Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Signature Verification error

Subject: OpenSAML user discussion

List archive

Re: Signature Verification error


Chronological Thread 
  • From: Ramesh Sundararajan <>
  • To:
  • Subject: Re: Signature Verification error
  • Date: Wed, 29 Nov 2006 21:57:52 +0000 (GMT)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Tb2ctABd7gcgKRmJAfW4c1LQkvhJ2roYv1TdkX5jNBRzKDFpNxyGtbWJ7M6CLZhraH6Sedh+6ihtfA4h4Xw7S5pmp7UZBr1ZoayfOimb4l6jsdxQbQXkEUDKhjx1KeUusxOWmhtz170jRJhjFX8Rva7OIcuZJeik9M2uQsrTgp4= ;

Hi,

KeyFactory keyFactory = null;
> PublicKey publicKey = null;
> Element sigElem = (Element)
> assertionElem.getElementsByTagName("Signature").item(0);
>
> signatureBuilder = new SignatureBuilder();
> Signature signature = signatureBuilder.buildObject(sigElem);
> signature.setCanonicalizationAlgorithm(Canonicalizer.
> ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
> signature.setSignatureAlgorithm(XMLSignature.
> ALGO_ID_SIGNATURE_RSA_SHA1);
>
> 47* SignatureValidator signatureValidator = new
> SignatureValidator(publicKey);
>
> try {
> keyFactory = KeyFactory.getInstance("RSA");
> publicKey = keyFactory.generatePublic(publicSpec);

Your public key is null.Move your SignatureValidator instance from line 47 to
the last line in the above piece of code.

----- Original Message ----
From: Brad Anderson
<>
To:

Sent: Wednesday, 29 November, 2006 3:50:18 PM
Subject: Re: Signature Verification error


Brad Anderson wrote:
> Hi,
>
> I'm getting the following error:
> java.lang.IllegalArgumentException: Verification key may not be null
> at
> org.opensaml.xml.signature.SignatureValidator.<init>(SignatureValidator.java:45)
> at
> com.xxxxx.bi.admin.sso.VerifySignature.verify(VerifySignature.java:47)
>
> when trying to get a SignatureValidator with this code:
>
> -----------------------------------
> package com.xxxxx.bi.admin.sso;
>
> import java.security.KeyFactory;
> import java.security.NoSuchAlgorithmException;
> import java.security.PublicKey;
> import java.security.spec.InvalidKeySpecException;
> import java.security.spec.RSAPublicKeySpec;
>
> import org.apache.xml.security.c14n.Canonicalizer;
> import org.apache.xml.security.signature.XMLSignature;
> import org.opensaml.xml.signature.Signature;
> import org.opensaml.xml.signature.SignatureBuilder;
> import org.opensaml.xml.signature.SignatureValidator;
> import org.opensaml.xml.validation.ValidationException;
> import org.w3c.dom.Element;
>
> import com.xxxxx.bi.util.Log;
>
> public class VerifySignature {
>
> private SignatureBuilder signatureBuilder;
>
> public VerifySignature() {}
>
> public boolean verify(RawRSAKey rawKey, Element assertionElem) {
>
> boolean ret = false;
>
> org.apache.xml.security.Init.init();
> RSAPublicKeySpec publicSpec = new RSAPublicKeySpec
> (rawKey.getModulus(), rawKey.getExponent());
>
> KeyFactory keyFactory = null;
> PublicKey publicKey = null;
> Element sigElem = (Element)
> assertionElem.getElementsByTagName("Signature").item(0);
>
> signatureBuilder = new SignatureBuilder();
> Signature signature = signatureBuilder.buildObject(sigElem);
> signature.setCanonicalizationAlgorithm(Canonicalizer.
> ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
> signature.setSignatureAlgorithm(XMLSignature.
> ALGO_ID_SIGNATURE_RSA_SHA1);
>
> 47* SignatureValidator signatureValidator = new
> SignatureValidator(publicKey);
>
> try {
> keyFactory = KeyFactory.getInstance("RSA");
> publicKey = keyFactory.generatePublic(publicSpec);
>
> signatureValidator.validate(signature);
>
> // if we got here, sig is valid
> ret = true;
> Log.logDbg(4, "Signature Valid: " + ret);
>
> } catch (NoSuchAlgorithmException noAlgorithm) {
> Log.logErr(noAlgorithm);
> return false;
> } catch (InvalidKeySpecException badSpec) {
> Log.logErr(badSpec);
> return false;
> } catch (ValidationException badSig) {
> Log.logErr(badSig);
> return false;
> }
>
> return ret;
> }
> }
> -----------------------------------
>
> I've modeled this after SignedAssertionTest.java in org.opensaml.saml2.core
> r766, although all the examples I see on the web are round-trips signing and
> verifying. I am getting this assertion from a .NET platform, so will not
> have
> the private key, and as such, I omit that from my code. I also had to use
> the
> RSAPublicKeySpec to read the XML doc with Exponent and Modulus into a
> PublicKey object.
>
> Any thoughts?
>
> Cheers,
> Brad
>

Duh, I have to put the SignatureValidator in the try block after publicKey is
set. Okay, so I'm not so bright.

After doing that, however, I got:

java.lang.NullPointerException
at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:60)
at
com.xxxxx.bi.admin.sso.VerifySignature.verify(VerifySignature.java:52)

Line 52 is the next one:
signatureValidator.validate(signature);

Now does anyone have any thoughts?

Cheers,
Brad





___________________________________________________________
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease
of use." - PC Magazine
http://uk.docs.yahoo.com/nowyoucan.html



Archive powered by MHonArc 2.6.16.

Top of Page