Search in sources :

Example 6 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project santuario-java by apache.

the class Base64 method decode.

/**
 * Decodes Base64 data into  outputstream
 *
 * @param is containing Base64 data
 * @param os the outputstream
 * @throws IOException
 * @throws Base64DecodingException
 */
public static final void decode(InputStream is, OutputStream os) throws Base64DecodingException, IOException {
    // byte decodedData[] = null;
    byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
    int index = 0;
    byte[] data = new byte[4];
    int read;
    // the begin
    while ((read = is.read()) > 0) {
        byte readed = (byte) read;
        if (isWhiteSpace(readed)) {
            continue;
        }
        if (isPad(readed)) {
            data[index++] = readed;
            if (index == 3) {
                data[index++] = (byte) is.read();
            }
            break;
        }
        if ((data[index++] = readed) == -1) {
            // if found "no data" just return null
            throw new Base64DecodingException("decoding.general");
        }
        if (index != 4) {
            continue;
        }
        index = 0;
        b1 = base64Alphabet[data[0]];
        b2 = base64Alphabet[data[1]];
        b3 = base64Alphabet[data[2]];
        b4 = base64Alphabet[data[3]];
        os.write((byte) (b1 << 2 | b2 >> 4));
        os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        os.write((byte) (b3 << 6 | b4));
    }
    byte d1 = data[0], d2 = data[1], d3 = data[2], d4 = data[3];
    b1 = base64Alphabet[d1];
    b2 = base64Alphabet[d2];
    b3 = base64Alphabet[d3];
    b4 = base64Alphabet[d4];
    if (b3 == -1 || b4 == -1) {
        // Check if they are PAD characters
        if (isPad(d3) && isPad(d4)) {
            // Two PAD e.g. 3c[Pad][Pad]
            if ((b2 & 0xf) != 0) {
                // last 4 bits should be zero
                throw new Base64DecodingException("decoding.general");
            }
            os.write((byte) (b1 << 2 | b2 >> 4));
        } else if (!isPad(d3) && isPad(d4)) {
            // One PAD  e.g. 3cQ[Pad]
            b3 = base64Alphabet[d3];
            if ((b3 & 0x3) != 0) {
                // last 2 bits should be zero
                throw new Base64DecodingException("decoding.general");
            }
            os.write((byte) (b1 << 2 | b2 >> 4));
            os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        } else {
            // an error  like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
            throw new Base64DecodingException("decoding.general");
        }
    } else {
        // No PAD e.g 3cQl
        os.write((byte) (b1 << 2 | b2 >> 4));
        os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        os.write((byte) (b3 << 6 | b4));
    }
}
Also used : Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)

Example 7 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.

the class UsernameTokenInterceptor method processToken.

protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
        return;
    }
    boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
            try {
                boolean bspCompliant = isWsiBSPCompliant(message);
                boolean allowNSPasswdTypes = allowNamespaceQualifiedPWDTypes(message);
                Principal principal;
                Subject subject = null;
                Object transformedToken = null;
                if (utWithCallbacks) {
                    final WSSecurityEngineResult result = validateToken(child, message);
                    subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
                    transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                    principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    if (principal == null) {
                        principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    }
                } else {
                    principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    WSS4JTokenConverter.convertToken(message, principal);
                }
                SecurityContext sc = message.get(SecurityContext.class);
                if (sc == null || sc.getUserPrincipal() == null) {
                    if (transformedToken instanceof SamlAssertionWrapper) {
                        message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
                    } else if (subject != null && principal != null) {
                        message.put(SecurityContext.class, createSecurityContext(principal, subject));
                    } else {
                        UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
                        String nonce = null;
                        if (utPrincipal.getNonce() != null) {
                            nonce = XMLUtils.encodeToString(utPrincipal.getNonce());
                        }
                        subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
                        message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
                    }
                }
                if (principal instanceof UsernameTokenPrincipal) {
                    storeResults((UsernameTokenPrincipal) principal, subject, message);
                }
            } catch (WSSecurityException | Base64DecodingException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}
Also used : Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Fault(org.apache.cxf.interceptor.Fault) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) Subject(javax.security.auth.Subject) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) Header(org.apache.cxf.headers.Header) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Example 8 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.

the class UsernameTokenInterceptor method validateToken.

protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
    boolean bspCompliant = isWsiBSPCompliant(message);
    boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
    UsernameTokenProcessor p = new UsernameTokenProcessor();
    RequestData data = new CXFRequestData();
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    try {
        data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    data.setMsgContext(message);
    // Configure replay caching
    ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    data.setNonceReplayCache(nonceCache);
    data.setAllowUsernameTokenNoPassword(allowNoPassword);
    data.setWssConfig(WSSConfig.getNewInstance());
    if (!bspCompliant) {
        data.setDisableBSPEnforcement(true);
    }
    data.setMsgContext(message);
    WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
    data.setWsDocInfo(wsDocInfo);
    try {
        List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
        return results.get(0);
    } catch (WSSecurityException ex) {
        throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
    }
}
Also used : UsernameTokenProcessor(org.apache.wss4j.dom.processor.UsernameTokenProcessor) WSDocInfo(org.apache.wss4j.dom.WSDocInfo) ReplayCache(org.apache.wss4j.common.cache.ReplayCache) RequestData(org.apache.wss4j.dom.handler.RequestData) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

Base64DecodingException (org.apache.xml.security.exceptions.Base64DecodingException)8 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2 Element (org.w3c.dom.Element)2 AWSCredentials (com.amazonaws.auth.AWSCredentials)1 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1 AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)1 DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteBuffer (java.nio.ByteBuffer)1 Principal (java.security.Principal)1 Certificate (java.security.cert.Certificate)1 CertificateException (java.security.cert.CertificateException)1 CertificateFactory (java.security.cert.CertificateFactory)1 Subject (javax.security.auth.Subject)1 JAXBElement (javax.xml.bind.JAXBElement)1 XmlAnyElement (javax.xml.bind.annotation.XmlAnyElement)1 Header (org.apache.cxf.headers.Header)1 Fault (org.apache.cxf.interceptor.Fault)1 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1