Examples with Base64DecodingException org.apache.xml.security.exceptions.Base64DecodingException used on opensource projects

Example 6 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project santuario-java by apache.

the class Base64 method decode.

/**
 * Decodes Base64 data into  outputstream
 *
 * @param is containing Base64 data
 * @param os the outputstream
 * @throws IOException
 * @throws Base64DecodingException
 */
public static final void decode(InputStream is, OutputStream os) throws Base64DecodingException, IOException {
    // byte decodedData[] = null;
    byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
    int index = 0;
    byte[] data = new byte[4];
    int read;
    // the begin
    while ((read = is.read()) > 0) {
        byte readed = (byte) read;
        if (isWhiteSpace(readed)) {
            continue;
        }
        if (isPad(readed)) {
            data[index++] = readed;
            if (index == 3) {
                data[index++] = (byte) is.read();
            }
            break;
        }
        if ((data[index++] = readed) == -1) {
            // if found "no data" just return null
            throw new Base64DecodingException("decoding.general");
        }
        if (index != 4) {
            continue;
        }
        index = 0;
        b1 = base64Alphabet[data[0]];
        b2 = base64Alphabet[data[1]];
        b3 = base64Alphabet[data[2]];
        b4 = base64Alphabet[data[3]];
        os.write((byte) (b1 << 2 | b2 >> 4));
        os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        os.write((byte) (b3 << 6 | b4));
    }
    byte d1 = data[0], d2 = data[1], d3 = data[2], d4 = data[3];
    b1 = base64Alphabet[d1];
    b2 = base64Alphabet[d2];
    b3 = base64Alphabet[d3];
    b4 = base64Alphabet[d4];
    if (b3 == -1 || b4 == -1) {
        // Check if they are PAD characters
        if (isPad(d3) && isPad(d4)) {
            // Two PAD e.g. 3c[Pad][Pad]
            if ((b2 & 0xf) != 0) {
                // last 4 bits should be zero
                throw new Base64DecodingException("decoding.general");
            }
            os.write((byte) (b1 << 2 | b2 >> 4));
        } else if (!isPad(d3) && isPad(d4)) {
            // One PAD  e.g. 3cQ[Pad]
            b3 = base64Alphabet[d3];
            if ((b3 & 0x3) != 0) {
                // last 2 bits should be zero
                throw new Base64DecodingException("decoding.general");
            }
            os.write((byte) (b1 << 2 | b2 >> 4));
            os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        } else {
            // an error  like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
            throw new Base64DecodingException("decoding.general");
        }
    } else {
        // No PAD e.g 3cQl
        os.write((byte) (b1 << 2 | b2 >> 4));
        os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
        os.write((byte) (b3 << 6 | b4));
    }
}

Example 7 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.

the class UsernameTokenInterceptor method processToken.

protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
        return;
    }
    boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
            try {
                boolean bspCompliant = isWsiBSPCompliant(message);
                boolean allowNSPasswdTypes = allowNamespaceQualifiedPWDTypes(message);
                Principal principal;
                Subject subject = null;
                Object transformedToken = null;
                if (utWithCallbacks) {
                    final WSSecurityEngineResult result = validateToken(child, message);
                    subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
                    transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                    principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    if (principal == null) {
                        principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    }
                } else {
                    principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    WSS4JTokenConverter.convertToken(message, principal);
                }
                SecurityContext sc = message.get(SecurityContext.class);
                if (sc == null || sc.getUserPrincipal() == null) {
                    if (transformedToken instanceof SamlAssertionWrapper) {
                        message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
                    } else if (subject != null && principal != null) {
                        message.put(SecurityContext.class, createSecurityContext(principal, subject));
                    } else {
                        UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
                        String nonce = null;
                        if (utPrincipal.getNonce() != null) {
                            nonce = XMLUtils.encodeToString(utPrincipal.getNonce());
                        }
                        subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
                        message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
                    }
                }
                if (principal instanceof UsernameTokenPrincipal) {
                    storeResults((UsernameTokenPrincipal) principal, subject, message);
                }
            } catch (WSSecurityException | Base64DecodingException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}

Example 8 with Base64DecodingException

use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.

the class UsernameTokenInterceptor method validateToken.

protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
    boolean bspCompliant = isWsiBSPCompliant(message);
    boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
    UsernameTokenProcessor p = new UsernameTokenProcessor();
    RequestData data = new CXFRequestData();
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    try {
        data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    data.setMsgContext(message);
    // Configure replay caching
    ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    data.setNonceReplayCache(nonceCache);
    data.setAllowUsernameTokenNoPassword(allowNoPassword);
    data.setWssConfig(WSSConfig.getNewInstance());
    if (!bspCompliant) {
        data.setDisableBSPEnforcement(true);
    }
    data.setMsgContext(message);
    WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
    data.setWsDocInfo(wsDocInfo);
    try {
        List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
        return results.get(0);
    } catch (WSSecurityException ex) {
        throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
    }
}