Examples with WSSecurityException org.apache.wss4j.common.ext.WSSecurityException used on opensource projects

Example 66 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project cxf by apache.

the class XmlEncOutInterceptor method encryptSymmetricKey.

// Apache Security XMLCipher does not support
// Certificates for encrypting the keys
protected byte[] encryptSymmetricKey(byte[] keyBytes, X509Certificate remoteCert, String keyEncAlgo, String digestAlgo) throws WSSecurityException {
    Cipher cipher = EncryptionUtils.initCipherWithCert(keyEncAlgo, digestAlgo, Cipher.ENCRYPT_MODE, remoteCert);
    int blockSize = cipher.getBlockSize();
    if (blockSize > 0 && blockSize < keyBytes.length) {
        String message = "Public key algorithm too weak to encrypt symmetric key";
        LOG.severe(message);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyTransp", new Object[] { message });
    }
    final byte[] encryptedEphemeralKey;
    try {
        encryptedEphemeralKey = cipher.doFinal(keyBytes);
    } catch (IllegalStateException | IllegalBlockSizeException | BadPaddingException ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, ex);
    }
    return encryptedEphemeralKey;
}

Example 67 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project cxf by apache.

the class XmlEncOutInterceptor method createKeyInfoElement.

private Element createKeyInfoElement(Document encryptedDataDoc, X509Certificate remoteCert) throws Exception {
    Element keyInfoElement = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
    String keyIdType = encProps.getEncryptionKeyIdType() == null ? RSSecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
    final Node keyIdentifierNode;
    if (keyIdType.equals(RSSecurityUtils.X509_CERT)) {
        final byte[] data;
        try {
            data = remoteCert.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
        }
        Text text = encryptedDataDoc.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(data));
        Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
        cert.appendChild(text);
        Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
        x509Data.appendChild(cert);
        keyIdentifierNode = x509Data;
    } else if (keyIdType.equals(RSSecurityUtils.X509_ISSUER_SERIAL)) {
        String issuer = remoteCert.getIssuerDN().getName();
        java.math.BigInteger serialNumber = remoteCert.getSerialNumber();
        DOMX509IssuerSerial domIssuerSerial = new DOMX509IssuerSerial(encryptedDataDoc, issuer, serialNumber);
        DOMX509Data domX509Data = new DOMX509Data(encryptedDataDoc, domIssuerSerial);
        keyIdentifierNode = domX509Data.getElement();
    } else {
        throw new Exception("Unsupported key identifier:" + keyIdType);
    }
    keyInfoElement.appendChild(keyIdentifierNode);
    return keyInfoElement;
}

Example 68 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project cxf by apache.

the class XmlSecInInterceptor method checkSignatureTrust.

private void checkSignatureTrust(Crypto sigCrypto, Message msg, TokenSecurityEvent<?> event) throws XMLSecurityException {
    SecurityToken token = event.getSecurityToken();
    if (token != null) {
        X509Certificate[] certs = token.getX509Certificates();
        if (certs == null && token.getPublicKey() == null && token instanceof KeyNameSecurityToken) {
            certs = getX509CertificatesForKeyName(sigCrypto, msg, (KeyNameSecurityToken) token);
        }
        PublicKey publicKey = token.getPublicKey();
        X509Certificate cert = null;
        if (certs != null && certs.length > 0) {
            cert = certs[0];
        }
        // validate trust
        try {
            new TrustValidator().validateTrust(sigCrypto, cert, publicKey, getSubjectContraints(msg));
        } catch (WSSecurityException e) {
            String error = "Signature validation failed";
            throw new XMLSecurityException("empty", new Object[] { error });
        }
        if (persistSignature) {
            msg.setContent(X509Certificate.class, cert);
        }
    }
}

Example 69 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project cxf by apache.

the class EncryptionUtils method initXMLCipher.

public static XMLCipher initXMLCipher(String symEncAlgo, int mode, Key key) throws WSSecurityException {
    try {
        XMLCipher cipher = XMLCipher.getInstance(symEncAlgo);
        cipher.setSecureValidation(true);
        cipher.init(mode, key);
        return cipher;
    } catch (XMLEncryptionException ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
    }
}

Example 70 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project cxf by apache.

the class AbstractSamlInHandler method createKeyInfoFromDefaultAlias.

protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException {
    try {
        X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto, sigCrypto.getDefaultX509Identifier());
        SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[] { certs[0] });
        samlKeyInfo.setPublicKey(certs[0].getPublicKey());
        return samlKeyInfo;
    } catch (Exception ex) {
        LOG.log(Level.FINE, "Error in loading the certificates: " + ex.getMessage(), ex);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex);
    }
}