use of org.pac4j.saml.exceptions.SAMLSignatureValidationException in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method validateSignature.
/**
* Validate the given digital signature by checking its profile and value.
*
* @param signature the signature
* @param idpEntityId the idp entity id
* @param trustEngine the trust engine
*/
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(signature);
} catch (final SignatureException e) {
throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
}
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIdCriterion(idpEntityId));
final boolean valid;
try {
valid = trustEngine.validate(signature, criteriaSet);
} catch (final SecurityException e) {
throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
}
if (!valid) {
throw new SAMLSignatureValidationException("Signature is not trusted");
}
}
use of org.pac4j.saml.exceptions.SAMLSignatureValidationException in project pac4j by pac4j.
the class SAML2LogoutResponseValidator method validateSignature.
/**
* Validate the given digital signature by checking its profile and value.
*
* @param signature the signature
* @param idpEntityId the idp entity id
* @param trustEngine the trust engine
*/
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(signature);
} catch (final SignatureException e) {
throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
}
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIdCriterion(idpEntityId));
final boolean valid;
try {
valid = trustEngine.validate(signature, criteriaSet);
} catch (final SecurityException e) {
throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
}
if (!valid) {
throw new SAMLSignatureValidationException("Signature is not trusted");
}
}
Aggregations