use of javax.xml.crypto.dsig.XMLSignature.SignatureValue in project camel by apache.
the class XmlVerifierProcessor method handleSignatureValidationFailed.
@SuppressWarnings("unchecked")
protected boolean handleSignatureValidationFailed(DOMValidateContext valContext, XMLSignature signature) throws Exception {
//NOPMD
ValidationFailedHandler handler = getConfiguration().getValidationFailedHandler();
LOG.debug("handleSignatureValidationFailed called");
try {
handler.start();
// first check signature value, see
// https://www.isecpartners.com/media/12012/XMLDSIG_Command_Injection.pdf
SignatureValue sigValue = signature.getSignatureValue();
boolean sv = sigValue.validate(valContext);
if (!sv) {
handler.signatureValueValidationFailed(sigValue);
}
// check the validation status of each Reference
for (Reference ref : (List<Reference>) signature.getSignedInfo().getReferences()) {
boolean refValid = ref.validate(valContext);
if (!refValid) {
handler.referenceValidationFailed(ref);
}
}
// validate Manifests, if property set
if (Boolean.TRUE.equals(valContext.getProperty("org.jcp.xml.dsig.validateManifests"))) {
for (XMLObject xo : (List<XMLObject>) signature.getObjects()) {
List<XMLStructure> content = xo.getContent();
for (XMLStructure xs : content) {
if (xs instanceof Manifest) {
Manifest man = (Manifest) xs;
for (Reference ref : (List<Reference>) man.getReferences()) {
boolean refValid = ref.validate(valContext);
if (!refValid) {
handler.manifestReferenceValidationFailed(ref);
}
}
}
}
}
}
boolean goon = handler.ignoreCoreValidationFailure();
LOG.debug("Ignore Core Validation failure: {}", goon);
return goon;
} finally {
handler.end();
}
}
Aggregations