Examples with SignatureValidationFilter org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter used on opensource projects

Example 1 with SignatureValidationFilter

use of org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter in project cas by apereo.

the class SamlUtils method buildSignatureValidationFilter.

/**
     * Build signature validation filter if needed.
     *
     * @param signatureResourceLocation the signature resource location
     * @return the metadata filter
     * @throws Exception the exception
     */
public static SignatureValidationFilter buildSignatureValidationFilter(final Resource signatureResourceLocation) throws Exception {
    if (!ResourceUtils.doesResourceExist(signatureResourceLocation)) {
        LOGGER.warn("Resource [{}] cannot be located", signatureResourceLocation);
        return null;
    }
    final List<KeyInfoProvider> keyInfoProviderList = new ArrayList<>();
    keyInfoProviderList.add(new RSAKeyValueProvider());
    keyInfoProviderList.add(new DSAKeyValueProvider());
    keyInfoProviderList.add(new DEREncodedKeyValueProvider());
    keyInfoProviderList.add(new InlineX509DataProvider());
    LOGGER.debug("Attempting to resolve credentials from [{}]", signatureResourceLocation);
    final BasicCredential credential = buildCredentialForMetadataSignatureValidation(signatureResourceLocation);
    LOGGER.info("Successfully resolved credentials from [{}]", signatureResourceLocation);
    LOGGER.debug("Configuring credential resolver for key signature trust engine @ [{}]", credential.getCredentialType().getSimpleName());
    final StaticCredentialResolver resolver = new StaticCredentialResolver(credential);
    final BasicProviderKeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviderList);
    final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(resolver, keyInfoResolver);
    LOGGER.debug("Adding signature validation filter based on the configured trust engine");
    final SignatureValidationFilter signatureValidationFilter = new SignatureValidationFilter(trustEngine);
    signatureValidationFilter.setRequireSignedRoot(false);
    LOGGER.debug("Added metadata SignatureValidationFilter with signature from [{}]", signatureResourceLocation);
    return signatureValidationFilter;
}

Example 2 with SignatureValidationFilter

use of org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter in project cas by apereo.

the class ChainingMetadataResolverCacheLoader method buildSignatureValidationFilterIfNeeded.

/**
     * Build signature validation filter if needed.
     *
     * @param service            the service
     * @param metadataFilterList the metadata filter list
     * @throws Exception the exception
     */
protected void buildSignatureValidationFilterIfNeeded(final SamlRegisteredService service, final List<MetadataFilter> metadataFilterList) throws Exception {
    if (StringUtils.isBlank(service.getMetadataSignatureLocation())) {
        LOGGER.warn("No metadata signature location is defined for [{}], so SignatureValidationFilter will not be invoked", service.getMetadataLocation());
        return;
    }
    final SignatureValidationFilter signatureValidationFilter = SamlUtils.buildSignatureValidationFilter(service.getMetadataSignatureLocation());
    if (signatureValidationFilter != null) {
        signatureValidationFilter.setRequireSignedRoot(false);
        metadataFilterList.add(signatureValidationFilter);
        LOGGER.debug("Added metadata SignatureValidationFilter with signature from [{}]", service.getMetadataSignatureLocation());
    } else {
        LOGGER.warn("Skipped metadata SignatureValidationFilter since signature from [{}] cannot be located", service.getMetadataLocation());
    }
}