Examples of RelyingPartyException

org.wso2.carbon.identity.relyingparty.RelyingPartyException

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

      // Decrypt element
      return this.decryptElement(serviceKey, encryptedTokenElem);


    } catch (Exception e) {
      log.error("Failed in decryption", e);
      throw new RelyingPartyException("verificationFailure", e);
    }
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

          || version.equals(IdentityConstants.SAML11_URL)) {
        holder = new SAML1TokenHolder(decryptedElem);
      } else if (version.equals(IdentityConstants.SAML20_URL)) {
        holder = new SAML2TokenHolder(decryptedElem);
      } else {
        throw new RelyingPartyException("invalidTokenType");
      }


      issuerName = holder.getIssuerName();
      if (issuerName == null) {
        throw new RelyingPartyException("issuerIsNull");
      }


      Signature sig = holder.getSAMLSignature();
      X509CredentialImpl credential = null;


      if (issuerName.equals(IdentityConstants.SELF_ISSUED_ISSUER)) {
        credential = (X509CredentialImpl) X509CredentialUtil
            .loadCredentialFromSignature(sig);
        this.keyInfoElement = sig.getKeyInfo().getDOM();
      } else {


        String validationPolicy = rpData.getValidatePolicy();


        String alias = null;
        URI uri = new URI(issuerName);
        alias = uri.getHost();


        KeyStore trustStore = rpData.getTrustStore();
        KeyStore systemStore = rpData.getSystemStore();


        if (trustStore != null && alias != null) {
          credential = (X509CredentialImpl) X509CredentialUtil
              .loadCredentialFromTrustStore(alias, trustStore);
        }


        boolean isLoadedFromMessage = false;
        if (credential == null) {
          credential = (X509CredentialImpl) X509CredentialUtil
              .loadCredentialFromSignature(sig);


          if (credential == null)
            throw new RelyingPartyException("credentialIsNull");


          isLoadedFromMessage = true;
        }


        if (!validationPolicy.equals(TokenVerifierConstants.PROMISCUOUS)) {


          this.signingCert = credential.getSigningCert();


          if (signingCert == null)
            throw new RelyingPartyException("signingCertNull");


          /*
           * do certificate validation for blacklist, whitelist and cert-validity
           */


          signingCert.checkValidity();


          if (isLoadedFromMessage) {
            if (!IssuerCertificateUtil.checkSystemStore(signingCert, systemStore)
                && !IssuerCertificateUtil.checkSystemStore(signingCert, trustStore)) {
              return false;
            }
          }


          if (validationPolicy.equals(TokenVerifierConstants.BLACK_LIST)) {
            if (IssuerCertificateUtil.isBlackListed(rpData.getBlackList(), signingCert)) {
              return false;
            }
          } else if (validationPolicy.equals(TokenVerifierConstants.WHITE_LIST)) {
            if (!IssuerCertificateUtil
                .isWhiteListed(rpData.getWhiteList(), signingCert)) {
              return false;
            }
          }
        }
      }


      SignatureValidator validator = new SignatureValidator(credential);
      validator.validate(sig);
      holder.populateAttributeTable(this.attributeTable);


    } catch (Exception e) {
      log.debug(e);
      throw new RelyingPartyException("errorInTokenVerification", e);
    }


    if (log.isDebugEnabled()) {
      log.debug("verifyingDecryptedTokenDone");
    }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException


    try {
      uri = new URI(returnUrl);
    } catch (URISyntaxException e) {
      log.error("Return_to url is not in the correct syntax", e);
      throw new RelyingPartyException("Return_to url is not in the correct syntax", e);
    }


    try {
      url = uri.normalize().toURL();
    } catch (MalformedURLException e) {
      log.error("Return_to url is malformed", e);
      throw new RelyingPartyException("Return_to url is malformed", e);
    }


    hostName = url.getHost();
    portNumber = url.getPort();


    if (log.isDebugEnabled()) {
      log.debug("Hostname in the received return_to url:" + hostName);
      log.debug("Port number in the received return_to url:" + portNumber);
    }


    if (data != null) {


      if (log.isDebugEnabled()) {
        log.debug("Mapped host name facing Apache:" + data.getMappedHostName());
        log.debug("Mapped port number facing Apache:" + data.getMappedPortNumber());
        log.debug("Mapping host name facing Apache:" + data.getMappingHostName());
        log.debug("Mapping port number facing Apache:" + data.getMappingPortNumber());
      }


      if (data.getMappedHostName() != null && data.getMappingHostName() != null) {
        if (data.getMappingHostName().equals(url.getHost())) {
          hostName = data.getMappedHostName();
        }
      }


      if (data.getMappedPortNumber() != null && data.getMappingPortNumber() != null) {
        if (Integer.parseInt(data.getMappingPortNumber()) == url.getPort()) {
          portNumber = Integer.parseInt(data.getMappedPortNumber());
        }
      }
    }


    try {


      if ((url.getProtocol().toLowerCase().equals("http") && portNumber == 80)
          || (url.getProtocol().toLowerCase().equals("https") && portNumber == 443)) {
        url = new URL(url.getProtocol().toLowerCase(), hostName, url.getPath());
      } else {
        url = new URL(url.getProtocol().toLowerCase(), hostName, portNumber, url.getPath());
      }


      if (log.isDebugEnabled()) {
        log.debug("Formatted return_to url : " + url.toString());
      }


      return url.toString();
    } catch (MalformedURLException e) {
      log.error("Return_to url is malformed", e);
      throw new RelyingPartyException("Return_to url is malformed", e);
    }
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

