断言中的 SAML 签名验证
[英]SAML Signature validation within Assertion
问题描述
I have a SAML which I get from a third party.
我有一个从第三方获得的 SAML。 I have to validate it by using their public certificate.我必须使用他们的公共证书来验证它。 I have done this previously but this time the Signature is within the Assertion so my Response.getSignature() returns null.我以前这样做过,但这次签名在断言中,所以我的Response.getSignature()返回 null。
I am using Java OpenSAML lib, so now even though I get the assertion and get the signature from Assertion like below, My SignatureValidature always errors out.我正在使用 Java OpenSAML 库,所以现在即使我得到断言并从下面的断言中得到签名,我的SignatureValidature总是出错。
Code snippet below:下面的代码片段:
main()....
{
response = (Response) parseSamlObject(samlString);
assertion = resp.getAssertion().get(0);
signature = assertion.getSignature(); // I get signature here
SignatureValidator signatureValidator = new SignatureValidator(getCredential());
signatureValidator.validate(sign); //ERRORS OUT HERE
....
}
private static Credential getCredential() throws org.opensaml.xml.validation.ValidationException, FileNotFoundException {
PublicKey key=null;
//Get Public Key
BasicX509Credential publicCredential = new BasicX509Credential();
Credential verifiyingCredential = null;
String certFileName = "myPublicCertificate.cer";
InputStream fileStream = MyClass.class.getClassLoader().getResourceAsStream(certFileName);
System.out.println("CertificateStream is Obtained from Resources......" );
java.security.cert.CertificateFactory certificateFactory=null;
java.security.cert.X509Certificate certificate=null;
try {
certificateFactory = java.security.cert.CertificateFactory.getInstance("X.509");
certificate = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(fileStream);
} catch (CertificateException e3) {
e3.printStackTrace();
}
try {
fileStream.close();
} catch (IOException e2) {
e2.printStackTrace();
}
key= certificate.getPublicKey();//got publicKey here
//Validate Public Key against Signature
if (key != null) {
publicCredential.setPublicKey(key);
publicCredential.setEntityCertificate(certificate);
verifiyingCredential = publicCredential;
}
return verifiyingCredential;
}
Errors out with the following everytime: org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key每次都出现以下错误: org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key
Here is the SAML: https://pastebin.com/D1Rwm5Y5这是 SAML: https : //pastebin.com/D1Rwm5Y5
Any thoughts?有什么想法吗?
1 个解决方案
解决方案1
0 2021-06-05 05:34:29
SignatureValidator is a Final class with a static method, so you don't need to create an instance SignatureValidator 是带有静态方法的 Final 类,因此您无需创建实例
response = (Response) parseSamlObject(samlString);
assertion = resp.getAssertion().get(0);
signature = assertion.getSignature();
//Now you need to create a x509Credential
ByteArrayInputStream certInputStream = new ByteArrayInputStream(yourCert);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(certInputStream);
BasicX509Credential credential = new BasicX509Credential(certificate);
//Now you can validate the Signature with you cert
SignatureValidator.validate(signature , credential);
Hope this works!!希望这有效!! ;) ;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.