use of org.opensaml.security.SAMLSignatureProfileValidator in project product-is by wso2.
the class SAML2SSOTestBase method validateSignature.
private void validateSignature(XMLObject signature, X509Credential x509Credential) throws Exception {
SignatureImpl signImpl = (SignatureImpl) signature;
try {
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
signatureProfileValidator.validate(signImpl);
} catch (ValidationException ex) {
String logMsg = "Signature do not confirm to SAML signature profile. Possible XML Signature " + "Wrapping Attack!";
if (log.isDebugEnabled()) {
log.debug(logMsg, ex);
}
throw new Exception(logMsg, ex);
}
try {
SignatureValidator validator = new SignatureValidator(x509Credential);
validator.validate(signImpl);
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new Exception("Signature validation failed for SAML2 Element");
}
}
use of org.opensaml.security.SAMLSignatureProfileValidator in project entcore by opendigitaleducation.
the class SamlValidator method validateSignature.
public boolean validateSignature(String assertion) throws Exception {
final Response response = SamlUtils.unmarshallResponse(assertion);
final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
Signature signature = response.getSignature();
if (signature == null) {
if (response.getAssertions() != null && !response.getAssertions().isEmpty()) {
for (Assertion a : response.getAssertions()) {
signature = a.getSignature();
}
} else if (response.getEncryptedAssertions() != null && !response.getEncryptedAssertions().isEmpty()) {
Assertion a = decryptAssertion(response);
if (a != null) {
signature = a.getSignature();
}
} else {
logger.error("Assertions not founds.");
throw new ValidationException("Assertions not founds.");
}
}
if (signature == null) {
logger.error("Signature not found.");
throw new ValidationException("Signature not found.");
}
profileValidator.validate(signature);
SignatureTrustEngine sigTrustEngine = getSignatureTrustEngine(response);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(SamlUtils.getIssuer(response)));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return sigTrustEngine.validate(signature, criteriaSet);
}
Aggregations