use of org.opensaml.xmlsec.signature.support.SignatureException in project cas by apereo.
the class WsFederationHelper method validateSignature.
/**
* validateSignature checks to see if the signature on an assertion is valid.
*
* @param assertion a provided assertion
* @param wsFederationConfiguration WS-Fed configuration provided.
* @return true if the assertion's signature is valid, otherwise false
*/
public boolean validateSignature(final Assertion assertion, final WsFederationConfiguration wsFederationConfiguration) {
if (assertion == null) {
LOGGER.warn("No assertion was provided to validate signatures");
return false;
}
boolean valid = false;
if (assertion.getSignature() != null) {
final SignaturePrevalidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(assertion.getSignature());
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIdCriterion(wsFederationConfiguration.getIdentityProviderIdentifier()));
try {
final SignatureTrustEngine engine = buildSignatureTrustEngine(wsFederationConfiguration);
valid = engine.validate(assertion.getSignature(), criteriaSet);
} catch (final SecurityException e) {
LOGGER.warn(e.getMessage(), e);
} finally {
if (!valid) {
LOGGER.warn("Signature doesn't match any signing credential.");
}
}
} catch (final SignatureException e) {
LOGGER.warn("Failed to validate assertion signature", e);
}
}
SamlUtils.logSamlObject(this.configBean, assertion);
return valid;
}
use of org.opensaml.xmlsec.signature.support.SignatureException in project ddf by codice.
the class AttributeQueryClient method signRequest.
/**
* Signs AttributeQuery request.
*
* @param attributeQuery request to be signed.
* @return Document of the AttributeQuery.
*/
private Document signRequest(AttributeQuery attributeQuery) throws AttributeQueryException {
Element soapElement;
try {
// Create and set signature for request.
simpleSign.signSamlObject(attributeQuery);
// Create soap message for request.
soapElement = createSoapMessage(attributeQuery);
// Sign soap message.
Signer.signObject(attributeQuery.getSignature());
} catch (SignatureException | SimpleSign.SignatureException e) {
throw new AttributeQueryException("Error occurred during signing of the request.", e);
}
// Print AttributeQuery Request.
if (LOGGER.isTraceEnabled()) {
printXML("SAML Protocol AttributeQuery Request:\n{}", soapElement);
}
return soapElement.getOwnerDocument();
}
Aggregations