Example 1 with SAMLSignatureProfileValidator
use of org.opensaml.security.SAMLSignatureProfileValidator in project product-is by wso2.
the class SAML2SSOTestBase method validateSignature.
private void validateSignature(XMLObject signature, X509Credential x509Credential) throws Exception {
SignatureImpl signImpl = (SignatureImpl) signature;
try {
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
signatureProfileValidator.validate(signImpl);
} catch (ValidationException ex) {
String logMsg = "Signature do not confirm to SAML signature profile. Possible XML Signature " + "Wrapping Attack!";
if (log.isDebugEnabled()) {
log.debug(logMsg, ex);
}
throw new Exception(logMsg, ex);
}
try {
SignatureValidator validator = new SignatureValidator(x509Credential);
validator.validate(signImpl);
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new Exception("Signature validation failed for SAML2 Element");
}
}
Also used :
ValidationException(org.opensaml.xml.validation.ValidationException)
SAMLSignatureProfileValidator(org.opensaml.security.SAMLSignatureProfileValidator)
SignatureImpl(org.opensaml.xml.signature.impl.SignatureImpl)
SignatureValidator(org.opensaml.xml.signature.SignatureValidator)
IOException(java.io.IOException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
ValidationException(org.opensaml.xml.validation.ValidationException)
IdentitySAMLSSOConfigServiceIdentityException(org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)
RemoteException(java.rmi.RemoteException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
Example 2 with SAMLSignatureProfileValidator
use of org.opensaml.security.SAMLSignatureProfileValidator in project entcore by opendigitaleducation.
the class SamlValidator method validateSignature.
public boolean validateSignature(String assertion) throws Exception {
final Response response = SamlUtils.unmarshallResponse(assertion);
final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
Signature signature = response.getSignature();
if (signature == null) {
if (response.getAssertions() != null && !response.getAssertions().isEmpty()) {
for (Assertion a : response.getAssertions()) {
signature = a.getSignature();
}
} else if (response.getEncryptedAssertions() != null && !response.getEncryptedAssertions().isEmpty()) {
Assertion a = decryptAssertion(response);
if (a != null) {
signature = a.getSignature();
}
} else {
logger.error("Assertions not founds.");
throw new ValidationException("Assertions not founds.");
}
}
if (signature == null) {
logger.error("Signature not found.");
throw new ValidationException("Signature not found.");
}
profileValidator.validate(signature);
SignatureTrustEngine sigTrustEngine = getSignatureTrustEngine(response);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(SamlUtils.getIssuer(response)));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return sigTrustEngine.validate(signature, criteriaSet);
}
Also used :
EntityIDCriteria(org.opensaml.xml.security.criteria.EntityIDCriteria)
ValidationException(org.opensaml.xml.validation.ValidationException)
MetadataCriteria(org.opensaml.security.MetadataCriteria)
ExplicitKeySignatureTrustEngine(org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine)
SignatureTrustEngine(org.opensaml.xml.signature.SignatureTrustEngine)
UsageCriteria(org.opensaml.xml.security.criteria.UsageCriteria)
SAMLSignatureProfileValidator(org.opensaml.security.SAMLSignatureProfileValidator)
Signature(org.opensaml.xml.signature.Signature)
CriteriaSet(org.opensaml.xml.security.CriteriaSet)
Aggregations
SAMLSignatureProfileValidator (org.opensaml.security.SAMLSignatureProfileValidator)2
ValidationException (org.opensaml.xml.validation.ValidationException)2
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
RemoteException (java.rmi.RemoteException)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
XPathExpressionException (javax.xml.xpath.XPathExpressionException)1
MetadataCriteria (org.opensaml.security.MetadataCriteria)1
ConfigurationException (org.opensaml.xml.ConfigurationException)1
CriteriaSet (org.opensaml.xml.security.CriteriaSet)1
EntityIDCriteria (org.opensaml.xml.security.criteria.EntityIDCriteria)1
UsageCriteria (org.opensaml.xml.security.criteria.UsageCriteria)1
Signature (org.opensaml.xml.signature.Signature)1
SignatureTrustEngine (org.opensaml.xml.signature.SignatureTrustEngine)1
SignatureValidator (org.opensaml.xml.signature.SignatureValidator)1
ExplicitKeySignatureTrustEngine (org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine)1
SignatureImpl (org.opensaml.xml.signature.impl.SignatureImpl)1
IdentitySAMLSSOConfigServiceIdentityException (org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)1
SAXException (org.xml.sax.SAXException)1
