Java 断言内的SAML签名验证_Java_Validation_Saml 2.0_Signature_Opensaml

Java 断言内的SAML签名验证

java validation

Java 断言内的SAML签名验证,java,validation,saml-2.0,signature,opensaml,Java,Validation,Saml 2.0,Signature,Opensaml,我有一个来自第三方的SAML。我必须使用他们的公共证书来验证它。我之前已经这样做了，但这次签名在断言中，因此我的Response.getSignature（）返回null 我使用的是Java OpenSAML库，所以现在即使我从下面的断言中获得断言和签名，我的SignatureValidation总是出错下面的代码片段： main().... { response = (Response) parseSamlObject(samlString); assertion = res

我有一个来自第三方的SAML。我必须使用他们的公共证书来验证它。我之前已经这样做了，但这次签名在断言中，因此我的

Response.getSignature（）

返回null

我使用的是Java OpenSAML库，所以现在即使我从下面的断言中获得断言和签名，我的

SignatureValidation

总是出错

下面的代码片段：

main()....
{
    response = (Response) parseSamlObject(samlString);
    assertion = resp.getAssertion().get(0);
    signature = assertion.getSignature(); // I get signature here
    SignatureValidator signatureValidator = new SignatureValidator(getCredential());
    signatureValidator.validate(sign); //ERRORS OUT HERE
    ....
}

private static Credential getCredential() throws org.opensaml.xml.validation.ValidationException, FileNotFoundException {
    PublicKey key=null;

    //Get Public Key
    BasicX509Credential publicCredential = new BasicX509Credential();
    Credential verifiyingCredential = null;
    String certFileName = "myPublicCertificate.cer";
    InputStream fileStream = MyClass.class.getClassLoader().getResourceAsStream(certFileName);

    System.out.println("CertificateStream is Obtained from Resources......" );
    java.security.cert.CertificateFactory certificateFactory=null;
    java.security.cert.X509Certificate certificate=null;

    try {
        certificateFactory = java.security.cert.CertificateFactory.getInstance("X.509");
        certificate = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(fileStream);
    } catch (CertificateException e3) {
        e3.printStackTrace();
    }
    try {
        fileStream.close();
    } catch (IOException e2) {
        e2.printStackTrace();
    }

    key= certificate.getPublicKey();//got publicKey here

    //Validate Public Key against Signature
    if (key != null) {
        publicCredential.setPublicKey(key);
        publicCredential.setEntityCertificate(certificate);
        verifiyingCredential = publicCredential;
    }

    return verifiyingCredential;
}

每次出现以下错误：

org.opensaml.xml.validation.ValidationException:签名未根据凭据的密钥进行验证

以下是SAML:

有什么想法吗？

SignatureValidator是带有静态方法的最后一个类，因此不需要创建实例

response = (Response) parseSamlObject(samlString);
assertion = resp.getAssertion().get(0);
signature = assertion.getSignature();

//Now you need to create a x509Credential
ByteArrayInputStream certInputStream = new ByteArrayInputStream(yourCert);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(certInputStream);
BasicX509Credential credential = new BasicX509Credential(certificate);

//Now you can validate the Signature with you cert
SignatureValidator.validate(signature , credential);

希望这能奏效！！；）

是否有一种方法可以让您了解SignatureValidator.validate（）的实现，并将其置于调试点？首先尝试使用此在线工具验证签名。这将告诉您是否是java实现的证书出错。我在Or.OpenSSAMLXML.StATATURE中使用通用签名验证器。我们还需要考虑KEYFIO来做任何验证吗？我能看到SAML的KeyInfo部分中的X509证书与安全地给我的Puxx509证书相同。但是，

SignatureValidator.validate（assertion.getSignature）

仍然会出现与上面相同的错误。你知道我错过了什么吗？