View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.signature;
18  
19  import java.security.Key;
20  
21  import org.apache.xml.security.signature.XMLSignature;
22  import org.apache.xml.security.signature.XMLSignatureException;
23  import org.opensaml.xml.security.SecurityHelper;
24  import org.opensaml.xml.security.credential.Credential;
25  import org.opensaml.xml.signature.impl.SignatureImpl;
26  import org.opensaml.xml.validation.ValidationException;
27  import org.opensaml.xml.validation.Validator;
28  import org.slf4j.Logger;
29  import org.slf4j.LoggerFactory;
30  
31  /**
32   * A validator that validates an XML Signature on its content.
33   */
34  public class SignatureValidator implements Validator<Signature> {
35  
36      /** Class logger. */
37      private final Logger log = LoggerFactory.getLogger(SignatureValidator.class);
38  
39      /** Credential used to validate signature. */
40      private Credential validationCredential;
41  
42      /**
43       * Constructor.
44       * 
45       * @param validatingCredential credential used to validate the signature
46       */
47      public SignatureValidator(Credential validatingCredential) {
48          validationCredential = validatingCredential;
49      }
50  
51      /** {@inheritDoc} */
52      public void validate(Signature signature) throws ValidationException {
53          log.debug("Attempting to validate signature using key from supplied credential");
54  
55          XMLSignature xmlSig = buildSignature(signature);
56  
57          Key validationKey = SecurityHelper.extractVerificationKey(validationCredential);
58          if (validationKey == null) {
59              log.debug("Supplied credential contained no key suitable for signature validation");
60              throw new ValidationException("No key available to validate signature");
61          }
62          
63          log.debug("Validating signature with signature algorithm URI: {}", signature.getSignatureAlgorithm());
64          log.debug("Validation credential key algorithm '{}', key instance class '{}'", 
65                  validationKey.getAlgorithm(), validationKey.getClass().getName());
66  
67          try {
68              if (xmlSig.checkSignatureValue(validationKey)) {
69                  log.debug("Signature validated with key from supplied credential");
70                  return;
71              }
72          } catch (XMLSignatureException e) {
73              throw new ValidationException("Unable to evaluate key against signature", e);
74          }
75  
76          log.debug("Signature did not validate against the credential's key");
77  
78          throw new ValidationException("Signature did not validate against the credential's key");
79      }
80  
81      /**
82       * Constructs an {@link XMLSignature} from the given signature object.
83       * 
84       * @param signature the signature
85       * 
86       * @return the constructed XMLSignature
87       */
88      protected XMLSignature buildSignature(Signature signature) {
89          log.debug("Creating XMLSignature object");
90  
91          return ((SignatureImpl) signature).getXMLSignature();
92      }
93  
94  }