本文整理汇总了Java中org.opensaml.xml.signature.SignatureValidator类的典型用法代码示例。如果您正苦于以下问题:Java SignatureValidator类的具体用法?Java SignatureValidator怎么用?Java SignatureValidator使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SignatureValidator类属于org.opensaml.xml.signature包,在下文中一共展示了SignatureValidator类的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validate
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
private boolean validate(Signature signature) {
if (signature == null) {
return false;
}
// It's fine if any of the credentials match the signature
return credentials
.stream()
.anyMatch(
c -> {
try {
SignatureValidator signatureValidator = new SignatureValidator(c);
signatureValidator.validate(signature);
return true;
} catch (ValidationException ex) {
return false;
}
});
}
示例2: testInvalidSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
@Test(expected=ValidationException.class)
public void testInvalidSignature() throws Exception {
env.setAction("action");
BasicX509Credential credential = TestHelper.getCredential();
Element e = env.sign(credential);
Element actionElement = (Element) e.getElementsByTagNameNS(WSAddressingConstants.WSA_NS, "Action").item(0);
actionElement.setTextContent("test");
Envelope envelope = (Envelope) SAMLUtil.unmarshallElementFromString(XMLHelper.nodeToString(e));
Security sec = (Security) envelope.getHeader().getUnknownXMLObjects(Security.ELEMENT_NAME).get(0);
Signature signature = (Signature) sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).get(0);
SignatureValidator validator = new SignatureValidator(credential);
validator.validate(signature);
}
示例3: validateXMLSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
@Override
public boolean validateXMLSignature(RequestAbstractType request, X509Credential cred,
String alias) throws IdentityException {
boolean isSignatureValid = false;
if (request.getSignature() != null) {
try {
SignatureValidator validator = new SignatureValidator(cred);
validator.validate(request.getSignature());
isSignatureValid = true;
} catch (ValidationException e) {
throw IdentityException.error("Signature Validation Failed for the SAML Assertion : Signature is " +
"invalid.", e);
}
}
return isSignatureValid;
}
示例4: SAMLClient
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
/**
* Create a new SAMLClient, using the IdPConfig for
* endpoints and validation.
*/
public SAMLClient(SPConfig spConfig, IdPConfig idpConfig)
throws SAMLException
{
this.spConfig = spConfig;
this.idpConfig = idpConfig;
BasicCredential cred = new BasicCredential();
cred.setEntityId(idpConfig.getEntityId());
cred.setPublicKey(idpConfig.getCert().getPublicKey());
sigValidator = new SignatureValidator(cred);
// create xml parsers
parsers = new BasicParserPool();
parsers.setNamespaceAware(true);
}
示例5: verifySignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
/**
* Attempt to verify a signature using the key from the supplied credential.
*
* @param signature the signature on which to attempt verification
* @param credential the credential containing the candidate validation key
* @return true if the signature can be verified using the key from the credential, otherwise false
*/
protected boolean verifySignature(Signature signature, Credential credential) {
SignatureValidator validator = new SignatureValidator(credential);
try {
validator.validate(signature);
} catch (ValidationException e) {
log.debug("Signature validation using candidate validation credential failed", e);
return false;
}
log.debug("Signature validation using candidate credential was successful");
return true;
}
示例6: validateSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
private void validateSignature(SignableSAMLObject obj)
throws WsSrvException, ValidationException {
Signature sig = obj.getSignature();
if (sig == null)
throw new WsSrvException(80, "Signature not found");
SAMLSignatureProfileValidator pvalidator =
new SAMLSignatureProfileValidator();
pvalidator.validate(sig);
SignatureValidator svalidator = new SignatureValidator(_cred);
svalidator.validate(sig);
}
示例7: validateSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
/**
* Validates the XML Signature object
*
* @param signature XMLObject
* @throws SSOAgentException
*/
private void validateSignature(XMLObject signature) throws SSOAgentException{
SignatureImpl signImpl = (SignatureImpl) signature;
try {
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
signatureProfileValidator.validate(signImpl);
} catch (ValidationException ex) {
String logMsg = "Signature do not confirm to SAML signature profile. Possible XML Signature " +
"Wrapping Attack!";
AUDIT_LOG.warn(logMsg);
if (log.isDebugEnabled()) {
log.debug(logMsg, ex);
}
throw new SSOAgentException(logMsg, ex);
}
try {
SignatureValidator validator = new SignatureValidator(
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
validator.validate(signImpl);
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new SSOAgentException("Signature validation failed for SAML2 Element");
}
}
示例8: testSign
