Example 6 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method verifyResponse.
private static void verifyResponse(Response response, AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, RoleDescriptorType roled) throws SAML2Exception {
String aIDReqID = assertionIDRequest.getID();
if ((aIDReqID != null) && (!aIDReqID.equals(response.getInResponseTo()))) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAssertionIDRequest"));
}
Issuer respIssuer = response.getIssuer();
if (respIssuer == null) {
return;
}
if (!samlAuthorityEntityID.equals(respIssuer.getValue())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(roled, samlAuthorityEntityID, role);
if (!signingCerts.isEmpty()) {
boolean valid = response.isSignatureValid(signingCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil .verifyResponse: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
Issuer (com.sun.identity.saml2.assertion.Issuer)3
Response (com.sun.identity.saml2.protocol.Response)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
RoleDescriptorType (com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)2
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2
X509Certificate (java.security.cert.X509Certificate)2
SOAPException (javax.xml.soap.SOAPException)2
SOAPMessage (javax.xml.soap.SOAPMessage)2
Element (org.w3c.dom.Element)2
Assertion (com.sun.identity.saml2.assertion.Assertion)1
AssertionIDRef (com.sun.identity.saml2.assertion.AssertionIDRef)1
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)1
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)1
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)1
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)1
AssertionIDRequest (com.sun.identity.saml2.protocol.AssertionIDRequest)1
ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)1
Status (com.sun.identity.saml2.protocol.Status)1
