OpenSAML user discussion

[Ramesh Sundararajan <>]

Hi,

KeyFactory keyFactory = null;
>         PublicKey publicKey = null;
>         Element sigElem = (Element)
>           assertionElem.getElementsByTagName("Signature").item(0);
> 
>         signatureBuilder = new SignatureBuilder();
>         Signature signature = signatureBuilder.buildObject(sigElem);
>         signature.setCanonicalizationAlgorithm(Canonicalizer.
>                      ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>         signature.setSignatureAlgorithm(XMLSignature.
>                      ALGO_ID_SIGNATURE_RSA_SHA1);
> 
> 47*    SignatureValidator signatureValidator = new
>                      SignatureValidator(publicKey);
> 
>         try {
>             keyFactory = KeyFactory.getInstance("RSA");
>             publicKey = keyFactory.generatePublic(publicSpec);

Your public key is null.Move your SignatureValidator instance from line 47 to 
the last line in the above piece of code.

----- Original Message ----
From: Brad Anderson 
<>
To: 

Sent: Wednesday, 29 November, 2006 3:50:18 PM
Subject: Re: Signature Verification error


Brad Anderson wrote:
> Hi,
> 
> I'm getting the following error:
> java.lang.IllegalArgumentException: Verification key may not be null
>         at
> org.opensaml.xml.signature.SignatureValidator.<init>(SignatureValidator.java:45)
>         at 
> com.xxxxx.bi.admin.sso.VerifySignature.verify(VerifySignature.java:47)
> 
> when trying to get a SignatureValidator with this code:
> 
> -----------------------------------
> package com.xxxxx.bi.admin.sso;
> 
> import java.security.KeyFactory;
> import java.security.NoSuchAlgorithmException;
> import java.security.PublicKey;
> import java.security.spec.InvalidKeySpecException;
> import java.security.spec.RSAPublicKeySpec;
> 
> import org.apache.xml.security.c14n.Canonicalizer;
> import org.apache.xml.security.signature.XMLSignature;
> import org.opensaml.xml.signature.Signature;
> import org.opensaml.xml.signature.SignatureBuilder;
> import org.opensaml.xml.signature.SignatureValidator;
> import org.opensaml.xml.validation.ValidationException;
> import org.w3c.dom.Element;
> 
> import com.xxxxx.bi.util.Log;
> 
> public class VerifySignature {
> 
>     private SignatureBuilder signatureBuilder;
> 
>     public VerifySignature() {}
> 
>     public boolean verify(RawRSAKey rawKey, Element assertionElem) {
> 
>         boolean ret = false;
> 
>         org.apache.xml.security.Init.init();
>         RSAPublicKeySpec publicSpec = new RSAPublicKeySpec
>                      (rawKey.getModulus(), rawKey.getExponent());
> 
>         KeyFactory keyFactory = null;
>         PublicKey publicKey = null;
>         Element sigElem = (Element)
>           assertionElem.getElementsByTagName("Signature").item(0);
> 
>         signatureBuilder = new SignatureBuilder();
>         Signature signature = signatureBuilder.buildObject(sigElem);
>         signature.setCanonicalizationAlgorithm(Canonicalizer.
>                      ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>         signature.setSignatureAlgorithm(XMLSignature.
>                      ALGO_ID_SIGNATURE_RSA_SHA1);
> 
> 47*    SignatureValidator signatureValidator = new
>                      SignatureValidator(publicKey);
> 
>         try {
>             keyFactory = KeyFactory.getInstance("RSA");
>             publicKey = keyFactory.generatePublic(publicSpec);
> 
>             signatureValidator.validate(signature);
> 
>             // if we got here, sig is valid
>             ret = true;
>             Log.logDbg(4, "Signature Valid: " + ret);
> 
>         } catch (NoSuchAlgorithmException noAlgorithm) {
>             Log.logErr(noAlgorithm);
>             return false;
>         } catch (InvalidKeySpecException badSpec) {
>             Log.logErr(badSpec);
>             return false;
>         } catch (ValidationException badSig) {
>             Log.logErr(badSig);
>             return false;
>         }
> 
>         return ret;
>     }
> }
> -----------------------------------
> 
> I've modeled this after SignedAssertionTest.java in org.opensaml.saml2.core
> r766, although all the examples I see on the web are round-trips signing and
> verifying.  I am getting this assertion from a .NET platform, so will not 
> have
> the private key, and as such, I omit that from my code.  I also had to use 
> the
> RSAPublicKeySpec to read the XML doc with Exponent and Modulus into a
> PublicKey object.
> 
> Any thoughts?
> 
> Cheers,
> Brad
> 

Duh, I have to put the SignatureValidator in the try block after publicKey is
set.  Okay, so I'm not so bright.

After doing that, however, I got:

java.lang.NullPointerException
        at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:60)
        at 
com.xxxxx.bi.admin.sso.VerifySignature.verify(VerifySignature.java:52)

Line 52 is the next one:
signatureValidator.validate(signature);

Now does anyone have any thoughts?

Cheers,
Brad


        
        
                
___________________________________________________________ 
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease 
of use." - PC Magazine 
http://uk.docs.yahoo.com/nowyoucan.html