if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) { log.debug("{} Simple signature validation (with no request-derived credentials) was successful", getLogPrefix()); if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) { log.debug("{} Simple signature validation succeeded with a request-derived credential", getLogPrefix());
if (getSignatureTrustEngine().validate(signature, criteriaSet)) { log.trace("Signature trust establishment succeeded for metadata entry {}", metadataEntryName); } else {
if (trustEngine.validate(signature, criteriaSet)) { log.debug("Validation of signature of Assertion '{}' from Issuer '{}' was successful", token.getID(), tokenIssuer);
val engine = buildSignatureTrustEngine(configuration); LOGGER.debug("Validating signature via trust engine for [{}]", configuration.getIdentityProviderIdentifier()); return engine.validate(signature, criteriaSet); } catch (final SecurityException e) { LOGGER.warn(e.getMessage(), e);
valid = engine.validate(assertion.getSignature(), criteriaSet); } catch (final SecurityException e) { LOGGER.warn(e.getMessage(), e);
/** * Validate the given digital signature by checking its profile and value. * * @param signature the signature * @param idpEntityId the idp entity id * @param trustEngine the trust engine */ protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) { final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); try { validator.validate(signature); } catch (final SignatureException e) { throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e); } final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS)); criteriaSet.add(new EntityIdCriterion(idpEntityId)); final boolean valid; try { valid = trustEngine.validate(signature, criteriaSet); } catch (final SecurityException e) { throw new SAMLSignatureValidationException("An error occurred during signature validation", e); } if (!valid) { throw new SAMLSignatureValidationException("Signature is not trusted"); } }