Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/373.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java OpenSAML(2.0)签名验证不起作用_Java_Saml 2.0_Xml Signature_Opensaml - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java OpenSAML(2.0)签名验证不起作用

Java OpenSAML(2.0)签名验证不起作用

java

Java OpenSAML(2.0)签名验证不起作用,java,saml-2.0,xml-signature,opensaml,Java,Saml 2.0,Xml Signature,Opensaml,问题: MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ ARYNaW5mb0Bva3R

问题:

MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <ds:Reference URI="#id7437579890833705637451361">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>zIoW9N/wJrjwXfQS7I5jNyZqbJQ=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>ZybzDLQ2Q8RiIqyShZFNKR8+vbVhjsAT18hIh6IcqDO5ER2ah5Fs1bErmgeITatRNgdqzxgX4jErtkituiI3vdr56g5kmaTKHf2lrU6OLW3JHUokCt9Bv9E7duvnpGEA0uFvzNMVMcqZOGUbJ1m1lkYxUIIaeOjSxPjBTZB+g3A=</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==</ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</ds:Signature>

try {
    //Retrieve SAML response from post
    Document document = ppMgr.parse(request.getInputStream());
    UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(document.getDocumentElement());
    response = (Response)unmarshaller.unmarshall(document.getDocumentElement());

    //Get Public Key
    BasicX509Credential publicCredential = new BasicX509Credential();
    File publicKeyFile = new File("C:/saml.cer");

    if (publicKeyFile.exists()) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream fileStream = new FileInputStream(publicKeyFile);
        X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(fileStream);
        fileStream.close();

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        key = keyFactory.generatePublic(publicKeySpec);

        //Validate Public Key against Signature
        if (key != null) {
            publicCredential.setPublicKey(key);
            SignatureValidator signatureValidator = new SignatureValidator(publicCredential);
            signatureValidator.validate(signature);
        }
    }

    returnValue = true;
} catch (ValidationException e) {
    throw e; //Throws a 'Signature did not validate against the credential's key' exception
}
我正在使用OpenSAML构建一种方法来验证发布到服务器上的SAML2.0响应。我已经完成了大部分工作,能够访问断言的各个方面。唯一的问题是,当我尝试使用下面的公钥验证签名时,它表示“签名未根据凭据的密钥进行验证”

有什么想法吗

公钥:

MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <ds:Reference URI="#id7437579890833705637451361">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>zIoW9N/wJrjwXfQS7I5jNyZqbJQ=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>ZybzDLQ2Q8RiIqyShZFNKR8+vbVhjsAT18hIh6IcqDO5ER2ah5Fs1bErmgeITatRNgdqzxgX4jErtkituiI3vdr56g5kmaTKHf2lrU6OLW3JHUokCt9Bv9E7duvnpGEA0uFvzNMVMcqZOGUbJ1m1lkYxUIIaeOjSxPjBTZB+g3A=</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==</ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</ds:Signature>

try {
    //Retrieve SAML response from post
    Document document = ppMgr.parse(request.getInputStream());
    UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(document.getDocumentElement());
    response = (Response)unmarshaller.unmarshall(document.getDocumentElement());

    //Get Public Key
    BasicX509Credential publicCredential = new BasicX509Credential();
    File publicKeyFile = new File("C:/saml.cer");

    if (publicKeyFile.exists()) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream fileStream = new FileInputStream(publicKeyFile);
        X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(fileStream);
        fileStream.close();

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        key = keyFactory.generatePublic(publicKeySpec);

        //Validate Public Key against Signature
        if (key != null) {
            publicCredential.setPublicKey(key);
            SignatureValidator signatureValidator = new SignatureValidator(publicCredential);
            signatureValidator.validate(signature);
        }
    }

    returnValue = true;
} catch (ValidationException e) {
    throw e; //Throws a 'Signature did not validate against the credential's key' exception
}
签名:

MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <ds:Reference URI="#id7437579890833705637451361">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>zIoW9N/wJrjwXfQS7I5jNyZqbJQ=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>ZybzDLQ2Q8RiIqyShZFNKR8+vbVhjsAT18hIh6IcqDO5ER2ah5Fs1bErmgeITatRNgdqzxgX4jErtkituiI3vdr56g5kmaTKHf2lrU6OLW3JHUokCt9Bv9E7duvnpGEA0uFvzNMVMcqZOGUbJ1m1lkYxUIIaeOjSxPjBTZB+g3A=</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>MIICozCCAgygAwIBAgIGATxK1oY4MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEcMBoGCSqGSIb3DQEJ
ARYNaW5mb0Bva3RhLmNvbTAeFw0xMzAxMTcyMzI2MThaFw00MzAxMTcyMzI3MThaMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDHdlc3Rlcm51bmlvbjEc
MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
njQZkKTyJuS1evlG/ThBqGT9VID9RnN31yr1EQXYODs1pXy8w58QkztCWTvevj8GekbJ8dsVZ2Ij
UXJ50psNL1zyq0cJp8M08E75SCwaH7Q9goaReIFpYQZTbTE9FMfGcsrNIFZyBsCXS2dm+FfuGDQ6
4/W0mxOHdYxqSTD+fvMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQByeciVKaK5IKFPVzK3ZS37IOQm
2vDXZYXEzUaq1urk8gunQs75ZzgIsIh6jlUZy+FO3maAoVyW5mUzqT0jBTfI0Ea3vJfQAlgn4gW2
eiqdbu1uI48a5K1+GneO1xzqTYzMXvUoJpXqoifsrikkpHHATF8z5Y4ULKgKFSBB9VypDg==</ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</ds:Signature>

try {
    //Retrieve SAML response from post
    Document document = ppMgr.parse(request.getInputStream());
    UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(document.getDocumentElement());
    response = (Response)unmarshaller.unmarshall(document.getDocumentElement());

    //Get Public Key
    BasicX509Credential publicCredential = new BasicX509Credential();
    File publicKeyFile = new File("C:/saml.cer");

    if (publicKeyFile.exists()) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream fileStream = new FileInputStream(publicKeyFile);
        X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(fileStream);
        fileStream.close();

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        key = keyFactory.generatePublic(publicKeySpec);

        //Validate Public Key against Signature
        if (key != null) {
            publicCredential.setPublicKey(key);
            SignatureValidator signatureValidator = new SignatureValidator(publicCredential);
            signatureValidator.validate(signature);
        }
    }

    returnValue = true;
} catch (ValidationException e) {
    throw e; //Throws a 'Signature did not validate against the credential's key' exception
}
嗯,结果证明上面的代码是正确的。不正确的是SAML响应示例。我想从这一切中学到的教训是信任您的实现:)

您能提供在哪里可以找到有效的SAML响应示例以成功解析上述代码吗?
File publicKeyFile=new File(“C:/SAML.cer”)这是从IDP生成的公共证书吗?使用OpenSAML v3的更新版本,代码不再可用。不再有新的SignatureValidator()
。有人知道怎么重写吗?@schlock你能看一下吗