.getFeatureBinding()).getTargetBindings();
                        for (int ei = 0; ei < list.size(); ei++) {
                            SignatureTarget st = (SignatureTarget) list.get(ei);
                            //if(st.getValue() == Target.BODY){
                            if (st.getValue().equals(Target.BODY)) {
                                securedBody = true;
                            }
                        }
                        if (!allHeaders) {
                            allHeaders = areHeadersSecured(sp);
                        }
                    }
                }
            } catch (Exception ex) {
                throw new XWSSecurityException(ex);
            }


            if (!context.isSecure() && (!securedBody || !allHeaders)) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1602_SCCANCEL_SECURITY_UNCONFIGURED());
                throw new XWSSecurityException("Security Requirements not met");
            }
            return streamMsg;
        }


        if (context.getInferredSecurityPolicy() == null || context.getInferredSecurityPolicy().isEmpty()) {

View Full Code Here

    }


    @SuppressWarnings("unchecked")
    private void processProcessedHeaders(SecurityHeaderElement she) throws XWSSecurityException {
        if (she instanceof EncryptedData) {
            throw new XWSSecurityException("Error in Processing, EncryptedData inside procesesdHeaders, should never happen");
        } else if (she instanceof EncryptedKey) {
            EncryptedKey ek = (EncryptedKey) she;
            ArrayList<String> list = (ArrayList) ek.getPendingReferenceList();
            if (list != null && list.size() > 0) {
                throw new XWSSecurityException("Error in processing, ReferenceList inside EK should have been processed");
            }
        } else if (she instanceof ReferenceListHeader) {
            ReferenceListHeader refList = (ReferenceListHeader) she;
            if (refList.getPendingReferenceList() != null && refList.getPendingReferenceList().size() > 0) {
                throw new XWSSecurityException("Error in processing, references in ReferenceList not processed");
            }
        } else if (she instanceof Signature) {
            Signature sig = (Signature) she;
            if (sig.getReferences() != null && sig.getReferences().size() > 0) {
                throw new XWSSecurityException("Error in processing, references in Signature not processed");
            }
        }
    }

View Full Code Here

                    Attachment as = new AttachmentImpl(ed.getAttachmentContentId(), decryptedMimeData, ed.getAttachmentMimeType());
                    securityContext.getDecryptedAttachmentSet().add(as);
                }
            } catch (XMLStreamException ex) {
                logger.log(Level.SEVERE,LogStringsMessages.WSS_1615_ERROR_DECRYPTING_ENCRYPTED_DATA(),ex);
                throw new XWSSecurityException("Error occurred while decrypting EncryptedData with ID " + ed.getId(), ex);
            }
        } else if (she instanceof EncryptedKey) {
            EncryptedKey ek = (EncryptedKey) she;
            if (pendingElement == null) {
                pendingElement = ek;
            }
            addSecurityHeader(ek);
            ArrayList<String> list = (ArrayList) ek.getPendingReferenceList();
            if (list != null) {
                findAndReplaceED(list, ek);


                if (ek.getPendingReferenceList().size() > 0 && payLoadWsuId.length() > 0) {
                    if (ek.getPendingReferenceList().contains(payLoadWsuId)) {


                        EncryptedData ed;
                        try {
                            ed = new EncryptedData(message, context, bodyENVNS);
                            payLoadWsuId = ed.getId();
                            handlePayLoadED(ed);
                        } catch (XMLStreamException ex) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1615_ERROR_DECRYPTING_ENCRYPTED_DATA(), ex);
                            throw new XWSSecurityException("Error occurred while parsing EncryptedData" + ex);
                        }
                        ek.getPendingReferenceList().remove(payLoadWsuId);
                    }
                }
                if (!ek.getPendingReferenceList().isEmpty()) {
                    throw new XWSSecurityException("Data  Reference under EncryptedKey with ID " + ek.getId() + " is not found");
                } else {
                    pendingElement = null;
                    bufferedHeaders.remove(ek);
                    addSecurityHeader(ek);
                }
            }
        } else if (she instanceof ReferenceListHeader) {
            ReferenceListHeader refList = (ReferenceListHeader) she;
            if (refList.getPendingReferenceList().contains(payLoadWsuId)) {
                try {
                    EncryptedData ed = new EncryptedData(message, context, bodyENVNS);


                    //for policy verification
                    refList.getPolicy().setKeyBinding(ed.getInferredKB());
                    //
                    payLoadWsuId = ed.getId();
                    handlePayLoadED(ed);
                    refList.getPendingReferenceList().remove(payLoadWsuId);
                    cachePayLoadId();
                    payLoadEncId = ed.getId();
                } catch (XMLStreamException ex) {
                    throw new XWSSecurityException("Error occurred while processing EncryptedData", ex);
                }
            }
            if (refList.getPendingReferenceList().size() > 0) {
                findAndReplaceED((ArrayList<String>) refList.getPendingReferenceList(), refList);
            }
            if (refList.getPendingReferenceList().size() > 0) {
                String uri = refList.getPendingReferenceList().get(0);
                throw new XWSSecurityException("Reference with ID " + uri + " was not found in the message");
            }
        } else {
            throw new XWSSecurityException("Need to support this header, please file a bug." + she);
        }
    }

