Skip to Content.
Sympa Menu

mace-opensaml-users - Signature API change

Subject: OpenSAML user discussion

List archive

Signature API change


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Signature API change
  • Date: Tue, 22 May 2007 19:03:29 -0400

For people working with XML Signature support in the Java version of
XMLTooling and OpenSAML 2, just a heads up:

The Signature class API has changed such that it now takes a signing
Credential, rather than a signing Key. This was done to make the API
more consistent with the encryption API and other security-related code
in the library, and also to relieve the caller from having to make the
private vs. symmetric key distinction when using a Credential as the
source of the signing key (e.g. when doing HMAC).

If you aren't using a CredentialResolver, etc to get a signing
credential, and just have a signing Key, there are now helper methods in
org.opensaml.xml.security.SecurityHelper to get a minimal Credential
based on a supplied key or key pair:

SecurityHelper#getSimpleCredential(SecretKey secretKey)
SecurityHelper#getSimpleCredential(PublicKey publicKey, PrivateKey
privateKey)


Also, some fixes have been added here and there to properly support
signing and verification using HMAC algorithms, including the addition
of an HMACOutputLength parameter on the Signature class to reflect the
SignedInfo/SignatureMethod/HMACOutputLength element in the XML Signature
spec.


Thanks,
Brent


  • Signature API change, Brent Putman, 05/22/2007

Archive powered by MHonArc 2.6.16.

Top of Page