OpenSAML user discussion

["Douglas Squirrel" <>]

I see (I think). I added the second if below
public void verify(Key k)
        throws SAMLException
    {
        if (!isSigned())
            throw new InvalidCryptoException("SAMLSignedObject.verify()
can't verify unsigned object");
        if (!sig_from_parse)
                throw new
InvalidCryptoException("SAMLSignedObject.verify() can't verify unparsed
object");
and ran the tests again, whereupon the call to verify() in
SignatureTest.java failed (it hadn't before I added the check).

Did I add the right check? Is this what we expect?

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: 01 August 2007 01:54
To: 

Subject: RE: Xerces 2.8.1 and Xalan 2.7.0 with OpenSAML 1.1

> OK, I was able to isolate the problem to the line
>     r.verify(ks.getCertificate(alias));

The later version can't verify a signature without a reparse, it doesn't
construct the signature objects adequately when signing something. The
line
doesn't help anything in the test, other than point out the bug.
Somebody
could probably fix the SAMLSignedObject class to try and compensate. I
have
a flag that tracks whether the signature object came from a parse or
not, at
a minimum it could check the flag and throw a more understandable error.

-- Scott



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________