本文整理了Java中org.opensaml.saml2.core.Assertion.getSignature()方法的一些代码示例,展示了Assertion.getSignature()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Assertion.getSignature()方法的具体详情如下:
包路径:org.opensaml.saml2.core.Assertion
类名称:Assertion
方法名:getSignature
暂无
代码示例来源:origin: cloudfoundry/uaa
@Test
public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException,
MetadataProviderException, SecurityException, MarshallingException, SignatureException {
String authenticationId = UUID.randomUUID().toString();
Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId);
SAMLMessageContext context = samlTestUtils.mockSamlMessageContext();
IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions();
options.setAssertionsSigned(true);
profile.buildResponse(authentication, context, options);
AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage();
Response response = (Response) context.getOutboundSAMLMessage();
Assertion assertion = response.getAssertions().get(0);
Subject subject = assertion.getSubject();
assertEquals("marissa", subject.getNameID().getValue());
SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0);
SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
assertEquals(request.getID(), subjectConfirmationData.getInResponseTo());
verifyAssertionAttributes(authenticationId, assertion);
assertNotNull(assertion.getSignature());
}代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.relyingparty
/**
* @return the SAML signature.
*/
@Override
public Signature getSAMLSignature() {
return assertion.getSignature();
}代码示例来源:origin: apache/cloudstack
continue;
Signature encSig = assertion.getSignature();
if (idpMetadata.getSigningCertificate() != null && encSig != null) {
BasicX509Credential sigCredential = new BasicX509Credential();代码示例来源:origin: org.apache.ws.security/wss4j
public Signature getSignature() {
Signature sig = null;
if (saml2 != null && saml2.getSignature() != null) {
sig = saml2.getSignature();
} else if (saml1 != null && saml1.getSignature() != null) {
sig = saml1.getSignature();
}
return sig;
}代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.wss4j
public Signature getSignature() {
Signature sig = null;
if (saml2 != null && saml2.getSignature() != null) {
sig = saml2.getSignature();
} else if (saml1 != null && saml1.getSignature() != null) {
sig = saml1.getSignature();
}
return sig;
}代码示例来源:origin: usnistgov/iheos-toolkit2
/**
* Method isSigned returns the signed of this AssertionWrapper model.
*
* @return the signed (type boolean) of this AssertionWrapper model.
*/
public boolean isSigned() {
if (saml2 != null) {
return saml2.isSigned() || saml2.getSignature() != null;
}
return false;
}代码示例来源:origin: org.wso2.carbon.identity.carbon.auth.saml2/org.wso2.carbon.identity.authenticator.saml2.sso
/**
* Validate the signature of a SAML2 Assertion
*
* @param assertion SAML2 Assertion
* @param domainName domain name of the subject
* @return true, if signature is valid.
*/
private boolean validateSignature(Assertion assertion, String domainName) {
boolean isSignatureValid = false;
if (assertion == null || assertion.getSignature() == null) {
log.error("SAML Assertion is not signed or assertion not available. Authentication process will be " +
"terminated.");
} else {
if (log.isDebugEnabled()) {
log.debug("Validating SAML Assertion Signature.");
}
isSignatureValid = validateSignature(assertion.getSignature(), domainName);
}
return isSignatureValid;
}代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.authenticator.saml2.sso
/**
* Validate the signature of a SAML2 Assertion
*
* @param assertion SAML2 Assertion
* @param domainName domain name of the subject
* @return true, if signature is valid.
*/
private boolean validateSignature(Assertion assertion, String domainName) {
boolean isSignatureValid = false;
if (assertion == null || assertion.getSignature() == null) {
log.error("SAML Assertion is not signed or assertion not available. Authentication process will be " +
"terminated.");
} else {
if (log.isDebugEnabled()) {
log.debug("Validating SAML Assertion Signature.");
}
isSignatureValid = validateSignature(assertion.getSignature(), domainName);
}
return isSignatureValid;
}代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth
/**
* The Assertion MUST be digitally signed by the issuer and the authorization server MUST verify the signature.
