in ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java [90:213]
public UsernameToken(
Element elem,
boolean allowNamespaceQualifiedPasswordTypes,
BSPEnforcer bspEnforcer
) throws WSSecurityException {
element = elem;
QName el = new QName(element.getNamespaceURI(), element.getLocalName());
if (!el.equals(TOKEN)) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badElement",
new Object[] {TOKEN, el}
);
}
elementUsername =
XMLUtils.getDirectChildElement(
element, WSConstants.USERNAME_LN, WSConstants.WSSE_NS
);
elementPassword =
XMLUtils.getDirectChildElement(
element, WSConstants.PASSWORD_LN, WSConstants.WSSE_NS
);
elementNonce =
XMLUtils.getDirectChildElement(
element, WSConstants.NONCE_LN, WSConstants.WSSE_NS
);
elementCreated =
XMLUtils.getDirectChildElement(
element, WSConstants.CREATED_LN, WSConstants.WSU_NS
);
elementSalt =
XMLUtils.getDirectChildElement(
element, WSConstants.SALT_LN, WSConstants.WSSE11_NS
);
elementIteration =
XMLUtils.getDirectChildElement(
element, WSConstants.ITERATION_LN, WSConstants.WSSE11_NS
);
if (elementUsername == null) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badUsernameToken",
new Object[] {"Username is missing"}
);
}
checkBSPCompliance(bspEnforcer);
hashed = false;
if (elementSalt != null && (elementPassword != null || elementIteration == null)) {
//
// If the UsernameToken is to be used for key derivation, the (1.1)
// spec says that it cannot contain a password, and it must contain
// an Iteration element
//
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badUsernameToken",
new Object[] {"Password is missing"}
);
}
// Guard against a malicious user sending a bogus iteration value
if (elementIteration != null) {
String iter = XMLUtils.getElementText(elementIteration);
if (iter != null) {
try {
iteration = Integer.parseInt(iter);
if (iteration < 0 || iteration > 10000) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badUsernameToken",
new Object[] {"Iteration is missing"}
);
}
} catch (NumberFormatException ex) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE, ex, "decoding.general"
);
}
}
}
if (elementPassword != null) {
if (elementPassword.hasAttributeNS(null, WSConstants.PASSWORD_TYPE_ATTR)) {
passwordType = elementPassword.getAttributeNS(null, WSConstants.PASSWORD_TYPE_ATTR);
} else if (elementPassword.hasAttributeNS(
WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR)
) {
if (allowNamespaceQualifiedPasswordTypes) {
passwordType =
elementPassword.getAttributeNS(
WSConstants.WSSE_NS, WSConstants.PASSWORD_TYPE_ATTR
);
} else {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badUsernameToken",
new Object[] {"The Password Type is not allowed to be namespace qualified"}
);
}
}
}
if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
hashed = true;
if (elementNonce == null || elementCreated == null) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badUsernameToken",
new Object[] {"Nonce or Created is missing"}
);
}
}
if (elementCreated != null) {
String createdString = getCreated();
if (createdString != null && createdString.length() != 0) {
try {
created = ZonedDateTime.parse(createdString).toInstant();
} catch (DateTimeParseException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
}
}
}