[picketlink-commits] Picketlink SVN: r1145 - in federation/trunk: picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2 and 1 other directory.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Thu Jul 28 18:09:51 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-28 18:09:51 -0400 (Thu, 28 Jul 2011)
New Revision: 1145
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/SignatureValidationException.java
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
Log:
PLFED-8: throw ex if sig validation fails
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/SignatureValidationException.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/SignatureValidationException.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/exceptions/SignatureValidationException.java 2011-07-28 22:09:51 UTC (rev 1145)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.saml.v2.exceptions;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates the failure of signature validation
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 28, 2011
+ */
+public class SignatureValidationException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = 1L;
+
+ public SignatureValidationException()
+ {
+ }
+
+ public SignatureValidationException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public SignatureValidationException(String msg)
+ {
+ super(msg);
+ }
+
+ public SignatureValidationException(Throwable cause)
+ {
+ super(cause);
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2011-07-28 21:41:04 UTC (rev 1144)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.java 2011-07-28 22:09:51 UTC (rev 1145)
@@ -26,6 +26,7 @@
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.exceptions.SignatureValidationException;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerErrorCodes;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
@@ -41,61 +42,62 @@
*/
public class SAML2SignatureValidationHandler extends BaseSAML2Handler
{
- private static Logger log = Logger.getLogger(SAML2SignatureValidationHandler.class);
- private boolean trace = log.isTraceEnabled();
-
+ private static Logger log = Logger.getLogger(SAML2SignatureValidationHandler.class);
+
+ private final boolean trace = log.isTraceEnabled();
+
/**
* @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest, SAML2HandlerResponse)}
*/
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
{
- Map<String,Object> requestOptions = request.getOptions();
- Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
- if(ignoreSignatures == Boolean.TRUE)
+ Map<String, Object> requestOptions = request.getOptions();
+ Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
+ if (ignoreSignatures == Boolean.TRUE)
return;
-
+
Document signedDocument = request.getRequestDocument();
-
- if(trace)
+
+ if (trace)
{
- log.trace("Will validate :" + DocumentUtil.asString(signedDocument));
+ log.trace("Will validate :" + DocumentUtil.asString(signedDocument));
}
PublicKey publicKey = (PublicKey) request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
try
{
- boolean isValid = this.validateSender(signedDocument, publicKey);
- if(!isValid)
- throw new ProcessingException();
+ boolean isValid = this.validateSender(signedDocument, publicKey);
+ if (!isValid)
+ throw constructSignatureException();
}
- catch(ProcessingException pe)
+ catch (ProcessingException pe)
{
- response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID,
- "Signature Validation Failed");
- throw pe;
+ response.setError(SAML2HandlerErrorCodes.SIGNATURE_INVALID, "Signature Validation Failed");
+ throw pe;
}
}
@Override
public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response)
throws ProcessingException
- {
- Map<String,Object> requestOptions = request.getOptions();
- Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
- if(ignoreSignatures == Boolean.TRUE)
+ {
+ Map<String, Object> requestOptions = request.getOptions();
+ Boolean ignoreSignatures = (Boolean) requestOptions.get(GeneralConstants.IGNORE_SIGNATURES);
+ if (ignoreSignatures == Boolean.TRUE)
return;
-
+
Document signedDocument = request.getRequestDocument();
- if(trace)
+ if (trace)
{
- log.trace("Document for validation=" + DocumentUtil.asString(signedDocument));
+ log.trace("Document for validation=" + DocumentUtil.asString(signedDocument));
}
-
+
PublicKey publicKey = (PublicKey) request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
- this.validateSender(signedDocument, publicKey);
+ boolean isValid = this.validateSender(signedDocument, publicKey);
+ if (!isValid)
+ throw constructSignatureException();
}
-
- private boolean validateSender(Document signedDocument, PublicKey publicKey)
- throws ProcessingException
+
+ private boolean validateSender(Document signedDocument, PublicKey publicKey) throws ProcessingException
{
try
{
@@ -103,8 +105,14 @@
}
catch (Exception e)
{
- log.error("Error validating signature:" , e);
+ log.error("Error validating signature:", e);
throw new ProcessingException("Error validating signature.");
- }
- }
+ }
+ }
+
+ private ProcessingException constructSignatureException()
+ {
+ SignatureValidationException sv = new SignatureValidationException("Signature Validation Failed");
+ return new ProcessingException(sv);
+ }
}
\ No newline at end of file
More information about the picketlink-commits
mailing list