* @param assertion
* @throws IdentityOAuth2Exception
*/
private void validateSignature(Assertion assertion) throws IdentityOAuth2Exception {
try {
profileValidator.validate(assertion.getSignature());
} catch (ValidationException e) {
throw new IdentityOAuth2Exception("Signature do not adhere to the SAML signature profile.", e);
}
}代码示例来源:origin: org.apache.ws.security/wss4j
/**
* Method isSigned returns the signed of this AssertionWrapper object.
*
* @return the signed (type boolean) of this AssertionWrapper object.
*/
public boolean isSigned() {
if (saml2 != null) {
return saml2.isSigned() || saml2.getSignature() != null;
} else if (saml1 != null) {
return saml1.isSigned() || saml1.getSignature() != null;
}
return false;
}代码示例来源:origin: org.wso2.carbon.appmgt/org.wso2.carbon.appmgt.gateway
/**
* Validate SAML Assertion signature.
* @param credential
* @return
*/
private boolean validateAssertionSignature(Credential credential) {
// Get the SAML response signature and assertion signature
Signature assertionSignature = null;
if(isResponse()){
assertionSignature = ((Response)getSAMLResponse()).getAssertions().get(0).getSignature();
}
return validateSignature(credential, assertionSignature);
}代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.wss4j
/**
* Method isSigned returns the signed of this AssertionWrapper object.
*
* @return the signed (type boolean) of this AssertionWrapper object.
*/
public boolean isSigned() {
if (saml2 != null) {
return saml2.isSigned() || saml2.getSignature() != null;
} else if (saml1 != null) {
return saml1.isSigned() || saml1.getSignature() != null;
}
return false;
}代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth
protected void validateSignatureAgainstIdpCertificate(Assertion assertion, String tenantDomain,
IdentityProvider identityProvider) throws IdentityOAuth2Exception {
X509Certificate x509Certificate = getIdpCertificate(tenantDomain, identityProvider);
try {
X509Credential x509Credential = new X509CredentialImpl(x509Certificate);
SignatureValidator signatureValidator = new SignatureValidator(x509Credential);
signatureValidator.validate(assertion.getSignature());
} catch (ValidationException e) {
throw new IdentityOAuth2Exception("Error while validating the signature.", e);
}
}代码示例来源:origin: usnistgov/iheos-toolkit2
private static void extractSignatureInfo(Assertion assertion, AssertionType assertOut) {
SamlSignatureType samlSignature = assertOut.getSamlSignature() ;
SamlSignatureKeyInfoType samlSignatureKeyInfoType = samlSignature.getKeyInfo() ;
byte []signatureValue = samlSignature.getSignatureValue();
samlSignature.getKeyInfo().getRsaKeyValueExponent();
samlSignature.getKeyInfo().getRsaKeyValueModulus() ;
Signature signature = assertion.getSignature() ;
assertion.getSignature().getCanonicalizationAlgorithm();
signature.getSignatureAlgorithm();
List<ContentReference> contentReference1 = signature.getContentReferences();
ContentReference contentReference = (ContentReference)contentReference1.get(0);
signature.getSigningCredential().getPublicKey().getAlgorithm();
//signature.getSigningCredential().
}
private static String getSubjectNameIDValue(Assertion assertion) {代码示例来源:origin: coveo/saml-client
private void validateSignature(Response response) throws SamlException {
Signature responseSignature = response.getSignature();
Signature assertionSignature = response.getAssertions().get(0).getSignature();
if (responseSignature == null && assertionSignature == null) {
throw new SamlException("No signature is present in either response or assertion");
}
if (responseSignature != null && !validate(responseSignature)) {
throw new SamlException("The response signature is invalid");
}
if (assertionSignature != null && !validate(assertionSignature)) {
throw new SamlException("The assertion signature is invalid");
}
}代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine
private void validateSignature(Assertion assertion) throws ValidationException, CertificateException{
assertion.validate(true);
Signature signature = assertion.getSignature();
KeyInfo inf = signature.getKeyInfo();
List<X509Certificate> certs = KeyInfoHelper.getCertificates(inf);
if (certs == null || certs.isEmpty() ){
throw new CertificateException("KeyInfoHelper contains no certificates, unable to validate signature!");
}
X509Certificate cert = certs.get(0);
//TODO: verify certificate issuer/subject?
// Principal pr = cert.getIssuerDN();
// pr = cert.getSubjectDN();
SAMLSignatureProfileValidator pv = new SAMLSignatureProfileValidator();
pv.validate(signature);
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cert);
SignatureValidator sigValidator = new SignatureValidator(credential);
sigValidator.validate(signature);
}代码示例来源:origin: org.apache.ws.security/wss4j
if (saml2 != null && saml2.getSignature() != null) {
sig = saml2.getSignature();
} else if (saml1 != null && saml1.getSignature() != null) {
sig = saml1.getSignature();代码示例来源:origin: usnistgov/iheos-toolkit2
private void verifyAssertion(Assertion assertion, AuthnRequest request, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, Exception {
// Verify assertion time skew
if (!isDateTimeSkewValid(MAX_ASSERTION_TIME, assertion.getIssueInstant())) {
System.out.println("Authentication statement is too old to be used"+assertion.getIssueInstant());
throw new Exception("Users authentication credential is too old to be used");
}
// Verify validity of assertion
// Advice is ignored, core 574
verifyIssuer(assertion.getIssuer(), context);
verifyAssertionSignature(assertion.getSignature(), context);
verifySubject(assertion.getSubject(), request, context);
// Assertion with authentication statement must contain audience restriction
if (assertion.getAuthnStatements().size() > 0) {
verifyAssertionConditions(assertion.getConditions(), context, true);
for (AuthnStatement statement : assertion.getAuthnStatements()) {
verifyAuthenticationStatement(statement, context);
}
} else {
verifyAssertionConditions(assertion.getConditions(), context, false);
}
}
/**代码示例来源:origin: org.wso2.carbon.identity.agent.sso.java/org.wso2.carbon.identity.sso.agent
/**
* Validate the signature of a SAML2 Response and Assertion
*
* @param response SAML2 Response
* @return true, if signature is valid.
*/
protected void validateSignature(Response response, Assertion assertion) throws SSOAgentException {
if (SSOAgentDataHolder.getInstance().getSignatureValidator() != null) {
//Custom implemetation of signature validation
SAMLSignatureValidator signatureValidatorUtility = (SAMLSignatureValidator) SSOAgentDataHolder
.getInstance().getSignatureValidator();
signatureValidatorUtility.validateSignature(response, assertion, ssoAgentConfig);
} else {
//If custom implementation not found, Execute the default implementation
if (ssoAgentConfig.getSAML2().isResponseSigned()) {
if (response.getSignature() == null) {
throw new SSOAgentException("SAML2 Response signing is enabled, but signature element not found in SAML2 Response element");
} else {
validateSignature(response.getSignature());
}
}
if (ssoAgentConfig.getSAML2().isAssertionSigned()) {
if (assertion.getSignature() == null) {
throw new SSOAgentException("SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element");
} else {
validateSignature(assertion.getSignature());
}
}
}
}代码示例来源:origin: org.springframework.security.extensions/spring-security-saml2-core
protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException {
// Verify storage time skew
if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) {
throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant());
}
// Verify validity of storage
// Advice is ignored, core 574
verifyIssuer(assertion.getIssuer(), context);
verifyAssertionSignature(assertion.getSignature(), context);
// Check subject
if (assertion.getSubject() != null) {
verifySubject(assertion.getSubject(), request, context);
} else {
throw new SAMLException("Assertion does not contain subject and is discarded");
}
// Assertion with authentication statement must contain audience restriction
if (assertion.getAuthnStatements().size() > 0) {
verifyAssertionConditions(assertion.getConditions(), context, true);
for (AuthnStatement statement : assertion.getAuthnStatements()) {
if (request != null) {
verifyAuthenticationStatement(statement, request.getRequestedAuthnContext(), context);
} else {
verifyAuthenticationStatement(statement, null, context);
}
}
} else {
verifyAssertionConditions(assertion.getConditions(), context, false);
}
}内容来源于网络,如有侵权,请联系作者删除!