Example 1 with Base64DecodingException
use of org.apache.xml.security.exceptions.Base64DecodingException in project midpoint by Evolveum.
the class ProtectedDataType method convertXmlEncToEncryptedDate.
private EncryptedDataType convertXmlEncToEncryptedDate(Element eEncryptedData) {
EncryptedDataType encryptedDataType = new EncryptedDataType();
Element eEncryptionMethod = DOMUtil.getChildElement(eEncryptedData, F_XML_ENC_ENCRYPTION_METHOD);
if (eEncryptionMethod != null) {
String algorithm = eEncryptionMethod.getAttribute(ATTRIBUTE_XML_ENC_ALGORITHM);
EncryptionMethodType encryptionMethodType = new EncryptionMethodType();
encryptionMethodType.setAlgorithm(algorithm);
encryptedDataType.setEncryptionMethod(encryptionMethodType);
}
Element eKeyInfo = DOMUtil.getChildElement(eEncryptedData, F_XML_DSIG_KEY_INFO);
if (eKeyInfo != null) {
KeyInfoType keyInfoType = new KeyInfoType();
encryptedDataType.setKeyInfo(keyInfoType);
Element eKeyName = DOMUtil.getChildElement(eKeyInfo, F_XML_DSIG_KEY_NAME);
if (eKeyName != null) {
keyInfoType.setKeyName(eKeyName.getTextContent());
}
}
Element eCipherData = DOMUtil.getChildElement(eEncryptedData, F_XML_ENC_CIPHER_DATA);
if (eCipherData != null) {
CipherDataType cipherDataType = new CipherDataType();
encryptedDataType.setCipherData(cipherDataType);
Element eCipherValue = DOMUtil.getChildElement(eCipherData, F_XML_ENC_CIPHER_VALUE);
if (eCipherValue != null) {
String cipherValue = eCipherValue.getTextContent();
byte[] cipherValueBytes;
try {
cipherValueBytes = Base64.decode(cipherValue);
} catch (Base64DecodingException e) {
throw new IllegalArgumentException("Bad base64 encoding in CipherValue element: " + e.getMessage(), e);
}
cipherDataType.setCipherValue(cipherValueBytes);
}
}
return encryptedDataType;
}
Also used :
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
XmlAnyElement(javax.xml.bind.annotation.XmlAnyElement)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
Example 2 with Base64DecodingException
use of org.apache.xml.security.exceptions.Base64DecodingException in project santuario-java by apache.
the class Base64 method decode.
protected static final void decode(byte[] base64Data, OutputStream os, int len) throws Base64DecodingException, IOException {
// remove white spaces
if (len == -1) {
len = removeWhiteSpace(base64Data);
}
if (len % FOURBYTE != 0) {
throw new Base64DecodingException("decoding.divisible.four");
// should be divisible by four
}
int numberQuadruple = len / FOURBYTE;
if (numberQuadruple == 0) {
return;
}
// byte decodedData[] = null;
byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
int i = 0;
int dataIndex = 0;
// the begin
for (i = numberQuadruple - 1; i > 0; i--) {
b1 = base64Alphabet[base64Data[dataIndex++]];
b2 = base64Alphabet[base64Data[dataIndex++]];
b3 = base64Alphabet[base64Data[dataIndex++]];
b4 = base64Alphabet[base64Data[dataIndex++]];
if (b1 == -1 || b2 == -1 || b3 == -1 || b4 == -1) {
// if found "no data" just return null
throw new Base64DecodingException("decoding.general");
}
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
os.write((byte) (b3 << 6 | b4));
}
b1 = base64Alphabet[base64Data[dataIndex++]];
b2 = base64Alphabet[base64Data[dataIndex++]];
// first last bits.
