/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FMSigProvider.java,v 1.5 2009/05/09 15:43:59 mallas Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* <code>FMSigProvider</code> is an class for signing
* and verifying XML documents, it implements <code>SigProvider</code>
*/
// flag to check if the partner's signing cert included in
// the XML doc is the same as the one in its meta data
private static boolean checkCert = true;
static {
"com.sun.identity.saml.checkcert",
"on");
checkCert = false;
}
}
/**
* Default Constructor
*/
public FMSigProvider() {
}
/**
* Sign the xml document node whose identifying attribute value
* is as supplied, using enveloped signatures and use exclusive xml
* canonicalization. The resulting signature is inserted after the
* first child node (normally Issuer element for SAML2) of the node
* to be signed.
* @param xmlString String representing an XML document to be signed
* @param idValue id attribute value of the root node to be signed
* @param privateKey Signing key
* @param cert Certificate which contain the public key correlated to
* the signing key; It if is not null, then the signature
* will include the certificate; Otherwise, the signature
* will not include any certificate
* @return Element representing the signature element
* @throws SAML2Exception if the document could not be signed
*/
) throws SAML2Exception {
privateKey == null) {
"Either input xml string or id value or "+
"private key is null.");
throw new SAML2Exception(
}
throw new SAML2Exception(
"errorObtainingElement")
);
}
try {
} catch (XMLSecurityException xse1) {
throw new SAML2Exception(xse1);
}
try {
SAML2Constants.DSA)) {
sigAlg =
} else {
SAML2Constants.RSA)) {
sigAlg =
}
}
}
sig = new XMLSignature(
} catch (XMLSecurityException xse2) {
throw new SAML2Exception(xse2);
}
while (firstChild != null &&
}
if (firstChild != null) {
}
if (nextSibling == null) {
} else {
}
try {
} catch (TransformationException te1) {
throw new SAML2Exception(te1);
}
try {
} catch (TransformationException te2) {
throw new SAML2Exception(te2);
}
try {
ref,
} catch (XMLSignatureException sige1) {
throw new SAML2Exception(sige1);
}
try {
} catch (XMLSecurityException xse3) {
throw new SAML2Exception(xse3);
}
}
try {
} catch (XMLSignatureException sige2) {
throw new SAML2Exception(sige2);
}
"Signing is successful.");
}
return sig.getElement();
}
public boolean verify(
) throws SAML2Exception {
"Either input xmlString or idValue is null.");
throw new SAML2Exception(
}
throw new SAML2Exception(
"errorObtainingElement")
);
}
try {
doc,
"//ds:Signature[1]", nscontext);
} catch (TransformerException te) {
throw new SAML2Exception(te);
}
try {
doc,
"//ds:Reference[1]", nscontext);
} catch (TransformerException te) {
throw new SAML2Exception(te);
}
+ "not match with element ID");
}
try {
signature = new
} catch (XMLSignatureException sige) {
throw new SAML2Exception(sige);
} catch (XMLSecurityException xse) {
throw new SAML2Exception(xse);
}
OfflineResolver());
try {
} catch (KeyResolverException kre) {
"Could not obtain a certificate " +
"from inside the document."
);
}
}
}
}
}
}
return false;
}
}
return true;
}
private boolean isValidSignature(XMLSignature signature, Set<X509Certificate> certificates) throws SAML2Exception {
} else {
try {
return true;
}
} catch (XMLSignatureException xse) {
if (firstException == null) {
}
}
}
}
if (firstException != null) {
throw new SAML2Exception(firstException);
}
return false;
}
}