private void verifyAssertionSignature()

in src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java [444:458]

14 lines of code
3 McCabe index (conditional complexity)


    private void verifyAssertionSignature(final Assertion assertion) {
        if (!assertion.isSigned()) {
            logger.error("Halting");
            throw new SAML2RuntimeException("The SAML Assertion was not signed!");
        }
        try {
            SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
            profileValidator.validate(assertion.getSignature());
            // use IDP Cert to verify signature
            SignatureValidator.validate(assertion.getSignature(), this.getIdpVerificationCert());
            logger.info("SAML Assertion signature verified");
        } catch (SignatureException e) {
            throw new SAML2RuntimeException("SAML Assertion signature problem", e);
        }
    }