if (b1 == -1 || b2 == -1) {
// if found "no data" just return null
throw new Base64DecodingException("decoding.general");
}
byte d3, d4;
b3 = base64Alphabet[d3 = base64Data[dataIndex++]];
b4 = base64Alphabet[d4 = base64Data[dataIndex++]];
if (b3 == -1 || b4 == -1) {
// Check if they are PAD characters
if (isPad(d3) && isPad(d4)) {
// Two PAD e.g. 3c[Pad][Pad]
if ((b2 & 0xf) != 0) {
// last 4 bits should be zero
throw new Base64DecodingException("decoding.general");
}
os.write((byte) (b1 << 2 | b2 >> 4));
} else if (!isPad(d3) && isPad(d4)) {
// One PAD e.g. 3cQ[Pad]
if ((b3 & 0x3) != 0) {
// last 2 bits should be zero
throw new Base64DecodingException("decoding.general");
}
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
} else {
// an error like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
throw new Base64DecodingException("decoding.general");
}
} else {
// No PAD e.g 3cQl
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
os.write((byte) (b3 << 6 | b4));
}
}
Also used :
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
Example 3 with Base64DecodingException
use of org.apache.xml.security.exceptions.Base64DecodingException in project testcases by coheigea.
the class KMSPasswordEncryptor method decrypt.
@Override
public String decrypt(String encryptedPassword) {
final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AWSKMSClient kms = new AWSKMSClient(creds);
kms.setEndpoint(endpoint);
try {
byte[] encryptedBytes = Base64.decode(encryptedPassword);
ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes);
DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
return new String(key);
} catch (Base64DecodingException ex) {
return null;
}
}
Also used :
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
ByteBuffer(java.nio.ByteBuffer)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
Example 4 with Base64DecodingException
use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.
the class UsernameTokenInterceptor method processToken.
protected void processToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
Element el = (Element) h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
try {
boolean bspCompliant = isWsiBSPCompliant(message);
Principal principal = null;
Subject subject = null;
Object transformedToken = null;
if (utWithCallbacks) {
final WSSecurityEngineResult result = validateToken(child, message);
subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principal == null) {
principal = parseTokenAndCreatePrincipal(child, bspCompliant);
}
} else {
principal = parseTokenAndCreatePrincipal(child, bspCompliant);
WSS4JTokenConverter.convertToken(message, principal);
}
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
if (transformedToken instanceof SamlAssertionWrapper) {
message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
} else if (subject != null && principal != null) {
message.put(SecurityContext.class, createSecurityContext(principal, subject));
} else {
UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
String nonce = null;
if (utPrincipal.getNonce() != null) {
nonce = Base64.getMimeEncoder().encodeToString(utPrincipal.getNonce());
}
subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
}
}
if (principal instanceof UsernameTokenPrincipal) {
storeResults((UsernameTokenPrincipal) principal, subject, message);
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
} catch (Base64DecodingException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Also used :
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Fault(org.apache.cxf.interceptor.Fault)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Subject(javax.security.auth.Subject)
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
Header(org.apache.cxf.headers.Header)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)
Example 5 with Base64DecodingException
use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.
the class UsernameTokenInterceptor method validateToken.
protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
boolean bspCompliant = isWsiBSPCompliant(message);
boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
UsernameTokenProcessor p = new UsernameTokenProcessor();
RequestData data = new CXFRequestData();
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
data.setMsgContext(message);
// Configure replay caching
ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
data.setNonceReplayCache(nonceCache);
data.setAllowUsernameTokenNoPassword(allowNoPassword);
data.setWssConfig(WSSConfig.getNewInstance());
if (!bspCompliant) {
data.setDisableBSPEnforcement(true);
}
data.setMsgContext(message);
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
data.setWsDocInfo(wsDocInfo);
try {
List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
return results.get(0);
} catch (WSSecurityException ex) {
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
Also used :
UsernameTokenProcessor(org.apache.wss4j.dom.processor.UsernameTokenProcessor)
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
ReplayCache(org.apache.wss4j.common.cache.ReplayCache)
RequestData(org.apache.wss4j.dom.handler.RequestData)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Aggregations
Base64DecodingException (org.apache.xml.security.exceptions.Base64DecodingException)7
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2
Element (org.w3c.dom.Element)2
AWSCredentials (com.amazonaws.auth.AWSCredentials)1
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1
AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)1
DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)1
ByteBuffer (java.nio.ByteBuffer)1
Principal (java.security.Principal)1
Subject (javax.security.auth.Subject)1
JAXBElement (javax.xml.bind.JAXBElement)1
XmlAnyElement (javax.xml.bind.annotation.XmlAnyElement)1
Header (org.apache.cxf.headers.Header)1
Fault (org.apache.cxf.interceptor.Fault)1
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)1
ReplayCache (org.apache.wss4j.common.cache.ReplayCache)1
