OpenSAML user discussion

["Douglas Squirrel" <>]

OK, I was able to isolate the problem to the line
    r.verify(ks.getCertificate(alias));
in POSTProfileTest. Commenting out this line (try the simplest thing
first!) let the rest of the test pass and gave me an opensaml-1.1.jar
file. Putting this in my application along with xmlsec-1.4.1.jar then
worked just fine and passed all our tests!

The failure with the line uncommented seems awfully obscure to a
cryptographic novice like me - see below. Our application does in fact
call SAMLResponse.verify() but I guess it must do something different
than the test does. Can anyone suggest how I might proceed to fix the
test or the code or both?

Testsuite: org.opensaml.POSTProfileTest
Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 1.212 sec

Testcase: testPOSTProfile took 1.202 sec
        Caused an ERROR
org.apache.xml.security.signature.XMLSignatureException: object not
initialized for signature or verification
Original Exception was java.security.SignatureException: object not
initialized for signature or verification
java.lang.RuntimeException:
org.apache.xml.security.signature.XMLSignatureException: object not
initialized for signature or verification
Original Exception was java.security.SignatureException: object not
initialized for signature or verification
        at
org.apache.xml.security.utils.SignerOutputStream.write(Unknown Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(Unk
nown Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(Unknown
Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(Unknown
Source)
        at
org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCan
onicalizeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.e
ngineCanonicalizeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.e
ngineCanonicalizeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Unknown
Source)
        at
org.apache.xml.security.signature.SignedInfo.signInOctectStream(Unknown
Source)
        at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unkno
wn Source)
        at org.opensaml.SAMLSignedObject.verify(Unknown Source)
        at org.opensaml.SAMLSignedObject.verify(Unknown Source)
        at
org.opensaml.POSTProfileTest.testPOSTProfile(POSTProfileTest.java:127)


-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: 31 July 2007 23:31
To: 

Subject: RE: Xerces 2.8.1 and Xalan 2.7.0 with OpenSAML 1.1

> It looks like the bug you refer to is
> http://issues.apache.org/bugzilla/show_bug.cgi?id=36532 and they do
> indeed claim to have fixed it long since. Do you happen to know which
> version of xmlsecurity the current jar (xmlsec-20050514.jar) is?
Perhaps
> I should just try version 1.3 or 1.4 instead of jumping all the way to
> 1.4.1.

Pretty sure it predates 1.3, you'd have to check their repository to
know
for sure. You should use 1.4.1.

-- Scott



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________