mace-opensaml-users - Re: SAML request signature in C++ and Java
Subject: OpenSAML user discussion
List archive
- From: Gabriel López <>
- To: Scott Cantor <>
- Cc:
- Subject: Re: SAML request signature in C++ and Java
- Date: Mon, 24 May 2004 09:23:33 +0200
Hi Scott
Scott Cantor wrote:
FWIW, I did some testing myself and was able to generate a signed response
containing a signed assertion in C++ and verify both in Java. I'm a tiny bit
surprised it worked, but it did, so the serialization code in C++ appears to
be non-corrupting even though it's not quite done how I'd like. That would
suggest something else may be corrupting your signature.
-- Scott
I paste the C++ and Java code, and the SAMLRequest object generated.
Can you try this code?, perhaps is a version problem
Thanks, Gabi.
C++ code:
SAMLConfig& conf1=SAMLConfig::getConfig();
conf1.schema_dir=schema_path; if (!conf1.init())
cerr << "unable to initialize SAML runtime" << endl;
else
cout <<"SAML initialization ok" << endl;
auto_ptr<XMLCh> url(XMLString::transcode(aa_url));
SAMLAuthorityBinding binfo(saml::QName(saml::XML::SAMLP_NS,L(AttributeQuery)),SAMLBinding::SAML_SOAP_HTTPS,url.get());
auto_ptr<XMLCh> domain(XMLString::transcode(orgsite_url));
auto_ptr<XMLCh> handle(XMLString::transcode(handler));
auto_ptr<XMLCh> resource(XMLString::transcode(resource_url));
try {
SAMLNameIdentifier* nameid = new SAMLNameIdentifier(handle.get(),domain.get());
SAMLSubject* subject = new SAMLSubject(nameid);
SAMLAttributeQuery* attquery = new SAMLAttributeQuery(subject,resource.get()); SAMLRequest* req=new SAMLRequest(Iterator<saml::QName>(),attquery);
cout <<"SAMLCMOD: read private key" << endl;
BIO *bio=BIO_new(BIO_s_file());
BIO_read_filename(bio,key);
EVP_PKEY* pkey=PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
OpenSSLCryptoKeyRSA* xseckey=new OpenSSLCryptoKeyRSA(pkey);
cout <<"SAMLCMOD: read certificate" << endl;
BIO *bio2=BIO_new(BIO_s_file());
BIO_read_filename(bio2,cert);
X509* x50=PEM_read_bio_X509(bio2,NULL,0,NULL);
auto_ptr<OpenSSLCryptoX509> x509(new OpenSSLCryptoX509(x50)); XSECCryptoX509* certs[] = { x509.get() };
cout <<"SAMLCMOD: sign request" << endl;
req->sign(SIGNATURE_RSA,xseckey->clone(),ArrayIterator<XSECCryptoX509*>(certs,1));
delete xseckey;
EVP_PKEY_free(pkey);
cout << *req;
cout <<"SAMLCMOD: send request" << endl;
SAMLBinding* pBinding= new SAMLSOAPBinding();
SAMLResponse* resp=pBinding->send(binfo,*req);
delete pBinding; }
catch(SAMLException& e)
{
cerr << "caught a SAML exception: " << e << endl;
}
catch(XSECException& e)
{
cerr << "caught an XMLSec exception: "; xmlout(cerr,e.getMsg()); cerr << endl;
}
catch(XSECCryptoException& e)
{
cerr << "caught an XMLSecCrypto exception: " << e.getMsg() << endl;
}
catch(XMLException& e)
{
cerr << "caught an XML exception: "; xmlout(cerr,e.getMessage()); cerr << endl;
}
catch(...)
