use of org.opensaml.xmlsec.signature.support.SignatureValidationProvider in project cxf by apache.
the class SAMLProtocolResponseValidator method validateSignatureAgainstProfiles.
/**
* Validate a signature against the profiles
*/
private void validateSignatureAgainstProfiles(Signature signature, SAMLKeyInfo samlKeyInfo) throws WSSecurityException {
// Validate Signature against profiles
SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(signature);
} catch (SignatureException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
BasicCredential credential = null;
if (samlKeyInfo.getCerts() != null) {
credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
} else if (samlKeyInfo.getPublicKey() != null) {
credential = new BasicCredential(samlKeyInfo.getPublicKey());
} else {
LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
try {
SignatureValidationProvider responseSignatureValidator = new ApacheSantuarioSignatureValidationProviderImpl();
responseSignatureValidator.validate(signature, credential);
} catch (SignatureException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
Aggregations