Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Signature XPointer References (was Re: Verify a SAML token)

Subject: OpenSAML user discussion

List archive

Re: Signature XPointer References (was Re: Verify a SAML token)


Chronological Thread 
  • From: "Mike Mattozzi" <>
  • To:
  • Subject: Re: Signature XPointer References (was Re: Verify a SAML token)
  • Date: Wed, 6 Jun 2007 22:24:28 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EnGfPWYjqFCEve39tVx1Ss0XbODKmoC8nNCEcBXkIuLxWQ3fxmvBxz6npQUp0X8CrG32QsDn9LPTFxwxuCcZSCWkL/eh1VZRvCRJeCEoHpx7ctVh4CTTF7Gw+XLusYa3p9+bkO7v8SUEi9XmHfW1RkW35Ece2PlgUsgAqyHTQT4=

Success! The XPointerResourceResolver code correctly resolved my
troublesome xpointer, which for the sake of reminding was:
#xpointer(/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='Security']/*[local-name()='Assertion'][1])
I just added XPointerResourceResolver by itself to the project I was
working on, replacing:

SignatureValidator val = new SignatureValidator(basicX509Cred);
val.validate(assertion.getSignature());

with

SignatureValidator val = new SignatureValidator(basicX509Cred);
XMLSignature xmlSig = ((SignatureImpl)
assertion.getSignature()).getXMLSignature();
Key validationKey = SecurityHelper.extractVerificationKey(basicX509Cred);
xmlSig.addResourceResolver(new XPointerResourceResolver(soapEnvelope));
boolean sigValid = xmlSig.checkSignatureValue(validationKey);

I'll let you know if I run into any other issues with this code.
Mike

On 6/6/07, Brent Putman
<>
wrote:


Brent Putman wrote:
> It's possible (but I fear perhaps unlikely....) that someone, somewhere
> has written an implementation of their ResourceResolver that supports
> more complex XPointer references. If you have a pressing need, you
> could inquire over on
,
it's an open list.
> Or ask if they have something in the pipeline. Actually, I'll go ahead
> and ask them, but I fear the answer is no. Know any Java programmer
> XPointer experts? :-)
>
>
>
>

In case any one was watching this thread with bated breath: Turns out
someone has actually done an implementation to resolve XPointer
references. This generated some interest on the XML Security dev list,
and with the encouragement of someone from the Apache team, an RFE has
been opened to get this added to the Apache library. The Bugzilla
entry, with the code, is:

http://issues.apache.org/bugzilla/show_bug.cgi?id=42599

Don't know if it works, or how well, so just FYI. It apparently
currently works on Java 1.5 only and may need some (I think a small
amount of) work to make it resolve ID's properly. Mike, if you or
anyone else wants to give it a go, I'm sure we'd all appreciate hearing
the results. I don't have the cycles to look into it in detail at the
moment, but will eventually.

--Brent




Archive powered by MHonArc 2.6.16.

Top of Page