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
@Test
public void testSign() throws Exception {
env.setAction("action");
BasicX509Credential credential = TestHelper.getCredential();
Element e = env.sign(credential);
assertEquals("Envelope", e.getLocalName());
assertEquals(SOAPConstants.SOAP11_NS, e.getNamespaceURI());
Envelope envelope = (Envelope) SAMLUtil.unmarshallElementFromString(XMLHelper.nodeToString(e));
Security sec = (Security) envelope.getHeader().getUnknownXMLObjects(Security.ELEMENT_NAME).get(0);
assertFalse(sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).isEmpty());
SignatureImpl signature = (SignatureImpl) sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).get(0);
assertEquals(4, signature.getXMLSignature().getSignedInfo().getLength());
Action action = (Action) envelope.getHeader().getUnknownXMLObjects(Action.ELEMENT_NAME).get(0);
boolean found = false;
for (int i = 0; i < signature.getXMLSignature().getSignedInfo().getLength(); i++) {
if (("#" + action.getUnknownAttributes().get(TrustConstants.WSU_ID)).equals(signature.getXMLSignature().getSignedInfo().getReferencedContentBeforeTransformsItem(i).getSourceURI())) {
found = true;
}
}
assertTrue(found);
SignatureValidator validator = new SignatureValidator(credential);
validator.validate(signature);
}
示例9: testValidateFromX509data
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
@Test
public void testValidateFromX509data() throws Exception {
env.setAction("action");
BasicX509Credential credential = TestHelper.getCredential();
Element e = env.sign(credential);
Envelope envelope = (Envelope) SAMLUtil.unmarshallElementFromString(XMLHelper.nodeToString(e));
Security sec = (Security) envelope.getHeader().getUnknownXMLObjects(Security.ELEMENT_NAME).get(0);
assertFalse(sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).isEmpty());
SignatureImpl signature = (SignatureImpl) sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).get(0);
assertNotNull(signature.getKeyInfo());
assertTrue(signature.getKeyInfo().getX509Datas().isEmpty());
assertEquals(1, signature.getKeyInfo().getXMLObjects().size());
assertTrue(signature.getKeyInfo().getXMLObjects().get(0) instanceof SecurityTokenReference);
SecurityTokenReference ref = (SecurityTokenReference) signature.getKeyInfo().getXMLObjects().get(0);
Reference reference = SAMLUtil.getFirstElement(ref, Reference.class);
assertNotNull(reference);
assertNotNull(reference.getURI());
Element bstElement = e.getOwnerDocument().getElementById(reference.getURI().substring(1));
assertNotNull(bstElement);
BinarySecurityToken bst = (BinarySecurityToken) SAMLUtil.unmarshallElementFromString(XMLHelper.nodeToString(bstElement));
BasicX509Credential cred = new BasicX509Credential();
String base64 = "-----BEGIN CERTIFICATE-----\n" + bst.getValue() + "\n-----END CERTIFICATE-----";
cred.setEntityCertificate((java.security.cert.X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(base64.getBytes())));
SignatureValidator validator = new SignatureValidator(cred);
validator.validate(signature);
}
示例10: validateSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
/**
* Check the validity of the Signature
*
* @param signature : XML Signature that authenticates the assertion
* @return whether the signature is valid
* @throws Exception
*/
private boolean validateSignature(Signature signature) throws EntitlementProxyException {
boolean isSignatureValid = false;
try {
SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
validator.validate(signature);
isSignatureValid = true;
} catch (ValidationException e) {
log.warn("Signature validation failed.", e);
}
return isSignatureValid;
}
示例11: validateSignature
import org.opensaml.xml.signature.SignatureValidator; //导入依赖的package包/类
/**
* This method validates the signature of the SAML Response.
* @param resp SAML Response
* @return true, if signature is valid.
*/
public static boolean validateSignature(Response resp, String keyStoreName,
String keyStorePassword, String alias, int tenantId,
String tenantDomain) {
boolean isSigValid = false;
try {
KeyStore keyStore = null;
java.security.cert.X509Certificate cert = null;
if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {
// get an instance of the corresponding Key Store Manager instance
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
cert = (java.security.cert.X509Certificate) keyStore.getCertificate(tenantDomain);
} else {
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(new File(keyStoreName)), keyStorePassword.toCharArray());
cert = (java.security.cert.X509Certificate) keyStore.getCertificate(alias);
}
if(log.isDebugEnabled()){
log.debug("Validating against "+cert.getSubjectDN().getName());
}
X509CredentialImpl credentialImpl = new X509CredentialImpl(cert);
SignatureValidator signatureValidator = new SignatureValidator(credentialImpl);
signatureValidator.validate(resp.getSignature());
isSigValid = true;
return isSigValid;
} catch (Exception e) {
if (log.isDebugEnabled()){
log.debug("Signature verification is failed for "+tenantDomain);
}
return isSigValid;
}
}