gpt4 book ai didi

java - opensaml 签名加密验证不成功

转载 作者:太空宇宙 更新时间:2023-11-04 14:00:19 28 4
gpt4 key购买 nike

我正在尝试对使用 OpenSAML 从身份提供商获取的 SAML2 响应进行签名验证。我正在尝试读取本地文件系统的响应。

这是我的代码:

  DefaultBootstrap.bootstrap();
BasicParserPool ppMgr = new BasicParserPool();
ppMgr.setNamespaceAware(true);

//Read file from the filesystem

File file1=new File("F:/Softwares/Assertion.xml");
InputStream inCommonSaml=new FileInputStream(file1);

// Parse file
Document inCommonSamlDoc = ppMgr.parse(inCommonSaml);
Element metadataRoot = inCommonSamlDoc.getDocumentElement();
UnmarshallerFactory unmarshallerFactory=configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
Response inCommonSamlRes = (Response) unmarshaller.unmarshall(metadataRoot);

//Get certificate
SignatureValidator signatureValidator = new SignatureValidator(cert);
Signature signature=inCommonSamlRes.getSignature();
signatureValidator.validate(signature);


try {
BasicX509Credential credential = new BasicX509Credential();

File file2=new File("F:/Softwares/publicKey.crt");
InputStream samlCertificate=new FileInputStream(file2);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
//
@SuppressWarnings("deprecation")
java.security.cert.X509Certificate certificate = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(samlCertificate);
//

X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec((certificate).getPublicKey().getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey key = keyFactory.generatePublic(publicKeySpec);


credential.setPublicKey(key);
Object obj = (credential).getPublicKey();
if (obj instanceof RSAPublicKey) {
BigInteger modulus = ((RSAPublicKey) obj).getModulus();
BigInteger exponent = ((RSAPublicKey) obj).getPublicExponent();
System.out.println("modulus");
System.out.println (org.apache.commons.codec.binary.Base64.encodeBase64String(modulus.toByteArray()));
System.out.println("public exponent:");
System.out.println (org.apache.commons.codec.binary.Base64.encodeBase64String(exponent.toByteArray()));

}
// System.out.println ("public key is: //n//r"+ credential.getPublicKey());
return credential;



} catch (Exception e) {
throw e; //Throws a 'Signature did not validate against the credential's key' exception
}

注意:我也使用相同的证书(publicKey.crt)来签署断言。
我收到以下错误:签名密码验证未成功。

请告诉我我哪里错了?错误是什么意思?是不是说公钥和私钥是一样的?

谢谢,阿斯维尼 J

最佳答案

我认为您需要从 IdP(身份提供商)服务器获取 .jks 文件。此外,当您从 IDP 获取 POST 的 SAMLResponse 时,此 SAMLResponse 应包含签名(仅供引用 - 将是一个编码字符串,您可以使用 Maven 中央存储库上提供的 Open SAML 库进行解码和读取)。从 获得签名后,您可以使用 OpenSAML 进行验证

sigValidator.validate(response.getSignature());

如果一切正常,此方法会给您消息。引用消息“使用提供的凭证中的 key 验证签名”

您可以点击此链接:http://sureshatt.blogspot.in/2012/11/how-to-read-saml-20-response-with.html获取签名和

(IMP):您的 IDP(身份提供商)应该被发送(可能通过 HTTP POST),以便您可以从中获取 NameID,即 ClinetId

关于java - opensaml 签名加密验证不成功,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29355190/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com