View Full Code Here

        }
        if (payLoadWsuId.length() > 0) {
            payLoadRef = sig.removeReferenceWithID("#" + payLoadWsuId);
        }
        if (bodyRef != null && payLoadRef != null) {
            throw new XWSSecurityException("Does not support signing of Body and PayLoad together");
        }


        boolean validated = false;
        try {
            validated = sig.validate();
        } catch (XWSSecurityException xe) {
            throw new WebServiceException(xe);
        }
        if (!validated) {
            ArrayList<com.sun.xml.ws.security.opt.crypto.dsig.Reference> refs = sig.getReferences();
            if (refs != null && refs.size() > 0) {
                throw new WebServiceException("Could not find Reference " + refs.get(0).getURI() + " under Signature with ID" + sig.getId());
            } else {
                throw new XWSSecurityException("Verification of Signature with ID  " + sig.getId() + " failed, possible cause : proper canonicalized" +
                        "signedinfo was not produced.");
            }
        } else {
            if (bodyRef != null) {
                message = sig.wrapWithDigester(bodyRef, message, bodyPrologue, bodyEpilogue, bodyTag, parentNSOnEnvelope, false);

View Full Code Here

                findAndReplaceED((ArrayList<String>) ek.getPendingReferenceList(), ek);
                if (ek.getPendingReferenceList().isEmpty()) {
                    pendingElement = null;
                } else {
                    String uri = ek.getPendingReferenceList().get(0);
                    throw new XWSSecurityException("Could not find Reference " + uri + " under EncryptedKey with ID" + ek.getId());
                }
            }
        } else {
            message = ed.getDecryptedData();
            if (message != null && message.hasNext()) {

View Full Code Here

            for (int j = 0; j < processedHeaders.size(); j++) {
                SecurityHeaderElement header = (SecurityHeaderElement) processedHeaders.get(j);
                if (id.equals(header.getId())) {
                    if (header instanceof EncryptedData) {
                        found = true;
                        throw new XWSSecurityException("EncryptedKey or ReferenceList must appear before EncryptedData element with ID" + header.getId());
                    }
                }
            }
            if (found) {
                continue;
            }
            for (int j = 0; j < bufferedHeaders.size(); j++) {
                SecurityHeaderElement header = (SecurityHeaderElement) bufferedHeaders.get(j);
                if (id.equals(header.getId())) {
                    if (header instanceof EncryptedData) {
                        EncryptedData ed = (EncryptedData) header;
                        if (!ed.hasCipherReference()) {
                            XMLStreamReader decryptedData = null;
                            try {
                                if (ek != null) {
                                    if (ek.getPolicy() != null) {
                                        //for policy verification
                                        ek.getPolicy().setKeyBinding(ek.getInferredKB());
                                    }
                                    decryptedData = ed.getDecryptedData(ek.getKey(ed.getEncryptionAlgorithm()));
                                } else if (rlh != null) {
                                    rlh.getPolicy().setKeyBinding(ed.getInferredKB());
                                    decryptedData = ed.getDecryptedData();
                                } else {
                                    throw new XWSSecurityException("Internal Error: Both EncryptedKey and ReferenceList are set to null");
                                }




                                SecurityHeaderProcessor shp = new SecurityHeaderProcessor(context, envshNS, staxIF, creator);
                                if (decryptedData.getEventType() != XMLStreamReader.START_ELEMENT) {
                                    StreamUtil.moveToNextElement(decryptedData);
                                }
                                SecurityHeaderElement she = shp.createHeader(decryptedData);
                                edList.remove(ed.getId());
                                encIds.put(ed.getId(), she.getId());
                                edAlgos.put(ed.getId(), ed.getEncryptionAlgorithm());
                                bufferedHeaders.set(i, she);
                            } catch (XMLStreamException ex) {
                                logger.log(Level.SEVERE,LogStringsMessages.WSS_1615_ERROR_DECRYPTING_ENCRYPTED_DATA(), ex);
                                throw new XWSSecurityException("Error occurred while decrypting EncryptedData with ID " + ed.getId(), ex);
                            }
                        } else {
                            // handle encrypted attachment here
                            byte[] decryptedMimeData = null;
                            if (ek != null) {
                                decryptedMimeData = ed.getDecryptedMimeData(ek.getKey(ed.getEncryptionAlgorithm()));
                            } else if (rlh != null) {
                                decryptedMimeData = ed.getDecryptedMimeData();
                            } else {
                                throw new XWSSecurityException("Internal Error: Both EncryptedKey and ReferenceList are set to null");
                            }
                            Attachment as = new AttachmentImpl(ed.getAttachmentContentId(), decryptedMimeData, ed.getAttachmentMimeType());
                            securityContext.getDecryptedAttachmentSet().add(as);
                            edList.remove(ed.getId());
                        }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of com.sun.xml.wss.XWSSecurityException

com.sun.xml.rpc.security.SecurityPluginUtil

com.sun.xml.ws.security.impl.IssuedTokenContextImpl

com.sun.xml.ws.security.impl.kerberos.KerberosLogin

com.sun.xml.ws.security.opt.impl.crypto.JAXBDataImpl

com.sun.xml.ws.security.opt.impl.dsig.DSigResolver

com.sun.xml.ws.security.opt.impl.dsig.SignatureElementFactory

com.sun.xml.ws.security.opt.impl.incoming.DerivedKeyToken

com.sun.xml.ws.security.opt.impl.incoming.EncryptedData

com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey

com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.