static void validateSignature(Credential validationCredential, SignableSAMLObject signableObj) { requireNonNull(validationCredential, "validationCredential"); requireNonNull(signableObj, "signableObj"); // Skip signature validation if the object is not signed. if (!signableObj.isSigned()) { return; } final Signature signature = signableObj.getSignature(); if (signature == null) { throw new SamlException("failed to validate a signature because no signature exists"); } try { signatureProfileValidator.validate(signature); SignatureValidator.validate(signature, validationCredential); } catch (SignatureException e) { throw new SamlException("failed to validate a signature", e); } }
val c = it.next(); LOGGER.debug("Validating signature using credentials for [{}]", c.getEntityId()); SignatureValidator.validate(signature, c); LOGGER.info("Successfully validated the request signature."); foundValidCredential = true;
static void validateSignature(Credential validationCredential, SignableSAMLObject signableObj) { requireNonNull(validationCredential, "validationCredential"); requireNonNull(signableObj, "signableObj"); // Skip signature validation if the object is not signed. if (!signableObj.isSigned()) { return; } final Signature signature = signableObj.getSignature(); if (signature == null) { throw new SamlException("failed to validate a signature because no signature exists"); } try { signatureProfileValidator.validate(signature); SignatureValidator.validate(signature, validationCredential); } catch (SignatureException e) { throw new SamlException("failed to validate a signature", e); } }
private void validateSignatureAndSamlKey(Signature signature, SAMLKeyInfo samlKeyInfo) throws SignatureException { SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); try { validator.validate(signature); } catch (org.opensaml.xmlsec.signature.support.SignatureException e) { throw new SignatureException("Error validating the SAMLKey signature", e); } BasicX509Credential credential = null; if (samlKeyInfo.getCerts() != null) { credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]); } else { throw new SignatureException("Can't get X509Certificate or PublicKey to verify signature."); } ClassLoader threadLoader = null; try { threadLoader = Thread.currentThread().getContextClassLoader(); Thread.currentThread() .setContextClassLoader( ApacheSantuarioSignatureValidationProviderImpl.class.getClassLoader()); SignatureValidator.validate(signature, credential); } catch (org.opensaml.xmlsec.signature.support.SignatureException e) { throw new SignatureException("Error validating the XML signature", e); } finally { if (threadLoader != null) { Thread.currentThread().setContextClassLoader(threadLoader); } } }
public Signature validateSignature(SignableSAMLObject object, List<SimpleKey> keys) { Signature result = null; if (object.isSigned() && keys != null && !keys.isEmpty()) { SignatureException last = null; for (SimpleKey key : keys) { try { Credential credential = getCredential(key, getCredentialsResolver(key)); SignatureValidator.validate(object.getSignature(), credential); last = null; result = getSignature(object) .setValidated(true) .setValidatingKey(key); break; } catch (SignatureException e) { last = e; } } if (last != null) { throw new org.springframework.security.saml.saml2.signature.SignatureException( "Signature validation against a " + object.getClass().getName() + " object failed using " + keys.size() + (keys.size() == 1 ? " key." : " keys."), last ); } } return result; }
try { Thread.currentThread().setContextClassLoader(SignerProvider.class.getClassLoader()); SignatureValidator.validate(sig, credential); } catch (SignatureException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex,
/** * Validate the signature of an assertion * * @param request SAML Assertion, this could be either a SAML Request or a * LogoutRequest * @param alias Certificate alias against which the signature is validated. * @param domainName domain name of the subject * @return true, if the signature is valid. * @throws IdentitySAML2QueryException When signature is invalid or unable to load credential information */ public static boolean validateXMLSignature(RequestAbstractType request, String alias, String domainName) throws IdentitySAML2QueryException { boolean isSignatureValid = false; if (request.getSignature() != null) { try { X509Credential cred = OpenSAML3Util.getX509CredentialImplForTenant(domainName, alias); SignatureValidator.validate(request.getSignature(), cred); return true; } catch (SignatureException e) { log.error("Unable to validate Signature of the request id:"+request.getID()+" with alias:" +alias+" ,domainname: "+domainName,e); throw new IdentitySAML2QueryException("Unable to validate Signature of the request id:"+request.getID()+" with alias:" +alias+" ,domainname: "+domainName,e); } } return isSignatureValid; }
SignatureValidator.validate(signature, credential); } catch (SignatureException ex) { LOG.debug("Error in validating the SAML Signature: {}", ex.getMessage(), ex);
} else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(response.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) { } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(assertion.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
} else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(response.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) { } else { try { org.opensaml.xmlsec.signature.support.SignatureValidator.validate(assertion.getSignature(), new X509CredentialImplementation(ssoX509Credential.getEntityCertificate())); } catch (SignatureException e) {
SignatureValidator.validate(signature, credential); } catch (SignatureException ex) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,