OpenSAML user discussion

[Kenny Pearce <>]

Hi again,
        I've written a (relatively) simple test application, for trying to use
OpenSAML2 in WSS with JAX-WS. To simplify things, I tried just having
the client generate a KeyPair and put the public key in the KeyInfo
element, so that the server could pull it out and use it to validate the
signature. I've verified that the public key the server is pulling out
matches the one the client is putting in, but the signature is being
reported as invalid. I'm signing like this:


-----------------------
                Signature sig =         
((XMLObjectBuilder<Signature>)buildFact.getBuilder(Signature.DEFAULT_ELEMENT_NAME)).buildObject(Signature.DEFAULT_ELEMENT_NAME);

                BasicCredential cred = new BasicCredential();
                cred.setEntityId(saml.getID());
                
                cred.setPrivateKey(keys.getPrivate());
                cred.setPublicKey(keys.getPublic());
                
                sig.setSigningCredential(cred);
                sig.setSignatureAlgorithm(RSA_ALG);

sig.setCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315";);
                
                KeyInfo inf =
((XMLObjectBuilder<KeyInfo>)buildFact.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME)).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
                KeyInfoHelper.addPublicKey(inf, keys.getPublic());
                
                sig.setKeyInfo(inf);
                
                saml.setSignature(sig);

[snip]

                        Element elem =
Configuration.getMarshallerFactory().getMarshaller(saml).marshall(saml);
                        Signer.signObject(saml.getSignature());
-----------------------


And I'm validating like this:

-----------------------
                BasicCredential cred = new BasicCredential();
                try{
cred.setPublicKey(KeyInfoHelper.getKey(saml.getSignature().getKeyInfo().getKeyValues().get(0)));
                }catch(Exception e){
                        throw new ValidationException("Could not get public 
key", e);
                }
                cred.setEntityId(saml.getID());
                SignatureValidator sigval = new SignatureValidator(cred);
                sigval.validate(saml.getSignature());
-----------------------

        The very last line of the snippet above throws a ValidationException
saying that the signature is invalid. Am I doing something wrong? Do I
need to set more fields of the BasicCredential before I can validate?

        Thanks,

-- 
Kenny Pearce 
<>
Hx Technologies