Validate SAML signature in java

Ranch Hand

Posts: 108

posted 9 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi all,

We need to validate a signed XML which is a SAML Response.We haven't used any API for SAML manipulation.We are trying to create our own framework for SAML manipulation.
The problem we are facing is we received an exception while read the certificate from the SAML response.

Can anyone suggest me the steps to validate the XML signature ?

Below are the exception we are getting

Exception in thread "main" java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1703)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:301)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at test.CertificateReader.test(CertificateReader.java:20)
at test.CertificateReader.main(CertificateReader.java:43)

public class CertificateReader {

public static void test(String input, String output)
    throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    System.out.println();
    System.out.println("CertificateFactory Object Info: ");
    System.out.println("Type = "+cf.getType());
    System.out.println("Provider = "+cf.getProvider());
    System.out.println("toString = "+cf.toString());

FileInputStream fis = new FileInputStream(input);
    java.security.cert.Certificate cert = cf.generateCertificate(fis);
    fis.close();
    System.out.println();
    System.out.println("Certificate Object Info: ");
    System.out.println("Type = "+cert.getType());
    System.out.println("toString = "+cert.toString());

PublicKey pubKey = cert.getPublicKey();
    System.out.println();
    System.out.println("PublicKey Object Info: ");
    System.out.println("Algorithm = "+pubKey.getAlgorithm());
    System.out.println("Format = "+pubKey.getFormat());
    System.out.println("toString = "+pubKey.toString());
    
    FileOutputStream fos = new FileOutputStream(output);
    byte[] certBytes = cert.getEncoded();
    fos.write(certBytes);
    fos.close();
 }

Thanks in advance.

All search starts with beginner's luck and all search ends with victor's severly tested.