mace-opensaml-users - RE: Sha2 signature info requested
Subject: OpenSAML user discussion
List archive
- From: Prasanna Krishna <>
- To: <>
- Subject: RE: Sha2 signature info requested
- Date: Wed, 3 Oct 2007 08:12:53 +0000
- Importance: Normal
Hi Brent - As suggested by you, I took the latest code from svn for opensaml, openws and xmltooling and created jar files. I followed the instrs provided by you and also at https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG The only diff between your approach and the approach at the above URL is setting of canonicalization algorithm. I get the following exception: An error occured computing the digital signature org.apache.xml.security.signature.XMLSignatureException : Unknown canonicalizer. No handler installed for URI http://www.w3.org/2001/04/xmlenc#sha256Original Exception was org.apache.xml.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handler installed for URI http://www.w3.org/2001/04/xmlenc#sha256at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) at org.opensaml.xml.signature.Signer.signObject(Signer.java:77)My code looks as follows: // NOTE: The following 6 steps to sign SAML doc are picked up from // https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG // Step 1: Create a Signature object using the // org.opensaml.xml.signature.SignatureBuilder (this is found in the // XMLTooling library).SignatureBuilder sb = new SignatureBuilder();Signature sig = sb.buildObject(); // Step 2: Add the Credential containing the signing key using the // Signature#setSigningCredential(Credential) method.Credential cr = SecurityHelper.getSimpleCredential(service .getSignatureCertificate().getPublicKey(), service .getPrivateKey()); sig.setSigningCredential(cr); // Step 3: Add the signature method algorithm URI with the method // Signature#setSignatureAlgorithm(String). Note that the algorithm // URI is dependent on the type of key contained with the signing // credential.sig .setSignatureAlgorithm(SignatureConstants. ALGO_ID_SIGNATURE_RSA_SHA256); // Step 4: Add the canonicalization method algorithm URI with the // method // Signature#setCanonicalizationAlgorithm(String).sig.setCanonicalizationAlgorithm(EncryptionConstants.ALGO_ID_DIGEST_SHA256); // Step 5: If desired, add a KeyInfo containing information about // the // signature verification key using Signature#setKeyInfo(KeyInfo). // The KeyInfo may be created manually, or may be generated // dynamically from the signing credential using a KeyInfoGenerator, // usually obtained from a KeyInfoGeneratorFactory via a // KeyInfoGeneratorManager. KeyInfoGeneratorManager kmgr = new KeyInfoGeneratorManager();KeyInfoGeneratorFactory kfactory = kmgr.getFactory(cr); KeyInfoGenerator kgenerator = kfactory.newInstance(); KeyInfo kinfo = kgenerator.generate(cr); sig.setKeyInfo(kinfo); // Step 6: Add the Signature to the SAMLObject using the // setSignature(Signature) method. A SAMLObjectContentReference will // automatically be added to the list of signature references // exposed via Signature#getContentReferences() response.setSignature(sig);
// Step 7: As suggested by Brent ((SAMLObjectContentReference) sig.getContentReferences().get(0)) .setDigestAlgorithm(EncryptionConstants.ALGO_ID_DIGEST_SHA256); I tried both the approaches of setting canonicalization algorithm. I commented out step 4 and retained step 7, then I commented out 7 and retained 4 and then I commented out both. I get the exception in all the cases. Your inputs are very much appreciated. Regards Prasanna Krishna
Windows Live Spaces is here! It’s easy to create your own personal Web site. Check it out! |
- Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- RE: Sha2 signature info requested, Paul Hethmon, 10/03/2007
- RE: Sha2 signature info requested, Scott Cantor, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Notes on KeyInfoGenerator (was: RE: Sha2 signature info requested), Brent Putman, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- Re: Sha2 signature info requested, Brent Putman, 10/05/2007
- RE: Sha2 signature info requested, Scott Cantor, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
Archive powered by MHonArc 2.6.16.