Example 1 with SignatureValidator
use of org.opensaml.xmlsec.signature.support.SignatureValidator in project ddf by codice.
the class SimpleSign method validateSignature.
public void validateSignature(Signature signature, Document doc) throws SignatureException {
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(crypto.getSignatureCrypto());
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
SAMLKeyInfo samlKeyInfo = null;
KeyInfo keyInfo = signature.getKeyInfo();
if (keyInfo != null) {
try {
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), crypto.getSignatureCrypto());
} catch (WSSecurityException e) {
throw new SignatureException("Unable to get KeyInfo.", e);
}
}
if (samlKeyInfo == null) {
throw new SignatureException("No KeyInfo supplied in the signature");
}
validateSignatureAndSamlKey(signature, samlKeyInfo);
Credential trustCredential = new Credential();
trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
trustCredential.setCertificates(samlKeyInfo.getCerts());
Validator signatureValidator = new SignatureTrustValidator();
try {
signatureValidator.validate(trustCredential, requestData);
} catch (WSSecurityException e) {
throw new SignatureException("Error validating signature", e);
}
}
Also used :
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
Credential(org.apache.wss4j.dom.validate.Credential)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
RequestData(org.apache.wss4j.dom.handler.RequestData)
SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)
Validator(org.apache.wss4j.dom.validate.Validator)
SignatureValidator(org.opensaml.xmlsec.signature.support.SignatureValidator)
SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)
SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator)
Example 2 with SignatureValidator
use of org.opensaml.xmlsec.signature.support.SignatureValidator in project ddf by codice.
the class SimpleSign method validateSignature.
public void validateSignature(Signature signature, Document doc) throws SignatureException {
RequestData requestData = new RequestData();
requestData.setWsDocInfo(new WSDocInfo(doc));
requestData.setSigVerCrypto(crypto.getSignatureCrypto());
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
SAMLKeyInfo samlKeyInfo = null;
KeyInfo keyInfo = signature.getKeyInfo();
if (keyInfo != null) {
try {
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), crypto.getSignatureCrypto());
} catch (WSSecurityException e) {
throw new SignatureException("Unable to get KeyInfo.", e);
}
}
if (samlKeyInfo == null) {
throw new SignatureException("No KeyInfo supplied in the signature");
}
validateSignatureAndSamlKey(signature, samlKeyInfo);
Credential trustCredential = new Credential();
trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
trustCredential.setCertificates(samlKeyInfo.getCerts());
Validator signatureValidator = new SignatureTrustValidator();
try {
signatureValidator.validate(trustCredential, requestData);
} catch (WSSecurityException e) {
throw new SignatureException("Error validating signature", e);
}
}
Also used :
WSDocInfo(org.apache.wss4j.dom.WSDocInfo)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
Credential(org.apache.wss4j.dom.validate.Credential)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
RequestData(org.apache.wss4j.dom.handler.RequestData)
SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SignatureException(ddf.security.samlp.SignatureException)
WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)
SignatureValidator(org.opensaml.xmlsec.signature.support.SignatureValidator)
SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator)
Validator(org.apache.wss4j.dom.validate.Validator)
SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)
Aggregations
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)2
WSDocInfo (org.apache.wss4j.dom.WSDocInfo)2
WSSConfig (org.apache.wss4j.dom.engine.WSSConfig)2
RequestData (org.apache.wss4j.dom.handler.RequestData)2
WSSSAMLKeyInfoProcessor (org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)2
Credential (org.apache.wss4j.dom.validate.Credential)2
SignatureTrustValidator (org.apache.wss4j.dom.validate.SignatureTrustValidator)2
Validator (org.apache.wss4j.dom.validate.Validator)2
SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)2
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)2
KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)2
SignatureValidator (org.opensaml.xmlsec.signature.support.SignatureValidator)2
SignatureException (ddf.security.samlp.SignatureException)1
