mace-opensaml-users - Re: Signature XPointer References (was Re: Verify a SAML token)
Subject: OpenSAML user discussion
List archive
- From: "Mike Mattozzi" <>
- To:
- Subject: Re: Signature XPointer References (was Re: Verify a SAML token)
- Date: Wed, 6 Jun 2007 22:24:28 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EnGfPWYjqFCEve39tVx1Ss0XbODKmoC8nNCEcBXkIuLxWQ3fxmvBxz6npQUp0X8CrG32QsDn9LPTFxwxuCcZSCWkL/eh1VZRvCRJeCEoHpx7ctVh4CTTF7Gw+XLusYa3p9+bkO7v8SUEi9XmHfW1RkW35Ece2PlgUsgAqyHTQT4=
Success! The XPointerResourceResolver code correctly resolved my
troublesome xpointer, which for the sake of reminding was:
#xpointer(/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='Security']/*[local-name()='Assertion'][1])
I just added XPointerResourceResolver by itself to the project I was
working on, replacing:
SignatureValidator val = new SignatureValidator(basicX509Cred);
val.validate(assertion.getSignature());
with
SignatureValidator val = new SignatureValidator(basicX509Cred);
XMLSignature xmlSig = ((SignatureImpl)
assertion.getSignature()).getXMLSignature();
Key validationKey = SecurityHelper.extractVerificationKey(basicX509Cred);
xmlSig.addResourceResolver(new XPointerResourceResolver(soapEnvelope));
boolean sigValid = xmlSig.checkSignatureValue(validationKey);
I'll let you know if I run into any other issues with this code.
Mike
On 6/6/07, Brent Putman
<>
wrote:
Brent Putman wrote:
> It's possible (but I fear perhaps unlikely....) that someone, somewhere
> has written an implementation of their ResourceResolver that supports
> more complex XPointer references. If you have a pressing need, you
> could inquire over on
,
it's an open list.
> Or ask if they have something in the pipeline. Actually, I'll go ahead
> and ask them, but I fear the answer is no. Know any Java programmer
> XPointer experts? :-)
>
>
>
>
In case any one was watching this thread with bated breath: Turns out
someone has actually done an implementation to resolve XPointer
references. This generated some interest on the XML Security dev list,
and with the encouragement of someone from the Apache team, an RFE has
been opened to get this added to the Apache library. The Bugzilla
entry, with the code, is:
http://issues.apache.org/bugzilla/show_bug.cgi?id=42599
Don't know if it works, or how well, so just FYI. It apparently
currently works on Java 1.5 only and may need some (I think a small
amount of) work to make it resolve ID's properly. Mike, if you or
anyone else wants to give it a go, I'm sure we'd all appreciate hearing
the results. I don't have the cycles to look into it in detail at the
moment, but will eventually.
--Brent
- RE: Verify a SAML token, Mike Mattozzi, 06/04/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Brent Putman, 06/05/2007
- Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/06/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Mike Mattozzi, 06/07/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/07/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Mike Mattozzi, 06/08/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/08/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
- Re: Verify a SAML token, Brent Putman, 06/05/2007
Archive powered by MHonArc 2.6.16.