/** * Validate the Response signature (if it exists) */ private void validateResponseSignature( org.opensaml.saml.saml2.core.Response samlResponse, Crypto sigCrypto, CallbackHandler callbackHandler ) throws WSSecurityException { if (!samlResponse.isSigned()) { return; } // Required to make IdResolver happy in OpenSAML Attr idAttr = samlResponse.getDOM().getAttributeNodeNS(null, "ID"); if (idAttr != null) { samlResponse.getDOM().setIdAttributeNode(idAttr, true); } validateResponseSignature( samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), sigCrypto, callbackHandler ); }
if (response.getSignature() == null) { throw new SSOException("SAML 2.0 Response signing is enabled, but signature element not found " + "in SAML 2.0 Response element"); } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(response.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
private static void signXMLObject(XMLObject xmlObject) throws WSSecurityException { if (xmlObject instanceof org.opensaml.saml.saml1.core.Response) { org.opensaml.saml.saml1.core.Response response = (org.opensaml.saml.saml1.core.Response)xmlObject; // Sign any Assertions if (response.getAssertions() != null) { for (org.opensaml.saml.saml1.core.Assertion assertion : response.getAssertions()) { signObject(assertion.getSignature()); } } signObject(response.getSignature()); } else if (xmlObject instanceof org.opensaml.saml.saml2.core.Response) { org.opensaml.saml.saml2.core.Response response = (org.opensaml.saml.saml2.core.Response)xmlObject; // Sign any Assertions if (response.getAssertions() != null) { for (org.opensaml.saml.saml2.core.Assertion assertion : response.getAssertions()) { signObject(assertion.getSignature()); } } signObject(response.getSignature()); } else if (xmlObject instanceof SignableSAMLObject) { signObject(((SignableSAMLObject)xmlObject).getSignature()); } }
if (response.getSignature() == null) { throw new SSOException("SAML 2.0 Response signing is enabled, but signature element not found " + "in SAML 2.0 Response element"); } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(response.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
validateSignatureIfItExists(response.getSignature(), context, engine);