use of org.apache.xml.security.exceptions.Base64DecodingException in project santuario-java by apache.
the class Base64 method decode.
/**
* Decodes Base64 data into outputstream
*
* @param is containing Base64 data
* @param os the outputstream
* @throws IOException
* @throws Base64DecodingException
*/
public static final void decode(InputStream is, OutputStream os) throws Base64DecodingException, IOException {
// byte decodedData[] = null;
byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
int index = 0;
byte[] data = new byte[4];
int read;
// the begin
while ((read = is.read()) > 0) {
byte readed = (byte) read;
if (isWhiteSpace(readed)) {
continue;
}
if (isPad(readed)) {
data[index++] = readed;
if (index == 3) {
data[index++] = (byte) is.read();
}
break;
}
if ((data[index++] = readed) == -1) {
// if found "no data" just return null
throw new Base64DecodingException("decoding.general");
}
if (index != 4) {
continue;
}
index = 0;
b1 = base64Alphabet[data[0]];
b2 = base64Alphabet[data[1]];
b3 = base64Alphabet[data[2]];
b4 = base64Alphabet[data[3]];
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
os.write((byte) (b3 << 6 | b4));
}
byte d1 = data[0], d2 = data[1], d3 = data[2], d4 = data[3];
b1 = base64Alphabet[d1];
b2 = base64Alphabet[d2];
b3 = base64Alphabet[d3];
b4 = base64Alphabet[d4];
if (b3 == -1 || b4 == -1) {
// Check if they are PAD characters
if (isPad(d3) && isPad(d4)) {
// Two PAD e.g. 3c[Pad][Pad]
if ((b2 & 0xf) != 0) {
// last 4 bits should be zero
throw new Base64DecodingException("decoding.general");
}
os.write((byte) (b1 << 2 | b2 >> 4));
} else if (!isPad(d3) && isPad(d4)) {
// One PAD e.g. 3cQ[Pad]
b3 = base64Alphabet[d3];
if ((b3 & 0x3) != 0) {
// last 2 bits should be zero
throw new Base64DecodingException("decoding.general");
}
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
} else {
// an error like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
throw new Base64DecodingException("decoding.general");
}
} else {
// No PAD e.g 3cQl
os.write((byte) (b1 << 2 | b2 >> 4));
os.write((byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
os.write((byte) (b3 << 6 | b4));
}
}
use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.
the class UsernameTokenInterceptor method processToken.
protected void processToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
Element el = (Element) h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
try {
boolean bspCompliant = isWsiBSPCompliant(message);
boolean allowNSPasswdTypes = allowNamespaceQualifiedPWDTypes(message);
Principal principal;
Subject subject = null;
Object transformedToken = null;
if (utWithCallbacks) {
final WSSecurityEngineResult result = validateToken(child, message);
subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principal == null) {
principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
}
} else {
principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
WSS4JTokenConverter.convertToken(message, principal);
}
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
if (transformedToken instanceof SamlAssertionWrapper) {
message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
} else if (subject != null && principal != null) {
message.put(SecurityContext.class, createSecurityContext(principal, subject));
} else {
UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
String nonce = null;
if (utPrincipal.getNonce() != null) {
nonce = XMLUtils.encodeToString(utPrincipal.getNonce());
}
subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
}
}
if (principal instanceof UsernameTokenPrincipal) {
storeResults((UsernameTokenPrincipal) principal, subject, message);
}
} catch (WSSecurityException | Base64DecodingException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
use of org.apache.xml.security.exceptions.Base64DecodingException in project cxf by apache.
the class UsernameTokenInterceptor method validateToken.
protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
boolean bspCompliant = isWsiBSPCompliant(message);
boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
UsernameTokenProcessor p = new UsernameTokenProcessor();
RequestData data = new CXFRequestData();
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
data.setMsgContext(message);
// Configure replay caching
ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
data.setNonceReplayCache(nonceCache);
data.setAllowUsernameTokenNoPassword(allowNoPassword);
data.setWssConfig(WSSConfig.getNewInstance());
if (!bspCompliant) {
data.setDisableBSPEnforcement(true);
}
data.setMsgContext(message);
WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
data.setWsDocInfo(wsDocInfo);
try {
List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
return results.get(0);
} catch (WSSecurityException ex) {
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
Aggregations