/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.common.ext;
import org.apache.xml.security.exceptions.XMLSecurityException;
import javax.xml.namespace.QName;
/**
* Exception class for WS-Security.
*/
public class WSSecurityException extends XMLSecurityException {
private static final long serialVersionUID = 4703352039717763655L;
/****************************************************************************
* Fault codes defined in the WSS 1.1 spec under section 12, Error handling
*/
public static final String NS_WSSE10 =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
/**
* An unsupported token was provided
*/
public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(NS_WSSE10, "UnsupportedSecurityToken");
/**
* An unsupported signature or encryption algorithm was used
*/
public static final QName UNSUPPORTED_ALGORITHM = new QName(NS_WSSE10, "UnsupportedAlgorithm");
/**
* An error was discovered processing the <Security> header
*/
public static final QName INVALID_SECURITY = new QName(NS_WSSE10, "InvalidSecurity");
/**
* An invalid security token was provided
*/
public static final QName INVALID_SECURITY_TOKEN = new QName(NS_WSSE10, "InvalidSecurityToken");
/**
* The security token could not be authenticated or authorized
*/
public static final QName FAILED_AUTHENTICATION = new QName(NS_WSSE10, "FailedAuthentication");
/**
* The signature or decryption was invalid
*/
public static final QName FAILED_CHECK = new QName(NS_WSSE10, "FailedCheck");
/**
* Referenced security token could not be retrieved
*/
public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName(NS_WSSE10, "SecurityTokenUnavailable");
/**
* The message has expired
*/
public static final QName MESSAGE_EXPIRED = new QName(NS_WSSE10, "MessageExpired");
/**
* Generic Security error
*/
public static final QName SECURITY_ERROR =
new QName("http://ws.apache.org/wss4j", "SecurityError");
// FAULT error messages
public static final String UNSUPPORTED_TOKEN_ERR = "An unsupported token was provided";
public static final String UNSUPPORTED_ALGORITHM_ERR =
"An unsupported signature or encryption algorithm was used";
public static final String INVALID_SECURITY_ERR =
"An error was discovered processing the <wsse:Security> header.";
public static final String INVALID_SECURITY_TOKEN_ERR =
"An invalid security token was provided";
public static final String FAILED_AUTHENTICATION_ERR =
"The security token could not be authenticated or authorized";
public static final String FAILED_CHECK_ERR = "The signature or decryption was invalid";
public static final String SECURITY_TOKEN_UNAVAILABLE_ERR =
"Referenced security token could not be retrieved";
public static final String MESSAGE_EXPIRED_ERR = "The message has expired";
public static final String UNIFIED_SECURITY_ERR =
"A security error was encountered when verifying the message";
public enum ErrorCode {
FAILURE(null), //Non standard error message
UNSUPPORTED_SECURITY_TOKEN(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN),
UNSUPPORTED_ALGORITHM(WSSecurityException.UNSUPPORTED_ALGORITHM),
INVALID_SECURITY(WSSecurityException.INVALID_SECURITY),
INVALID_SECURITY_TOKEN(WSSecurityException.INVALID_SECURITY_TOKEN),
FAILED_AUTHENTICATION(WSSecurityException.FAILED_AUTHENTICATION),
FAILED_CHECK(WSSecurityException.FAILED_CHECK),
SECURITY_TOKEN_UNAVAILABLE(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE),
MESSAGE_EXPIRED(WSSecurityException.MESSAGE_EXPIRED),
FAILED_ENCRYPTION(null), //Non standard error message
FAILED_SIGNATURE(null), //Non standard error message
SECURITY_ERROR(WSSecurityException.SECURITY_ERROR);
private QName qName;
ErrorCode(QName qName) {
this.qName = qName;
}
public QName getQName() {
return qName;
}
}
private ErrorCode errorCode;
public WSSecurityException(ErrorCode errorCode) {
this(errorCode, errorCode.name());
}
public WSSecurityException(ErrorCode errorCode, String msgId) {
super(msgId, new Object[]{});
this.errorCode = errorCode;
}
public WSSecurityException(ErrorCode errorCode, Exception exception) {
super(exception);
this.errorCode = errorCode;
}
public WSSecurityException(ErrorCode errorCode, Exception exception, String msgId) {
super(exception, msgId);
this.errorCode = errorCode;
}
public WSSecurityException(ErrorCode errorCode, Exception exception, String msgId, Object[] arguments) {
super(exception, msgId, arguments);
this.errorCode = errorCode;
}
public WSSecurityException(ErrorCode errorCode, String msgId, Object[] arguments) {
super(msgId, arguments);
this.errorCode = errorCode;
}
/**
* Get the error code.
* <p/>
*
* @return error code of this exception See values above.
*/
public ErrorCode getErrorCode() {
return this.errorCode;
}
/**
* Get the fault code QName for this associated error code.
* <p/>
*
* @return the fault code QName of this exception
*/
public QName getFaultCode() {
return this.errorCode.getQName();
}
/**
* Get a "safe" / unified error message, so as not to leak internal configuration
* to an attacker.
*/
public String getSafeExceptionMessage() {
return UNIFIED_SECURITY_ERR;
}
/**
* Get the "safe" / unified fault code QName associated with this exception, so as
* not to leak internal configuration to an attacker
*/
public QName getSafeFaultCode() {
return SECURITY_ERROR;
}
}