Skip to Content.
Sympa Menu

mace-opensaml-users - RE: decoding public keys in metadata

Subject: OpenSAML user discussion

List archive

RE: decoding public keys in metadata


Chronological Thread 
  • From: "Paul Hethmon" <>
  • To: <>
  • Subject: RE: decoding public keys in metadata
  • Date: Sun, 5 Aug 2007 09:23:22 -0700

You are right, it was not line breaks. It was me not pulling the public
key out of the certificate itself. The error messages at that level
(coming out of Bouncy Castle) are not very informative. Anyway, I'm past
that point and can now sign and validate.

One thing that did throw me was actually computing the signature, it was
certainly not intuitive to me that I needed to marshall the signature
the compute it. In hindsight, it makes sense as that is the
representation that the signature is computing over, but getting the
error that XMLSignature is null made me hit my head against the keyboard
for a while.

So I'm actually trying to get my implementation working against SSO
Circle and Google Apps right now.

thanks,

Paul

-----Original Message-----
From: Chad La Joie
[mailto:]

Sent: Sunday, August 05, 2007 11:54 AM
To:

Subject: Re: decoding public keys in metadata

Hey Paul,

You shouldn't be failing because of line breaks. Valid Base64
encoder/decoders should be able to handle string with or without lines
breaks.

KeyInfoHelper should be the class you use. Note that I did just commit
some code that should make cert/crl parsing a bit more robust, but that
shouldn't be effecting you. Can you post your code and the metadata?

One thing I wondered about, from what you said, is if you only have a
cert in the metadata and then you're calling getPublicKeys(KeyInfo).
That isn't going to work. getPublicKeys only returns those keys
represented as KeyValues elements. If this is what you're doing let me
know because I don't think it should be throwing an error, it should
just be returning null.

Paul Hethmon wrote:
> Assuming I have a valid metadata file with a public key as a
> <ds:X509Certificate>, what's the method for getting that into a usable
> Java object for validating signatures? I can dig down and get to it ok
> as XML objects, but when it comes to actually taking the BASE64
encoded
> value and coverting it to a PublicKey object, I can't seem to get it
> right. I'm pretty sure I'm failing in what I'm doing because of line
> breaks being lost in the conversion resulting in an invalid byte
> encoding. I get this using the KeyInfoHelper class as well as
> manipulating it on my own. In all cases, I end up with an
> InvalidKeySpecException. Is there a helper class to handle the
encoding
> in the XML metadata format?
>
>
>
> thanks,
>
>
>
> Paul
>
>
>
> Paul Hethmon
>
>
>
> www.clareitysecurity.com
>
> cell: 865.250.3517
>
> work: 865.769.0456
>
>
>
>

--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124



Archive powered by MHonArc 2.6.16.

Top of Page