Search in sources :

Example 1 with SignatureException

use of org.opensaml.xmlsec.signature.support.SignatureException in project cas by apereo.

the class WsFederationHelper method validateSignature.

/**
     * validateSignature checks to see if the signature on an assertion is valid.
     *
     * @param assertion                 a provided assertion
     * @param wsFederationConfiguration WS-Fed configuration provided.
     * @return true if the assertion's signature is valid, otherwise false
     */
public boolean validateSignature(final Assertion assertion, final WsFederationConfiguration wsFederationConfiguration) {
    if (assertion == null) {
        LOGGER.warn("No assertion was provided to validate signatures");
        return false;
    }
    boolean valid = false;
    if (assertion.getSignature() != null) {
        final SignaturePrevalidator validator = new SAMLSignatureProfileValidator();
        try {
            validator.validate(assertion.getSignature());
            final CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
            criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
            criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
            criteriaSet.add(new EntityIdCriterion(wsFederationConfiguration.getIdentityProviderIdentifier()));
            try {
                final SignatureTrustEngine engine = buildSignatureTrustEngine(wsFederationConfiguration);
                valid = engine.validate(assertion.getSignature(), criteriaSet);
            } catch (final SecurityException e) {
                LOGGER.warn(e.getMessage(), e);
            } finally {
                if (!valid) {
                    LOGGER.warn("Signature doesn't match any signing credential.");
                }
            }
        } catch (final SignatureException e) {
            LOGGER.warn("Failed to validate assertion signature", e);
        }
    }
    SamlUtils.logSamlObject(this.configBean, assertion);
    return valid;
}
Also used : SignaturePrevalidator(org.opensaml.xmlsec.signature.support.SignaturePrevalidator) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) SignatureTrustEngine(org.opensaml.xmlsec.signature.support.SignatureTrustEngine) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SecurityException(org.opensaml.security.SecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 2 with SignatureException

use of org.opensaml.xmlsec.signature.support.SignatureException in project ddf by codice.

the class AttributeQueryClient method signRequest.

/**
     * Signs AttributeQuery request.
     *
     * @param attributeQuery request to be signed.
     * @return Document of the AttributeQuery.
     */
private Document signRequest(AttributeQuery attributeQuery) throws AttributeQueryException {
    Element soapElement;
    try {
        // Create and set signature for request.
        simpleSign.signSamlObject(attributeQuery);
        // Create soap message for request.
        soapElement = createSoapMessage(attributeQuery);
        // Sign soap message.
        Signer.signObject(attributeQuery.getSignature());
    } catch (SignatureException | SimpleSign.SignatureException e) {
        throw new AttributeQueryException("Error occurred during signing of the request.", e);
    }
    // Print AttributeQuery Request.
    if (LOGGER.isTraceEnabled()) {
        printXML("SAML Protocol AttributeQuery Request:\n{}", soapElement);
    }
    return soapElement.getOwnerDocument();
}
Also used : Element(org.w3c.dom.Element) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Aggregations

SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)2 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1 ProtocolCriterion (org.opensaml.saml.criterion.ProtocolCriterion)1 SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)1 SecurityException (org.opensaml.security.SecurityException)1 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)1 SignaturePrevalidator (org.opensaml.xmlsec.signature.support.SignaturePrevalidator)1 SignatureTrustEngine (org.opensaml.xmlsec.signature.support.SignatureTrustEngine)1 ExplicitKeySignatureTrustEngine (org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine)1 Element (org.w3c.dom.Element)1