OpenSAML user discussion

[Thomas <>]

Hi everybody,

        I have upgraded from TP-2 to latest trunk code but I have problem
validating the signatures of assertions. The code I used with the TP-2
version was:


CREATION:
--------
// Set up signature parameters
sign.setSigningKey( keys.getPrivate() );
sign.setSignatureAlgorithm( params.getAlgorithm() );
sign.setCanonicalizationAlgorithm( params.getCanonicalization() );

// Add the public key to the signature
KeyInfo keyInfo = (KeyInfo) buildSAMLObject( KeyInfo.DEFAULT_ELEMENT_NAME );
keyInfo.setPublicKey( keys.getPublic() ); // (*)
sign.setKeyInfo( keyInfo );

// Link the signature and the assertion togheter
SAMLObjectContentReference contentReference = new
SAMLObjectContentReference( assertion );
sign.getContentReferences().add( contentReference );
assertion.setSignature( sign );

VALIDATION:
----------
SignatureValidator signValidator = new SignatureValidator( key );
signValidator.validate( sign );


And the validation process on my SAML documents worked fine. Now with the
new version I've changed the line marked with (*) with the following:


KeyInfoHelper.addPublicKey( keyInfo, keys.getPublic() );


And the validation code with:


PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine();
WrapperKeyInfoSource wrapper = new WrapperKeyInfoSource( "SignKeyInfo",
sign.getKeyInfo() );
InlineX509KeyInfoResolver resolver = new InlineX509KeyInfoResolver();
boolean res = engine.validate( sign, wrapper, resolver )


but the result of the process is always false. What's wrong with my code?
Anybody can give me a clue? Thanks for your help.

Thomas Florio