📄 samlsignedobject.java
字号:
{ int count = 0; Iterator i=certs.iterator(); while (i.hasNext()) { Object cert=i.next(); if (cert instanceof X509Certificate) { if (!i.hasNext() && count > 0) { // Last (but not only) cert in chain. Only add if it's not self-signed. if (((X509Certificate)cert).getSubjectDN().equals(((X509Certificate)cert).getIssuerDN())) break; } x509.addCertificate((X509Certificate)cert); } count++; } } if (x509.lengthCertificate()>0) { KeyInfo keyinfo = new KeyInfo(root.getOwnerDocument()); keyinfo.add(x509); sig.getElement().appendChild(keyinfo.getElement()); } // Finally, sign the thing. sig.sign(k); } catch (XMLSecurityException e) { unsign(); throw new InvalidCryptoException("SAMLSignedObject.sign() detected an XML security exception: " + e.getMessage(),e); } } /** * Verifies the signature using only the keying material included within it * * @throws SAMLException Thrown if the signature is invalid or if an error occurs */ public void verify() throws SAMLException { verify((Key)null); } /** * Verifies the signature using the keying material provided * * @param cert A public key certificate to use in verifying the signature * @throws SAMLException Thrown if the signature is invalid or if an error occurs */ public void verify(Certificate cert) throws SAMLException { verify(cert.getPublicKey()); } /** * Verifies the signature using the keying material provided * * @param k A secret or public key to use in verifying the signature * @throws SAMLException Thrown if the signature is invalid or if an error occurs */ public void verify(Key k) throws SAMLException { if (!isSigned()) throw new InvalidCryptoException("SAMLSignedObject.verify() can't verify unsigned object"); try { // Validate the signature content by checking for specific Transforms. boolean valid=false; SignedInfo si=sig.getSignedInfo(); if (si.getLength()==1) { Reference ref = si.item(0); if (ref.getURI() == null || ref.getURI().equals("") || ref.getURI().equals("#" + getId())) { Transforms trans = ref.getTransforms(); for (int i=0; i < trans.getLength(); i++) { if (trans.item(i).getURI().equals(Transforms.TRANSFORM_ENVELOPED_SIGNATURE)) valid = true; else if (!trans.item(i).getURI().equals(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)) { valid = false; break; } } } } if (!valid) throw new InvalidCryptoException("SAMLSignedObject.verify() detected an invalid signature profile"); // If k is null, try and find a key inside the signature. if (k == null) { if (sig_from_parse) k=sig.getKeyInfo().getPublicKey(); else { // This is really, ugly, but when the signature hasn't been fully built from a DOM, // none of the interesting bits of keying material are reachable via the API. // We have to serialize out the KeyInfo piece, and reparse it. ByteArrayOutputStream out = new ByteArrayOutputStream(); Canonicalizer c = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); out.write(c.canonicalizeSubtree(sig.getElement().getLastChild())); ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray()); KeyInfo temp = new KeyInfo(XML.parserPool.parse(in).getDocumentElement(),null); k=temp.getPublicKey(); } } if (!sig.checkSignatureValue(k)) throw new InvalidCryptoException("SAMLSignedObject.verify() failed to validate signature value"); } catch (XMLSecurityException e) { throw new InvalidCryptoException("SAMLSignedObject.verify() detected an XML security exception: " + e.getMessage(),e); } catch (java.io.IOException e) { throw new InvalidCryptoException("SAMLSignedObject.verify() detected an I/O exception: " + e.getMessage(),e); } catch (SAXException e) { throw new InvalidCryptoException("SAMLSignedObject.verify() detected a XML parsing exception: " + e.getMessage(),e); } } /** * Returns an iterator over the X.509 certificates included in the signature, if any * * @return Provides access to the certificates * @throws SAMLException Thrown if the signature is missing */ public Iterator getX509Certificates() throws SAMLException { if (isSigned()) { KeyInfo ki=sig.getKeyInfo(); if (ki!=null && ki.containsX509Data()) { try { X509Data x509 = ki.itemX509Data(0); if (x509.containsCertificate()) { ArrayList certs=new ArrayList(x509.lengthCertificate()); for (int i=0; i<x509.lengthCertificate(); i++) certs.add(x509.itemCertificate(i).getX509Certificate()); return certs.iterator(); } } catch (XMLSecurityException e) { throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() detected an XML security exception: " + e.getMessage(),e); } } throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't find any X.509 certificates in signature"); } throw new InvalidCryptoException("SAMLSignedObject.getX509Certificates() can't examine unsigned object"); } /** * Returns the algorithm identifier from the signature * * @return The algorithm identifier * @throws SAMLException Thrown if the signature is missing */ public String getSignatureAlgorithm() throws SAMLException { if (isSigned()) return sig.getSignedInfo().getSignatureMethodURI(); throw new InvalidCryptoException("SAMLSignedObject.getSignatureAlgorithm() can't examine unsigned object"); } /** * Returns true iff the object contains a signature * * @return true iff the object contains a signature */ public boolean isSigned() { return (sig!=null); } /** * Copies a SAML object such that no dependencies exist between the original * and the copy. * * @return The new object * @see java.lang.Object#clone() */ protected Object clone() throws CloneNotSupportedException { SAMLSignedObject dup=(SAMLSignedObject)super.clone(); // Clear the signature before returning the copy. dup.sig = null; return dup; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -