我在SSO身份验证后收到了响应,我正在尝试验证saml响应中的签名。我使用以下方法:
DefaultBootstrap.bootstrap();
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new InputSource(new StringReader(decryptedSamlResponse)));
Element metadataRoot = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
Response response = (Response) unmarshaller.unmarshall(metadataRoot);
List<EncryptedAssertion> encryptedAssertion = response.getEncryptedAssertions();
StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(credentials.getCredential());
Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
Assertion assertion = decrypter.decrypt(encryptedAssertion.get(0));
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
File publicKeyFile = new File("/Users/Rajat/Desktop/test.cer");
InputStream fileStream = new FileInputStream(publicKeyFile);
X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(fileStream);
fileStream.close();
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey key = keyFactory.generatePublic(publicKeySpec);
try {
BasicX509Credential publicCredential = new BasicX509Credential();
publicCredential.setPublicKey(key);
SignatureValidator signatureValidator = new SignatureValidator(publicCredential);
signatureValidator.validate(assertion.getSignature());
System.out.println("validated");
} catch (ValidationException e) {
e.printStackTrace();
System.out.println("Could not validate");
}
但我得到错误:
org.opensaml.xml.validation.ValidationException: Unable to evaluate key against signature
Caused by: org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #_fce8e068-e447-4530-bb33-170420793920 has no XMLSignatureInput
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID _fce8e068-e447-4530-bb33-170420793920
Caused by: org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID _fce8e068-e447-4530-bb33-170420793920
请帮我解决此问题。