Search in sources :

Example 1 with SignatureValidationProvider

use of org.opensaml.xmlsec.signature.support.SignatureValidationProvider in project cxf by apache.

the class SAMLProtocolResponseValidator method validateSignatureAgainstProfiles.

/**
 * Validate a signature against the profiles
 */
private void validateSignatureAgainstProfiles(Signature signature, SAMLKeyInfo samlKeyInfo) throws WSSecurityException {
    // Validate Signature against profiles
    SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (SignatureException ex) {
        LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    BasicCredential credential = null;
    if (samlKeyInfo.getCerts() != null) {
        credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
    } else if (samlKeyInfo.getPublicKey() != null) {
        credential = new BasicCredential(samlKeyInfo.getPublicKey());
    } else {
        LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    try {
        SignatureValidationProvider responseSignatureValidator = new ApacheSantuarioSignatureValidationProviderImpl();
        responseSignatureValidator.validate(signature, credential);
    } catch (SignatureException ex) {
        LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
}
Also used : BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) SignatureValidationProvider(org.opensaml.xmlsec.signature.support.SignatureValidationProvider) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException) BasicCredential(org.opensaml.security.credential.BasicCredential) ApacheSantuarioSignatureValidationProviderImpl(org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl)

Aggregations

WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)1 BasicCredential (org.opensaml.security.credential.BasicCredential)1 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)1 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)1 SignatureValidationProvider (org.opensaml.xmlsec.signature.support.SignatureValidationProvider)1 ApacheSantuarioSignatureValidationProviderImpl (org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl)1