130 MultivaluedMap<String, String> encodedParams = uriInformation.getQueryParameters(
false);
131 String request = encodedParams.getFirst(paramKey);
132 String algorithm = encodedParams.getFirst(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
133 String signature = encodedParams.getFirst(GeneralConstants.SAML_SIGNATURE_REQUEST_KEY);
134 String relayState = encodedParams.getFirst(GeneralConstants.RELAY_STATE);
135 String decodedAlgorithm = uriInformation.getQueryParameters(
true).getFirst(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
137 if (request == null)
throw new VerificationException(
"SAM was null");
138 if (algorithm == null)
throw new VerificationException(
"SigAlg was null");
139 if (signature == null)
throw new VerificationException(
"Signature was null");
146 StringBuilder rawQueryBuilder =
new StringBuilder().append(paramKey).append(
"=").append(request);
147 if (encodedParams.containsKey(GeneralConstants.RELAY_STATE)) {
148 rawQueryBuilder.append(
"&" + GeneralConstants.RELAY_STATE +
"=").append(relayState);
150 rawQueryBuilder.append(
"&" + GeneralConstants.SAML_SIG_ALG_REQUEST_KEY +
"=").append(algorithm);
151 String rawQuery = rawQueryBuilder.toString();
154 byte[] decodedSignature = RedirectBindingUtil.urlBase64Decode(signature);
156 SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getFromXmlMethod(decodedAlgorithm);
157 Signature validator = signatureAlgorithm.createSignature();
158 Key key = locator.getKey(keyId);
159 if (key instanceof PublicKey) {
160 validator.initVerify((PublicKey) key);
161 validator.update(rawQuery.getBytes(
"UTF-8"));
163 throw new VerificationException(
"Invalid key locator for signature verification");
165 if (!validator.verify(decodedSignature)) {
166 throw new VerificationException(
"Invalid query param signature");
168 }
catch (Exception e) {
169 throw new VerificationException(e);
static String getMessageSigningKeyId(SAML2Object doc)
Definition: SamlProtocolUtils.java:173