OpenSAML user discussion

[Laurent CHARTIER <>]

When I unmarshall a response, it unmarshalls automatically the child
nodes. However, it seems that the unmarshalling of the signature isn't
complete.
I miss the <ds:reference> child.

Here is my code:

try {
        DefaultBootstrap.bootstrap();
} catch (ConfigurationException e) {
        e.printStackTrace();
}

byte[] xmlBytes = null;
....
Element w3cResponse = null;
InputStream reponseSAMLInputStream = new ByteArrayInputStream(xmlBytes);
BasicParserPool parserPool = new BasicParserPool();
parserPool.setNamespaceAware(true);
try {
        Document doc = parserPool.parse(reponseSAMLInputStream);
        w3cResponse = doc.getDocumentElement();
} catch (XMLParserException xmlParserException) {
        xmlParserException.printStackTrace();
}

Response response = null;
try {
        Unmarshaller unmarshaller = new ResponseUnmarshaller();
        response = (Response) unmarshaller.unmarshall(w3cResponse);
} catch (UnmarshallingException unmarshallingException) {
        unmarshallingException.printStackTrace();
}

If I try to validate the signature of the response, it gives me a
"Unable to evaluate key against signature" because there's no references
in the signature of the response.
The debug log indicates [org.apache.xml.security.signature.Manifest]
[verifyReferences] verify 0 References

Here is the code of the validation method using the certificate of the
signature:

private boolean isValid(Signature signature, Certificate certificate) {
        try {
                BasicX509Credential credential = new
BasicX509Credential();
                credential
        
.setEntityCertificate((java.security.cert.X509Certificate) certificate);
                SignatureValidator validator = new
SignatureValidator(credential);
                validator.validate(signature);
                return true;
        } catch (ValidationException validationException) {
                validationException.printStackTrace();
                return false;
        }
}

Could you please help me finding where the problem is?
Thank you.




Ce message est prot?g? par les r?gles relatives au secret des 
correspondances. Il est donc ?tabli ? destination exclusive de son 
destinataire. Celui-ci peut donc contenir des informations confidentielles. 
La divulgation de ces informations est ? ce titre rigoureusement interdite. 
Si vous avez re?u ce message par erreur, merci de le renvoyer ? l'exp?diteur 
dont l'adresse e-mail figure ci-dessus et de d?truire le message ainsi que 
toute pi?ce jointe.

This message is protected by the secrecy of correspondence rules. Therefore, 
this message is intended solely for the attention of the addressee. This 
message may contain privileged or confidential information, as such the 
disclosure of these informations is strictly forbidden. If, by mistake, you 
have received this message, please return this message to the addressser 
whose e-mail address is written above and destroy this message and all files 
attached.