static void validateSignature(Credential validationCredential, SignableSAMLObject signableObj) { requireNonNull(validationCredential, "validationCredential"); requireNonNull(signableObj, "signableObj"); // Skip signature validation if the object is not signed. if (!signableObj.isSigned()) { return; } final Signature signature = signableObj.getSignature(); if (signature == null) { throw new SamlException("failed to validate a signature because no signature exists"); } try { signatureProfileValidator.validate(signature); SignatureValidator.validate(signature, validationCredential); } catch (SignatureException e) { throw new SamlException("failed to validate a signature", e); } }
/** * Method isSigned returns the signed of this SamlAssertionWrapper object. * * @return the signed (type boolean) of this SamlAssertionWrapper object. */ public boolean isSigned() { if (samlObject instanceof SignableSAMLObject && (((SignableSAMLObject)samlObject).isSigned() || ((SignableSAMLObject)samlObject).getSignature() != null)) { return true; } return false; }
/** * Removes the signature from the protocol message. * * @param message current message context */ protected void removeSignature(SAMLObject message) { if (message instanceof SignableSAMLObject) { SignableSAMLObject signableMessage = (SignableSAMLObject) message; if (signableMessage.isSigned()) { log.debug("Removing SAML protocol message signature"); signableMessage.setSignature(null); } } }
/** * Removes the signature from the protocol message. * * @param message current message context */ protected void removeSignature(SAMLObject message) { if (message instanceof SignableSAMLObject) { final SignableSAMLObject signableMessage = (SignableSAMLObject) message; if (signableMessage.isSigned()) { log.debug("Removing SAML protocol message signature"); signableMessage.setSignature(null); } } }
/** {@inheritDoc} */ @Override public void doInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { final Object samlMsg = messageContext.getMessage(); if (!(samlMsg instanceof SignableSAMLObject)) { log.debug("{} Extracted SAML message was not a SignableSAMLObject, cannot process signature", getLogPrefix()); return; } final SignableSAMLObject signableObject = (SignableSAMLObject) samlMsg; if (!signableObject.isSigned()) { log.debug("{} SAML protocol message was not signed, skipping XML signature processing", getLogPrefix()); return; } final Signature signature = signableObject.getSignature(); performPrevalidation(signature); doEvaluate(signature, signableObject, messageContext); }
static void validateSignature(Credential validationCredential, SignableSAMLObject signableObj) { requireNonNull(validationCredential, "validationCredential"); requireNonNull(signableObj, "signableObj"); // Skip signature validation if the object is not signed. if (!signableObj.isSigned()) { return; } final Signature signature = signableObj.getSignature(); if (signature == null) { throw new SamlException("failed to validate a signature because no signature exists"); } try { signatureProfileValidator.validate(signature); SignatureValidator.validate(signature, validationCredential); } catch (SignatureException e) { throw new SamlException("failed to validate a signature", e); } }
public Signature validateSignature(SignableSAMLObject object, List<SimpleKey> keys) { Signature result = null; if (object.isSigned() && keys != null && !keys.isEmpty()) { SignatureException last = null; for (SimpleKey key : keys) { try { Credential credential = getCredential(key, getCredentialsResolver(key)); SignatureValidator.validate(object.getSignature(), credential); last = null; result = getSignature(object) .setValidated(true) .setValidatingKey(key); break; } catch (SignatureException e) { last = e; } } if (last != null) { throw new org.springframework.security.saml.saml2.signature.SignatureException( "Signature validation against a " + object.getClass().getName() + " object failed using " + keys.size() + (keys.size() == 1 ? " key." : " keys."), last ); } } return result; }
/** * Determine whether the SAML message represented by the message context is digitally signed. * * <p> * First the SAML protocol message is examined as to whether an XML signature is present. * If not, then the presence of a binding signature is evaluated by looking at * {@link SAMLBindingContext#hasBindingSignature()}. * </p> * * @param messageContext current message context * @return true if the message is considered to be digitally signed, false otherwise */ public static boolean isMessageSigned(@Nonnull final MessageContext<SAMLObject> messageContext) { final SAMLObject samlMessage = Constraint.isNotNull(messageContext.getMessage(), "SAML message was not present in message context"); if (samlMessage instanceof SignableSAMLObject && ((SignableSAMLObject)samlMessage).isSigned()) { return true; } else { final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, false); if (bindingContext != null) { return bindingContext.hasBindingSignature(); } else { return false; } } }