Search in sources :

Example 1 with SAMLSignatureValidationException

use of org.pac4j.saml.exceptions.SAMLSignatureValidationException in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method validateSignature.

/**
 * Validate the given digital signature by checking its profile and value.
 *
 * @param signature   the signature
 * @param idpEntityId the idp entity id
 * @param trustEngine the trust engine
 */
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
    final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (final SignatureException e) {
        throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
    }
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
    criteriaSet.add(new EntityIdCriterion(idpEntityId));
    final boolean valid;
    try {
        valid = trustEngine.validate(signature, criteriaSet);
    } catch (final SecurityException e) {
        throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
    }
    if (!valid) {
        throw new SAMLSignatureValidationException("Signature is not trusted");
    }
}
Also used : UsageCriterion(org.opensaml.security.criteria.UsageCriterion) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) SAMLSignatureValidationException(org.pac4j.saml.exceptions.SAMLSignatureValidationException) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SecurityException(org.opensaml.security.SecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 2 with SAMLSignatureValidationException

use of org.pac4j.saml.exceptions.SAMLSignatureValidationException in project pac4j by pac4j.

the class SAML2LogoutResponseValidator method validateSignature.

/**
 * Validate the given digital signature by checking its profile and value.
 *
 * @param signature the signature
 * @param idpEntityId the idp entity id
 * @param trustEngine the trust engine
 */
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
    final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (final SignatureException e) {
        throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
    }
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
    criteriaSet.add(new EntityIdCriterion(idpEntityId));
    final boolean valid;
    try {
        valid = trustEngine.validate(signature, criteriaSet);
    } catch (final SecurityException e) {
        throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
    }
    if (!valid) {
        throw new SAMLSignatureValidationException("Signature is not trusted");
    }
}
Also used : UsageCriterion(org.opensaml.security.criteria.UsageCriterion) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) SAMLSignatureValidationException(org.pac4j.saml.exceptions.SAMLSignatureValidationException) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SecurityException(org.opensaml.security.SecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Aggregations

CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)2 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)2 ProtocolCriterion (org.opensaml.saml.criterion.ProtocolCriterion)2 SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)2 SecurityException (org.opensaml.security.SecurityException)2 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)2 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)2 SAMLSignatureValidationException (org.pac4j.saml.exceptions.SAMLSignatureValidationException)2