Examples of org.opensaml.xml.signature.SignatureTrustEngine.validate()

Class org.opensaml.xml.signature.SignatureTrustEngine

Examples of org.opensaml.xml.signature.SignatureTrustEngine.validate()

org.opensaml.xml.signature.SignatureTrustEngine.validate()
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
A candidate verification credential may optionally be supplied. If one is supplied and is determined to successfully verify the signature, an attempt will be made to establish trust on this basis.

If a candidate credential is not supplied, or it does not successfully verify the signature, some implementations may be able to resolve candidate verification credential(s) in an implementation-specific manner based on the trusted criteria supplied, and then attempt to verify the signature and establish trust on this basis.
@param signature the signature value @param content the content that was signed @param algorithmURI the signature algorithm URI which was used to sign the content @param trustBasisCriteria criteria used to describe and/or resolve the informationwhich serves as the basis for trust evaluation @param candidateCredential the untrusted candidate credential containing the validation keyfor the signature (optional) @return true if the signature was valid for the provided content and was signed by a keycontained within a credential established as trusted based on the supplied criteria, otherwise false @throws SecurityException thrown if there is a problem attempting to verify the signature such as the signaturealgorithim not being supported


        // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
        // So have 2 slightly different cases.
        try {
            if (candidateCredentials == null || candidateCredentials.isEmpty()) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                    log.debug("Simple signature validation (with no request-derived credentials) was successful");
                    return true;
                } else {
                    log.warn("Simple signature validation (with no request-derived credentials) failed");
                    return false;

View Full Code Here

                    log.warn("Simple signature validation (with no request-derived credentials) failed");
                    return false;
                }
            } else {
                for (Credential cred : candidateCredentials) {
                    if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                        log.debug("Simple signature validation succeeded with a request-derived credential");
                        return true;
                    }
                }
                log.warn("Signature validation using request-derived credentials failed");

View Full Code Here


        // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
        // So have 2 slightly different cases.
        try {
            if (candidateCredentials == null || candidateCredentials.isEmpty()) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                    log.debug("Simple signature validation (with no request-derived credentials) was successful");
                    return true;
                } else {
                    log.error("Simple signature validation (with no request-derived credentials) failed");
                    return false;

View Full Code Here

                    log.error("Simple signature validation (with no request-derived credentials) failed");
                    return false;
                }
            } else {
                for (Credential cred : candidateCredentials) {
                    if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                        log.debug("Simple signature validation succeeded with a request-derived credential");
                        return true;
                    }
                }
                log.error("Signature validation using request-derived credentials failed");

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.