1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.signature;
18
19 import java.security.Key;
20
21 import org.apache.xml.security.signature.XMLSignature;
22 import org.apache.xml.security.signature.XMLSignatureException;
23 import org.opensaml.xml.security.SecurityHelper;
24 import org.opensaml.xml.security.credential.Credential;
25 import org.opensaml.xml.signature.impl.SignatureImpl;
26 import org.opensaml.xml.validation.ValidationException;
27 import org.opensaml.xml.validation.Validator;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30
31
32
33
34 public class SignatureValidator implements Validator<Signature> {
35
36
37 private final Logger log = LoggerFactory.getLogger(SignatureValidator.class);
38
39
40 private Credential validationCredential;
41
42
43
44
45
46
47 public SignatureValidator(Credential validatingCredential) {
48 validationCredential = validatingCredential;
49 }
50
51
52 public void validate(Signature signature) throws ValidationException {
53 log.debug("Attempting to validate signature using key from supplied credential");
54
55 XMLSignature xmlSig = buildSignature(signature);
56
57 Key validationKey = SecurityHelper.extractVerificationKey(validationCredential);
58 if (validationKey == null) {
59 log.debug("Supplied credential contained no key suitable for signature validation");
60 throw new ValidationException("No key available to validate signature");
61 }
62
63 log.debug("Validating signature with signature algorithm URI: {}", signature.getSignatureAlgorithm());
64 log.debug("Validation credential key algorithm '{}', key instance class '{}'",
65 validationKey.getAlgorithm(), validationKey.getClass().getName());
66
67 try {
68 if (xmlSig.checkSignatureValue(validationKey)) {
69 log.debug("Signature validated with key from supplied credential");
70 return;
71 }
72 } catch (XMLSignatureException e) {
73 throw new ValidationException("Unable to evaluate key against signature", e);
74 }
75
76 log.debug("Signature did not validate against the credential's key");
77
78 throw new ValidationException("Signature did not validate against the credential's key");
79 }
80
81
82
83
84
85
86
87
88 protected XMLSignature buildSignature(Signature signature) {
89 log.debug("Creating XMLSignature object");
90
91 return ((SignatureImpl) signature).getXMLSignature();
92 }
93
94 }