{
cerr << "caught an unknown exception" << endl;
}
conf1.term(); return EXIT_SUCCESS;
}
Java code:
public void doPost(HttpServletRequest peticion, HttpServletResponse respuesta) throws IOException, ServletException {
StringBuffer buf = new StringBuffer();
try {
SAMLSOAPBinding soapBinding= new SAMLSOAPBinding();
SAMLRequest request = soapBinding.receive(peticion,buf);
request.verify(); request.verify(keystore.getCertificate("DestinationSite"));
if (request.getQuery() instanceof SAMLAuthorizationDecisionQuery) {
SAMLAuthorizationDecisionQuery adq= ((SAMLAuthorizationDecisionQuery)request.getQuery()); SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SAML_SOAP_HTTPS,
"https://127.0.0.1:8443/proyecto2/servlet/DestinationSite";, new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery")); SAMLResponse resp = SAMLPOSTProfile.prepare("127.0.0.1","SourceSite",null,adq.getSubject().getName(),null,"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName",peticion.getRemoteAddr(),SAMLAuthenticationStatement.AuthenticationMethod_X509_PublicKey,new java.util.Date(System.currentTimeMillis()),Collections.singleton(binding));
resp = this.responder(resp,adq.getSubject().getName(),adq.getResource());
soapBinding.respond(respuesta,resp,null);
}
} catch(SAMLException e) { System.out.println("doPost exception: " + e); } catch(Exception e) { System.out.println("doPost exception: " + e);
} }
}
SAMLRequest object:
<Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-05-21T11:11:11Z" MajorVersion="1" MinorVersion="1" RequestID="f51ef71057205d1f7b79352168731a87"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#f51ef71057205d1f7b79352168731a87">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="#default saml samlp ds xsd xsi code kind rw typens"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>19ryxa/t/makkKSfY/01USH/5r8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>iw93x52N1Rk0b6Hh7d1zO20RbZY1M1g7KKcCEYV6eScuwrEwNKTM8UGQGchpl0sl
vVF+91c0VWMhCEpPb/p/5A==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICETCCAXqgAwIBAgIBezANBgkqhkiG9w0BAQQFADBPMQswCQYDVQQGEwJFUzEQ
MA4GA1UEChMHZXVybzZpeDEQMA4GA1UECxMHZXVybzZpeDEcMBoGA1UEAxMTRXVy
bzZJWCBSb290IFBLSSBJVjAeFw0wMzA1MDcxMDE3MDdaFw0wNDA1MDYxMDE3MDda
MFMxCzAJBgNVBAYTAkVTMRAwDgYDVQQKEwdldXJvNml4MRAwDgYDVQQLEwdldXJv
Nml4MSAwHgYDVQQDExdwaXJhbmlhLnVtdS5ldXJvNml4Lm9yZzBcMA0GCSqGSIb3
DQEBAQUAA0sAMEgCQQCfvlKihWxZcKM4OS6J0GTnPrGOf2pT+Mf9fvJMIbDpkyDW
XzGiaVfU9Pj8sP3o3O/Sl1n291PKfzcH1JwfcqTXAgMBAAGjPTA7MBEGCWCGSAGG
+EIBAQQEAwIEcDAJBgNVHRMEAjAAMBsGA1UdEQQUMBKBEGdhYmlsbUBkaWYudW0u
ZXMwDQYJKoZIhvcNAQEEBQADgYEAsxasBcYW83G+A25hpBsMoh3B3QJPJ71h+iAb
2RoIgTlIsOW5vytOocdnXglvgg/F5qK0z3zdSiuquNv3xXywodsyhITxfY5lHEsr
enFdTwj6yMnmrFE8xxJFNpi2p5LyQ5Z4G1Ynj0qLLAwR/US2Dh0joJLc57yoWLRM
U3i5rc8=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature><AttributeQuery Resource="http://www.um.es";><Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><NameIdentifier NameQualifier="http://localhost:8080";>gabilm</NameIdentifier></Subject></AttributeQuery></Request>
- SAML request signature in C++ and Java, Gabriel López, 05/20/2004
- RE: SAML request signature in C++ and Java, Scott Cantor, 05/20/2004
- Re: SAML request signature in C++ and Java, Gabriel López, 05/21/2004
- RE: SAML request signature in C++ and Java, Scott Cantor, 05/21/2004
- Re: SAML request signature in C++ and Java, Gabriel López, 05/21/2004
- <Possible follow-up(s)>
- Re: SAML request signature in C++ and Java, Scott Cantor, 05/22/2004
- Re: SAML request signature in C++ and Java, Gabriel López, 05/24/2004
- RE: SAML request signature in C++ and Java, Scott Cantor, 05/24/2004
- Re: SAML request signature in C++ and Java, Gabriel López, 05/24/2004
- RE: SAML request signature in C++ and Java, Scott Cantor, 05/20/2004
Archive powered by MHonArc 2.6.16.