/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: QuerySignatureUtil.java,v 1.2 2008/06/25 05:47:45 qcheng Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The <code>QuerySignatureUtil</code> provides methods to
* sign query string and to verify signature on query string
*/
public class QuerySignatureUtil {
static {
}
private QuerySignatureUtil() {
}
/**
* Signs the query string.
* @param queryString Query String
* @param privateKey siging key
* @return String signed query string
* @exception SAML2Exception if the signing fails
*/
"QuerySignatureUtil.sign: ";
if (queryString == null ||
privateKey == null) {
"Either input query string or private key is null."
);
throw new SAML2Exception(
}
"Input query string:\n" +
}
final String querySigAlg;
switch (alg) {
case "RSA":
//Defaulting to RSA-SHA1 for the sake of interoperability
break;
case "DSA":
//Defaulting to SHA1WithDSA as JDK7 does not support SHA256WithDSA
break;
case "EC":
break;
default:
}
try {
} catch (NoSuchAlgorithmException nsae) {
throw new SAML2Exception(nsae);
}
!= '&'){
}
"Final string to be signed:\n" +
}
byte[] sigBytes;
try {
} catch (GeneralSecurityException gse) {
throw new SAML2Exception(gse);
}
"Generated signature is null");
throw new SAML2Exception(
"nullSigGenerated"
)
);
}
queryString +=
"Signed query string:\n" +
}
return queryString;
}
/**
* Verifies the query string signature.
*
* @param queryString Signed query String.
* @param verificationCerts Verification certificates.
* @return boolean whether the verification is successful or not.
* @throws SAML2Exception if there is an error during verification.
*/
public static boolean verify(
) throws SAML2Exception {
"QuerySignatureUtil.verify: ";
if (queryString == null ||
"Input query string or certificate is null");
throw new SAML2Exception(
}
"Query string to be verifed:\n" + queryString);
}
StringTokenizer st = new
while (st.hasMoreTokens()) {
}
}
"Null SigAlg query parameter.");
throw new SAML2Exception(
}
"Null Signature query parameter.");
throw new SAML2Exception(
}
// The following manipulation is necessary because
// other implementations could send the query
// parameters out of order, i.e., not in the same
// order when signature is produced
} else {
}
}
"Query string to be verifed (re-arranged):\n" +
}
"Null SigAlg query parameter value.");
throw new SAML2Exception(
}
"SigAlg query parameter value: " +
}
"Null Signature query parameter value.");
throw new SAML2Exception(
}
"Signature query parameter value:\n" +
}
// base-64 decode the signature value
// get Signature instance based on algorithm
}
try {
} catch (NoSuchAlgorithmException nsae) {
throw new SAML2Exception(nsae);
}
}
private static boolean isValidSignature(Signature sig, Set<X509Certificate> certificates, byte[] queryString,
byte[] signature) throws SAML2Exception {
try {
return true;
}
if (firstException == null) {
firstException = ex;
}
}
}
if (firstException != null) {
throw new SAML2Exception(firstException);
}
return false;
}
}