Search in sources :

Example 1 with MetadataCriteria

use of org.opensaml.security.MetadataCriteria in project entcore by opendigitaleducation.

the class SamlValidator method validateSignature.

public boolean validateSignature(String assertion) throws Exception {
    final Response response = SamlUtils.unmarshallResponse(assertion);
    final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
    Signature signature = response.getSignature();
    if (signature == null) {
        if (response.getAssertions() != null && !response.getAssertions().isEmpty()) {
            for (Assertion a : response.getAssertions()) {
                signature = a.getSignature();
            }
        } else if (response.getEncryptedAssertions() != null && !response.getEncryptedAssertions().isEmpty()) {
            Assertion a = decryptAssertion(response);
            if (a != null) {
                signature = a.getSignature();
            }
        } else {
            logger.error("Assertions not founds.");
            throw new ValidationException("Assertions not founds.");
        }
    }
    if (signature == null) {
        logger.error("Signature not found.");
        throw new ValidationException("Signature not found.");
    }
    profileValidator.validate(signature);
    SignatureTrustEngine sigTrustEngine = getSignatureTrustEngine(response);
    CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new EntityIDCriteria(SamlUtils.getIssuer(response)));
    criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
    criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
    return sigTrustEngine.validate(signature, criteriaSet);
}
Also used : EntityIDCriteria(org.opensaml.xml.security.criteria.EntityIDCriteria) ValidationException(org.opensaml.xml.validation.ValidationException) MetadataCriteria(org.opensaml.security.MetadataCriteria) ExplicitKeySignatureTrustEngine(org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine) SignatureTrustEngine(org.opensaml.xml.signature.SignatureTrustEngine) UsageCriteria(org.opensaml.xml.security.criteria.UsageCriteria) SAMLSignatureProfileValidator(org.opensaml.security.SAMLSignatureProfileValidator) Signature(org.opensaml.xml.signature.Signature) CriteriaSet(org.opensaml.xml.security.CriteriaSet)

Aggregations

MetadataCriteria (org.opensaml.security.MetadataCriteria)1 SAMLSignatureProfileValidator (org.opensaml.security.SAMLSignatureProfileValidator)1 CriteriaSet (org.opensaml.xml.security.CriteriaSet)1 EntityIDCriteria (org.opensaml.xml.security.criteria.EntityIDCriteria)1 UsageCriteria (org.opensaml.xml.security.criteria.UsageCriteria)1 Signature (org.opensaml.xml.signature.Signature)1 SignatureTrustEngine (org.opensaml.xml.signature.SignatureTrustEngine)1 ExplicitKeySignatureTrustEngine (org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine)1 ValidationException (org.opensaml.xml.validation.ValidationException)1