org.opensaml.xml.security.SigningUtil Java Examples

The following examples show how to use org.opensaml.xml.security.SigningUtil. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PKIXSignatureTrustEngine.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/** {@inheritDoc} */
public boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria,
        Credential candidateCredential) throws SecurityException {

    if (candidateCredential == null || SecurityHelper.extractVerificationKey(candidateCredential) == null) {
        log.debug("Candidate credential was either not supplied or did not contain verification key");
        log.debug("PKIX trust engine requires supplied key, skipping PKIX trust evaluation");
        return false;
    }

    checkParamsRaw(signature, content, algorithmURI, trustBasisCriteria);

    Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = 
        resolveValidationInfo(trustBasisCriteria);

    try {
        if (SigningUtil.verifyWithURI(candidateCredential, algorithmURI, signature, content)) {
            log.debug("Successfully verified raw signature using supplied candidate credential");
            log.debug("Attempting to establish trust of supplied candidate credential");
            if (evaluateTrust(candidateCredential, validationPair)) {
                log.debug("Successfully established trust of supplied candidate credential");
                return true;
            } else {
                log.debug("Failed to establish trust of supplied candidate credential");
            }
        } else {
            log.debug("Cryptographic verification of raw signature failed with candidate credential");
        }
    } catch (SecurityException e) {
        // Java 7 now throws this exception under conditions such as mismatched key sizes.
        // Swallow this, it's logged by the verifyWithURI method already.
    }

    log.debug("PKIX validation of raw signature failed, "
            + "unable to establish trust of supplied verification credential");
    return false;
}