OpenSAML user discussion

[Brent Putman <>]

For people working with XML Signature support in the Java version of
XMLTooling and OpenSAML 2, just a heads up:

The Signature class API has changed such that it now takes a signing
Credential, rather than a signing Key.  This was done to make the API
more consistent with the encryption API and other security-related code
in the library, and also to relieve the caller from having to make the
private vs. symmetric key distinction when using a Credential as the
source of the signing key (e.g. when doing HMAC).

If you aren't using a CredentialResolver, etc to get a signing
credential, and just have a signing Key, there are now helper methods in
org.opensaml.xml.security.SecurityHelper to get a minimal Credential
based on a supplied key or key pair:

SecurityHelper#getSimpleCredential(SecretKey secretKey)
SecurityHelper#getSimpleCredential(PublicKey publicKey, PrivateKey
privateKey)


Also, some fixes have been added here and there to properly support
signing and verification using HMAC algorithms, including the addition
of an HMACOutputLength parameter on the Signature class to reflect the
SignedInfo/SignatureMethod/HMACOutputLength element in the XML Signature
spec.


Thanks,
Brent