/**
* Validate the signature of a SAML2 Response and Assertion
*
* @param response SAML2 Response
* @return true, if signature is valid.
*/
protected void validateSignature(Response response, Assertion assertion)
throws SSOAgentException {
if (SSOAgentDataHolder.getInstance().getSignatureValidator() != null) {
// Custom implemetation of signature validation
SAMLSignatureValidator signatureValidatorUtility =
(SAMLSignatureValidator) SSOAgentDataHolder.getInstance().getSignatureValidator();
signatureValidatorUtility.validateSignature(response, assertion, ssoAgentConfig);
} else {
// If custom implementation not found, Execute the default implementation
if (ssoAgentConfig.getSAML2().isResponseSigned()) {
if (response.getSignature() == null) {
throw new SSOAgentException(
"SAML2 Response signing is enabled, but signature element not found in SAML2 Response element");
} else {
try {
SignatureValidator validator =
new SignatureValidator(
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
validator.validate(response.getSignature());
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new SSOAgentException("Signature validation failed for SAML2 Response");
}
}
}
if (ssoAgentConfig.getSAML2().isAssertionSigned()) {
if (assertion.getSignature() == null) {
throw new SSOAgentException(
"SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element");
} else {
try {
SignatureValidator validator =
new SignatureValidator(
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
validator.validate(assertion.getSignature());
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new SSOAgentException("Signature validation failed for SAML2 Assertion");
}
}
}
}
}
public SAML2SSOManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException {
/* Initializing the OpenSAML library, loading default configurations */
this.ssoAgentConfig = ssoAgentConfig;
// load custom Signature Validator Class
String signerClassName = ssoAgentConfig.getSAML2().getSignatureValidatorImplClass();
try {
if (signerClassName != null) {
SSOAgentDataHolder.getInstance()
.setSignatureValidator(Class.forName(signerClassName).newInstance());
}
} catch (ClassNotFoundException e) {
throw new SSOAgentException("Error loading custom signature validator class", e);
} catch (IllegalAccessException e) {
throw new SSOAgentException("Error loading custom signature validator class", e);
} catch (InstantiationException e) {
throw new SSOAgentException("Error loading custom signature validator class", e);
}
SSOAgentUtils.doBootstrap();
}
