mace-opensaml-users - XMLTooling - SignatureUnmarshaller
Subject: OpenSAML user discussion
List archive
- From: Laurent CHARTIER <>
- To:
- Subject: XMLTooling - SignatureUnmarshaller
- Date: Thu, 19 Apr 2007 15:02:51 +0200
- Importance: Normal
When I unmarshall a response, it unmarshalls automatically the child
nodes. However, it seems that the unmarshalling of the signature isn't
complete.
I miss the <ds:reference> child.
Here is my code:
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException e) {
e.printStackTrace();
}
byte[] xmlBytes = null;
....
Element w3cResponse = null;
InputStream reponseSAMLInputStream = new ByteArrayInputStream(xmlBytes);
BasicParserPool parserPool = new BasicParserPool();
parserPool.setNamespaceAware(true);
try {
Document doc = parserPool.parse(reponseSAMLInputStream);
w3cResponse = doc.getDocumentElement();
} catch (XMLParserException xmlParserException) {
xmlParserException.printStackTrace();
}
Response response = null;
try {
Unmarshaller unmarshaller = new ResponseUnmarshaller();
response = (Response) unmarshaller.unmarshall(w3cResponse);
} catch (UnmarshallingException unmarshallingException) {
unmarshallingException.printStackTrace();
}
If I try to validate the signature of the response, it gives me a
"Unable to evaluate key against signature" because there's no references
in the signature of the response.
The debug log indicates [org.apache.xml.security.signature.Manifest]
[verifyReferences] verify 0 References
Here is the code of the validation method using the certificate of the
signature:
private boolean isValid(Signature signature, Certificate certificate) {
try {
BasicX509Credential credential = new
BasicX509Credential();
credential
.setEntityCertificate((java.security.cert.X509Certificate) certificate);
SignatureValidator validator = new
SignatureValidator(credential);
validator.validate(signature);
return true;
} catch (ValidationException validationException) {
validationException.printStackTrace();
return false;
}
}
Could you please help me finding where the problem is?
Thank you.
Ce message est prot?g? par les r?gles relatives au secret des
correspondances. Il est donc ?tabli ? destination exclusive de son
destinataire. Celui-ci peut donc contenir des informations confidentielles.
La divulgation de ces informations est ? ce titre rigoureusement interdite.
Si vous avez re?u ce message par erreur, merci de le renvoyer ? l'exp?diteur
dont l'adresse e-mail figure ci-dessus et de d?truire le message ainsi que
toute pi?ce jointe.
This message is protected by the secrecy of correspondence rules. Therefore,
this message is intended solely for the attention of the addressee. This
message may contain privileged or confidential information, as such the
disclosure of these informations is strictly forbidden. If, by mistake, you
have received this message, please return this message to the addressser
whose e-mail address is written above and destroy this message and all files
attached.
- XMLTooling - SignatureUnmarshaller, Laurent CHARTIER, 04/19/2007
- RE: XMLTooling - SignatureUnmarshaller, Scott Cantor, 04/19/2007
- Re: XMLTooling - SignatureUnmarshaller, Brent Putman, 04/19/2007
- Re: XMLTooling - SignatureUnmarshaller, Brent Putman, 04/19/2007
- RE : XMLTooling - SignatureUnmarshaller, Laurent CHARTIER, 04/20/2007
- Re: XMLTooling - SignatureUnmarshaller, Brent Putman, 04/19/2007
Archive powered by MHonArc 2.6.16.