Skip to Content.
Sympa Menu

mace-opensaml-users - Signature creation problems in saml elements without prefix

Subject: OpenSAML user discussion

List archive

Signature creation problems in saml elements without prefix


Chronological Thread 
  • From: Pedro Navarro Pérez <>
  • To:
  • Subject: Signature creation problems in saml elements without prefix
  • Date: Fri, 15 Jun 2007 15:01:36 +0200

Hi,

I'm trying to sign this authzDecisionQuery, in the case of an Issuer element without prefix:

<samlp:AuthzDecisionQuery ID="aa198b5bbc6f7e16b9dad16c6d5a3d39" Resource="www.example.com" Version="2.0" IssueInstant="2007-01-06T21:04:56.392Z" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol C:\DOCUME~1\Pedro\MESDOC~1\Rapports\SAML\saml-2.0-os\saml-schema-protocol-2.0.xsd">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">trusted.issuer.com</Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Subject</saml:NameID>
</saml:Subject>
<saml:Action Namespace="ns">Read</saml:Action>
<saml:Evidence>
<saml:Assertion ID="aa198b5bbc6f7e16b9dad16c6d5a3d38" Version="2.0" IssueInstant="2007-01-07T21:04:56.392Z">
<saml:Issuer>trusted.issuer.com</saml:Issuer>
<saml:AttributeStatement>
<saml:Attribute Name="Rol">
<saml:AttributeValue>admin</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</saml:Evidence>
</samlp:AuthzDecisionQuery>

whit this code:

Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(samlElement);
Request samlObject = (Request) unmarshaller.unmarshall(samlElement);
AuthorizationDecisionQuery query = samlObject.getAuthorizationDecisionQuery();
org.opensaml.saml1.core.Assertion assertion = query.getEvidence().getAssertions().get(0);
X509DataBuilder x509dataBuilder = new X509DataBuilder();
X509Data x509Data = x509dataBuilder.buildObject();
X509CertificateBuilder certBuilder = new X509CertificateBuilder();
KeyInfoBuilder keyinfoBuilder = new KeyInfoBuilder();
SignatureBuilder signatureBuilder = new SignatureBuilder();
List<Signature> signatureList = new ArrayList<Signature>();
Signature signature = signatureBuilder.buildObject();
//Building the X509Data for the SAML
X509Data x509DataAssertion = x509dataBuilder.buildObject();
org.opensaml.xml.signature.X509Certificate certXMLAssertion = certBuilder.buildObject();
certXMLAssertion.setValue(Base64.encode(signingCertificate.getEncoded()));
x509DataAssertion.getX509Certificates().add(certXMLAssertion);
KeyInfo keyInfoAssertion = keyinfoBuilder.buildObject();
keyInfoAssertion.getX509Datas().add(x509DataAssertion);
Signature assertionSignature = signatureBuilder.buildObject();
assertionSignature.setSigningCredential(credential);
assertionSignature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertionSignature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_DSA);
assertionSignature.getContentReferences().add(new SAMLObjectContentReference(assertion));
assertionSignature.setKeyInfo(keyInfoAssertion);
assertion.setSignature(assertionSignature);
signatureList.add(assertionSignature);
//Building the X509Data for the SAMLP
org.opensaml.xml.signature.X509Certificate certXML = certBuilder.buildObject();
certXML.setValue(Base64.encode(signingCertificate.getEncoded()));
x509Data.getX509Certificates().add(certXML);
KeyInfo keyInfo = keyinfoBuilder.buildObject();
keyInfo.getX509Datas().add(x509Data);
//Building the XML Signature
signature.setSigningCredential(credential);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_DSA);
signature.getContentReferences().add(new SAMLObjectContentReference(samlObject));
signature.setKeyInfo(keyInfo);
signatureList.add(signature);
samlObject.setSignature(signature);
Element samlObjectElement;
Marshaller marshaller = marshallerFactory.getMarshaller(samlObject);
samlObjectElement = marshaller.marshall(samlObject);
Signer.signObjects(signatureList);

And when I receive the following error:

java.lang.NullPointerException
at java.util.TreeMap.compare(TreeMap.java:1093)
at java.util.TreeMap.put(TreeMap.java:465)
at java.util.TreeSet.add(TreeSet.java:210)
at java.util.AbstractCollection.addAll(AbstractCollection.java:318)
at java.util.TreeSet.addAll(TreeSet.java:258)
at java.util.TreeSet.<init>(TreeSet.java:143)
at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)
at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:155)
at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:123)
at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:121)
at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:70)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:365)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:254)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:142)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:86)

I have tried to debug it, and in SAMLObjectContentReference#processExclusiveTransform() when it tries to populate the namespace of the Issuer, it adds to the list of inclusiveNamespacePrefixes map two namespaces:
xmlns:xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
the second one, as it has no prefix is stored with a no string key.

Any suggestion where is the problem?.

Thanks

begin:vcard
note;quoted-printable:____________________________________________________________=0D=0A=
	Pedro Navarro P=C3=A9rez             =0D=0A=
	EVIDIAN S.A.                    www.evidian.com=0D=0A=
	Rue Jean Jaur=C3=A8s - BP 68=0D=0A=
	78340 Les Clayes-sous-Bois      T=C3=A9l : +33 1 30 80 73 26=0D=0A=
	____________________________________________________________ 
version:2.1
end:vcard



  • Signature creation problems in saml elements without prefix, Pedro Navarro Pérez, 06/15/2007

Archive powered by MHonArc 2.6.16.

Top of Page