use of org.opensaml.security.MetadataCriteria in project entcore by opendigitaleducation.
the class SamlValidator method validateSignature.
public boolean validateSignature(String assertion) throws Exception {
final Response response = SamlUtils.unmarshallResponse(assertion);
final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
Signature signature = response.getSignature();
if (signature == null) {
if (response.getAssertions() != null && !response.getAssertions().isEmpty()) {
for (Assertion a : response.getAssertions()) {
signature = a.getSignature();
}
} else if (response.getEncryptedAssertions() != null && !response.getEncryptedAssertions().isEmpty()) {
Assertion a = decryptAssertion(response);
if (a != null) {
signature = a.getSignature();
}
} else {
logger.error("Assertions not founds.");
throw new ValidationException("Assertions not founds.");
}
}
if (signature == null) {
logger.error("Signature not found.");
throw new ValidationException("Signature not found.");
}
profileValidator.validate(signature);
SignatureTrustEngine sigTrustEngine = getSignatureTrustEngine(response);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(SamlUtils.getIssuer(response)));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return sigTrustEngine.validate(signature, criteriaSet);
}
Aggregations