View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.ext;
21  
22  import org.apache.xml.security.exceptions.XMLSecurityException;
23  
24  import javax.xml.namespace.QName;
25  
26  /**
27   * Exception class for WS-Security.
28   */
29  public class WSSecurityException extends XMLSecurityException {
30  
31      private static final long serialVersionUID = 4703352039717763655L;
32  
33  
34      /****************************************************************************
35       * Fault codes defined in the WSS 1.1 spec under section 12, Error handling
36       */
37  
38      public static final String NS_WSSE10 =
39          "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
40  
41      /**
42       * An unsupported token was provided
43       */
44      public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(NS_WSSE10, "UnsupportedSecurityToken");
45  
46      /**
47       * An unsupported signature or encryption algorithm was used
48       */
49      public static final QName UNSUPPORTED_ALGORITHM = new QName(NS_WSSE10, "UnsupportedAlgorithm");
50  
51      /**
52       * An error was discovered processing the <Security> header
53       */
54      public static final QName INVALID_SECURITY = new QName(NS_WSSE10, "InvalidSecurity");
55  
56      /**
57       * An invalid security token was provided
58       */
59      public static final QName INVALID_SECURITY_TOKEN = new QName(NS_WSSE10, "InvalidSecurityToken");
60  
61      /**
62       * The security token could not be authenticated or authorized
63       */
64      public static final QName FAILED_AUTHENTICATION = new QName(NS_WSSE10, "FailedAuthentication");
65  
66      /**
67       * The signature or decryption was invalid
68       */
69      public static final QName FAILED_CHECK = new QName(NS_WSSE10, "FailedCheck");
70  
71      /**
72       * Referenced security token could not be retrieved
73       */
74      public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName(NS_WSSE10, "SecurityTokenUnavailable");
75  
76      /**
77       * The message has expired
78       */
79      public static final QName MESSAGE_EXPIRED = new QName(NS_WSSE10, "MessageExpired");
80  
81      /**
82       * Generic Security error
83       */
84      public static final QName SECURITY_ERROR =
85          new QName("http://ws.apache.org/wss4j", "SecurityError");
86  
87      // FAULT error messages
88      public static final String UNSUPPORTED_TOKEN_ERR = "An unsupported token was provided";
89      public static final String UNSUPPORTED_ALGORITHM_ERR =
90          "An unsupported signature or encryption algorithm was used";
91      public static final String INVALID_SECURITY_ERR =
92          "An error was discovered processing the <wsse:Security> header.";
93      public static final String INVALID_SECURITY_TOKEN_ERR =
94          "An invalid security token was provided";
95      public static final String FAILED_AUTHENTICATION_ERR =
96          "The security token could not be authenticated or authorized";
97      public static final String FAILED_CHECK_ERR = "The signature or decryption was invalid";
98      public static final String SECURITY_TOKEN_UNAVAILABLE_ERR =
99          "Referenced security token could not be retrieved";
100     public static final String MESSAGE_EXPIRED_ERR = "The message has expired";
101     public static final String UNIFIED_SECURITY_ERR =
102         "A security error was encountered when verifying the message";
103 
104     public enum ErrorCode {
105         FAILURE(null), //Non standard error message
106         UNSUPPORTED_SECURITY_TOKEN(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN),
107         UNSUPPORTED_ALGORITHM(WSSecurityException.UNSUPPORTED_ALGORITHM),
108         INVALID_SECURITY(WSSecurityException.INVALID_SECURITY),
109         INVALID_SECURITY_TOKEN(WSSecurityException.INVALID_SECURITY_TOKEN),
110         FAILED_AUTHENTICATION(WSSecurityException.FAILED_AUTHENTICATION),
111         FAILED_CHECK(WSSecurityException.FAILED_CHECK),
112         SECURITY_TOKEN_UNAVAILABLE(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE),
113         MESSAGE_EXPIRED(WSSecurityException.MESSAGE_EXPIRED),
114         FAILED_ENCRYPTION(null), //Non standard error message
115         FAILED_SIGNATURE(null), //Non standard error message
116         SECURITY_ERROR(WSSecurityException.SECURITY_ERROR);
117 
118         private QName qName;
119 
120         ErrorCode(QName qName) {
121             this.qName = qName;
122         }
123 
124         public QName getQName() {
125             return qName;
126         }
127     }
128 
129     private ErrorCode errorCode;
130 
131     public WSSecurityException(ErrorCode errorCode) {
132         this(errorCode, errorCode.name());
133     }
134 
135     public WSSecurityException(ErrorCode errorCode, String msgId) {
136         super(msgId, new Object[]{});
137         this.errorCode = errorCode;
138     }
139 
140     public WSSecurityException(ErrorCode errorCode, Exception exception) {
141         super(exception);
142         this.errorCode = errorCode;
143     }
144 
145     public WSSecurityException(ErrorCode errorCode, Exception exception, String msgId) {
146         super(exception, msgId);
147         this.errorCode = errorCode;
148     }
149 
150     public WSSecurityException(ErrorCode errorCode, Exception exception, String msgId, Object[] arguments) {
151         super(exception, msgId, arguments);
152         this.errorCode = errorCode;
153     }
154 
155     public WSSecurityException(ErrorCode errorCode, String msgId, Object[] arguments) {
156         super(msgId, arguments);
157         this.errorCode = errorCode;
158     }
159 
160     /**
161      * Get the error code.
162      * <p/>
163      *
164      * @return error code of this exception See values above.
165      */
166     public ErrorCode getErrorCode() {
167         return this.errorCode;
168     }
169 
170     /**
171      * Get the fault code QName for this associated error code.
172      * <p/>
173      *
174      * @return the fault code QName of this exception
175      */
176     public QName getFaultCode() {
177         return this.errorCode.getQName();
178     }
179 
180     /**
181      * Get a "safe" / unified error message, so as not to leak internal configuration
182      * to an attacker.
183      */
184     public String getSafeExceptionMessage() {
185         return UNIFIED_SECURITY_ERR;
186 
187     }
188 
189     /**
190      * Get the "safe" / unified fault code QName associated with this exception, so as
191      * not to leak internal configuration to an attacker
192      */
193     public QName getSafeFaultCode() {
194         return SECURITY_ERROR;
195     }
196 }