org.opensaml.xml.signature.SignatureValidator Java Examples
The following examples show how to use
org.opensaml.xml.signature.SignatureValidator.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DefaultSSOSigner.java From carbon-identity with Apache License 2.0 | 6 votes |
|
@Override
public boolean validateXMLSignature(RequestAbstractType request, X509Credential cred,
String alias) throws IdentityException {
boolean isSignatureValid = false;
if (request.getSignature() != null) {
try {
SignatureValidator validator = new SignatureValidator(cred);
validator.validate(request.getSignature());
isSignatureValid = true;
} catch (ValidationException e) {
throw IdentityException.error("Signature Validation Failed for the SAML Assertion : Signature is " +
"invalid.", e);
}
}
return isSignatureValid;
}
Example #2
| Source File: SAMLClient.java From saml-sdk-java with Apache License 2.0 | 6 votes |
|
/**
* Create a new SAMLClient, using the IdPConfig for
* endpoints and validation.
*/
public SAMLClient(SPConfig spConfig, IdPConfig idpConfig)
throws SAMLException
{
this.spConfig = spConfig;
this.idpConfig = idpConfig;
BasicCredential cred = new BasicCredential();
cred.setEntityId(idpConfig.getEntityId());
cred.setPublicKey(idpConfig.getCert().getPublicKey());
sigValidator = new SignatureValidator(cred);
// create xml parsers
parsers = new BasicParserPool();
parsers.setNamespaceAware(true);
}
Example #3
| Source File: WSXACMLEntitlementServiceClient.java From micro-integrator with Apache License 2.0 | 5 votes |
|
/**
* Check the validity of the Signature
*
* @param signature : XML Signature that authenticates the assertion
* @return whether the signature is valid
* @throws Exception
*/
private boolean validateSignature(Signature signature) throws EntitlementProxyException {
boolean isSignatureValid = false;
try {
SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
validator.validate(signature);
isSignatureValid = true;
} catch (ValidationException e) {
log.warn("Signature validation failed.", e);
}
return isSignatureValid;
}
Example #4
| Source File: BaseSignatureTrustEngine.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Attempt to verify a signature using the key from the supplied credential.
*
* @param signature the signature on which to attempt verification
* @param credential the credential containing the candidate validation key
* @return true if the signature can be verified using the key from the credential, otherwise false
*/
protected boolean verifySignature(Signature signature, Credential credential) {
SignatureValidator validator = new SignatureValidator(credential);
try {
validator.validate(signature);
} catch (ValidationException e) {
log.debug("Signature validation using candidate validation credential failed", e);
return false;
}
log.debug("Signature validation using candidate credential was successful");
return true;
}
Example #5
| Source File: WSXACMLEntitlementServiceClient.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Check the validity of the Signature
*
* @param signature : XML Signature that authenticates the assertion
* @return whether the signature is valid
* @throws Exception
*/
private boolean validateSignature(Signature signature) throws EntitlementProxyException {
boolean isSignatureValid = false;
try {
SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
validator.validate(signature);
isSignatureValid = true;
} catch (ValidationException e) {
log.warn("Signature validation failed.", e);
}
return isSignatureValid;
}
Example #6
| Source File: Util.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* This method validates the signature of the SAML Response.
* @param resp SAML Response
* @return true, if signature is valid.
*/
public static boolean validateSignature(Response resp, String keyStoreName,
String keyStorePassword, String alias, int tenantId,
String tenantDomain) {
boolean isSigValid = false;
try {
KeyStore keyStore = null;
java.security.cert.X509Certificate cert = null;
if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {
// get an instance of the corresponding Key Store Manager instance
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
cert = (java.security.cert.X509Certificate) keyStore.getCertificate(tenantDomain);
} else {
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(new File(keyStoreName)), keyStorePassword.toCharArray());
cert = (java.security.cert.X509Certificate) keyStore.getCertificate(alias);
}
if(log.isDebugEnabled()){
log.debug("Validating against "+cert.getSubjectDN().getName());
}
X509CredentialImpl credentialImpl = new X509CredentialImpl(cert);
SignatureValidator signatureValidator = new SignatureValidator(credentialImpl);
signatureValidator.validate(resp.getSignature());
isSigValid = true;
return isSigValid;
} catch (Exception e) {
if (log.isDebugEnabled()){
log.debug("Signature verification is failed for "+tenantDomain);
}
return isSigValid;
}
}
