Java Code Examples for org.opensaml.xml.signature.SignatureValidator#validate()

The following examples show how to use org.opensaml.xml.signature.SignatureValidator#validate() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultSSOSigner.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public boolean validateXMLSignature(RequestAbstractType request, X509Credential cred,
                                    String alias) throws IdentityException {

    boolean isSignatureValid = false;

    if (request.getSignature() != null) {
        try {
            SignatureValidator validator = new SignatureValidator(cred);
            validator.validate(request.getSignature());
            isSignatureValid = true;
        } catch (ValidationException e) {
            throw IdentityException.error("Signature Validation Failed for the SAML Assertion : Signature is " +
                                        "invalid.", e);
        }
    }
    return isSignatureValid;
}
 
Example 2
Source File: WSXACMLEntitlementServiceClient.java    From micro-integrator with Apache License 2.0 5 votes vote down vote up
/**
 * Check the validity of the Signature
 *
 * @param signature : XML Signature that authenticates the assertion
 * @return whether the signature is valid
 * @throws Exception
 */
private boolean validateSignature(Signature signature) throws EntitlementProxyException {

    boolean isSignatureValid = false;

    try {
        SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
        validator.validate(signature);
        isSignatureValid = true;
    } catch (ValidationException e) {
        log.warn("Signature validation failed.", e);
    }

    return isSignatureValid;
}
 
Example 3
Source File: BaseSignatureTrustEngine.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Attempt to verify a signature using the key from the supplied credential.
 * 
 * @param signature the signature on which to attempt verification
 * @param credential the credential containing the candidate validation key
 * @return true if the signature can be verified using the key from the credential, otherwise false
 */
protected boolean verifySignature(Signature signature, Credential credential) {
    SignatureValidator validator = new SignatureValidator(credential);
    try {
        validator.validate(signature);
    } catch (ValidationException e) {
        log.debug("Signature validation using candidate validation credential failed", e);
        return false;
    }
    
    log.debug("Signature validation using candidate credential was successful");
    return true;
}
 
Example 4
Source File: WSXACMLEntitlementServiceClient.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Check the validity of the Signature
 *
 * @param signature : XML Signature that authenticates the assertion
 * @return whether the signature is valid
 * @throws Exception
 */
private boolean validateSignature(Signature signature) throws EntitlementProxyException {

    boolean isSignatureValid = false;

    try {
        SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
        validator.validate(signature);
        isSignatureValid = true;
    } catch (ValidationException e) {
        log.warn("Signature validation failed.", e);
    }

    return isSignatureValid;
}
 
Example 5
Source File: Util.java    From carbon-commons with Apache License 2.0 5 votes vote down vote up
/**
 * This method validates the signature of the SAML Response.
 * @param resp SAML Response
 * @return true, if signature is valid.
 */
public static boolean validateSignature(Response resp, String keyStoreName,
                                        String keyStorePassword, String alias, int tenantId,
                                        String tenantDomain) {
    boolean isSigValid = false;
    try {
        KeyStore keyStore = null;
        java.security.cert.X509Certificate cert = null;
        if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {
            // get an instance of the corresponding Key Store Manager instance
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
            keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
            cert = (java.security.cert.X509Certificate) keyStore.getCertificate(tenantDomain);
        } else {
            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(new File(keyStoreName)), keyStorePassword.toCharArray());
            cert = (java.security.cert.X509Certificate) keyStore.getCertificate(alias);
        }
        if(log.isDebugEnabled()){
            log.debug("Validating against "+cert.getSubjectDN().getName());
        }
        X509CredentialImpl credentialImpl = new X509CredentialImpl(cert);
        SignatureValidator signatureValidator = new SignatureValidator(credentialImpl);
        signatureValidator.validate(resp.getSignature());
        isSigValid = true;
        return isSigValid;
    } catch (Exception e) {
        if (log.isDebugEnabled()){
        log.debug("Signature verification is failed for "+tenantDomain);
        }
        return isSigValid;
    }
}