      } else {
        return true;
      }
    } catch (Exception e) {
      log.error("Error in issuer policy validation", e);
      throw new RelyingPartyException("errorValidatingIssuerPolicy", e);
    }
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

        StAXOMBuilder builder = new StAXOMBuilder(parser);
        omKeyInfo = builder.getDocumentElement();
      }
    } catch (Exception e) {
      log.error("Error while building issuer info", e);
      throw new RelyingPartyException("errorBuildingIssuerInfo");
    }


    if (certificates != null) {
      issuerInfo = certificates.toString();
    }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

        cert = (java.security.cert.X509Certificate) trustStore.getCertificate(alias);
        credential = new X509CredentialImpl(cert);
      }
    } catch (KeyStoreException e) {
      log.error("Error while loading credentials from trust store", e);
      throw new RelyingPartyException("Error while loading credentials from trust store", e);
    }
    return credential;
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

      keyValueList = kinfo.getKeyValues();


      if (dataList.size() > 0) {


        if (dataList.size() > 1) {
          throw new RelyingPartyException("invalidKeyValueCount");
        }


        X509Data data = dataList.get(0);
        List<X509Certificate> certList = data.getX509Certificates();
        Iterator<X509Certificate> certIterator = certList.iterator();


        while (certIterator.hasNext()) {
          X509Certificate certElem = null;
          String certValue = null;
          byte[] certInBytes = null;
          ByteArrayInputStream inputStream = null;
          CertificateFactory factory = null;
          java.security.cert.X509Certificate x509Cert = null;


          certElem = (X509Certificate) certIterator.next();
          certValue = certElem.getValue();
          certInBytes = Base64.decode(certValue);
          inputStream = new ByteArrayInputStream(certInBytes);
          factory = CertificateFactory.getInstance("X509");
          x509Cert = (java.security.cert.X509Certificate) factory
              .generateCertificate(inputStream);
          credential = new X509CredentialImpl(x509Cert);
        }
      } else if (keyValueList.size() > 0) {


        if (keyValueList.size() > 1) {
          throw new RelyingPartyException("invalidKeyValueCount");
        }


        KeyValue val = null;
        RSAKeyValue rsaKey = null;
        Element modElem = null;
        Element expElem = null;
        Element elem = null;
        OMElement omElem = null;
        BigInteger mod = null;
        BigInteger exp = null;


        val = (KeyValue) keyValueList.get(0);
        rsaKey = val.getRSAKeyValue();
        elem = rsaKey.getDOM();
        omElem = (OMElement) new OMDOMFactory().getDocument().importNode(elem, true);
        modElem = (Element) omElem.getFirstChildWithName(Modulus.DEFAULT_ELEMENT_NAME);
        expElem = (Element) omElem.getFirstChildWithName(Exponent.DEFAULT_ELEMENT_NAME);
        mod = Base64.decodeBigIntegerFromElement(modElem);


        if (expElem != null) {
          exp = Base64.decodeBigIntegerFromElement(expElem);
        } else {
          exp = DEFAULT_EXPONENET;
        }


        credential = new X509CredentialImpl(mod, exp);
      } else {
        if (log.isDebugEnabled()) {
          log.debug("unknown key info");
        }
      }
        } catch (RuntimeException e) {
            throw e;
    } catch (Exception e) {
      log.error("Error while loading credentials from signature", e);
      throw new RelyingPartyException("Error while loading credentials from signature", e);
    }


    return credential;
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

   * This method checks whether the certificate is present in the certificate store
   */
  public static boolean checkSystemStore(X509Certificate signedCert, KeyStore systemStore)
      throws Exception {
    if (signedCert == null || systemStore == null) {
      throw new RelyingPartyException("invalidInputParams");
    }


    // validity period
    signedCert.checkValidity();


    try {
      return systemStore.containsAlias(signedCert.getIssuerDN().getName());
    } catch (KeyStoreException e) {
      log.error("The keystore has not been initialized", e);
      throw new RelyingPartyException("errorLoadingTrustedKeystore", e);
    }
  }

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

   */
  public static boolean isBlackListed(List[] blackList, X509Certificate cert)
      throws RelyingPartyException {


    if (cert == null) {
      throw new RelyingPartyException("noCertInToken");
    }


    if (blackList != null && blackList.length > 0) {
      List certDN = getDNOfIssuer(cert.getIssuerDN().getName());
      for (int i = 0; i < blackList.length; i++) {

View Full Code Here

Examples of org.wso2.carbon.identity.relyingparty.RelyingPartyException

   */
  public static boolean isWhiteListed(List[] whiteList, X509Certificate cert)
      throws RelyingPartyException {


    if (cert == null) {
      throw new RelyingPartyException("noCertInToken");
    }


    if (whiteList != null && whiteList.length > 0) {
      List certDN = getDNOfIssuer(cert.getIssuerDN().getName());
      for (int i = 0; i < whiteList.length; i++) {

View Full Code Here

0 1

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.