コード例 #1
0
  /**
   * Validate the signature of a SAML2 Response and Assertion
   *
   * @param response SAML2 Response
   * @return true, if signature is valid.
   */
  private void validateSignature(Response response, Assertion assertion) throws SAMLSSOException {

    if (SSOUtils.isAuthnResponseSigned(properties)) {

      if (identityProvider.getCertificate() == null
          || identityProvider.getCertificate().isEmpty()) {
        throw new SAMLSSOException(
            "SAMLResponse signing is enabled, but IdP doesn't have a certificate");
      }

      if (response.getSignature() == null) {
        throw new SAMLSSOException(
            "SAMLResponse signing is enabled, but signature element "
                + "not found in SAML Response element.");
      } else {
        try {
          X509Credential credential =
              new X509CredentialImpl(tenantDomain, identityProvider.getCertificate());
          SignatureValidator validator = new SignatureValidator(credential);
          validator.validate(response.getSignature());
        } catch (ValidationException e) {
          throw new SAMLSSOException("Signature validation failed for SAML Response", e);
        }
      }
    }
    if (SSOUtils.isAssertionSigningEnabled(properties)) {

      if (identityProvider.getCertificate() == null
          || identityProvider.getCertificate().isEmpty()) {
        throw new SAMLSSOException(
            "SAMLAssertion signing is enabled, but IdP doesn't have a certificate");
      }

      if (assertion.getSignature() == null) {
        throw new SAMLSSOException(
            "SAMLAssertion signing is enabled, but signature element "
                + "not found in SAML Assertion element.");
      } else {
        try {
          X509Credential credential =
              new X509CredentialImpl(tenantDomain, identityProvider.getCertificate());
          SignatureValidator validator = new SignatureValidator(credential);
          validator.validate(assertion.getSignature());
        } catch (ValidationException e) {
          throw new SAMLSSOException("Signature validation failed for SAML Assertion", e);
        }
      }
    }
  }
コード例 #2
0
 /** @return */
 public String getPublicCert() {
   return identityProvider.getCertificate();
 }