Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Key-Confirmed Subject (Java SAML2)

Subject: OpenSAML user discussion

List archive

Re: Key-Confirmed Subject (Java SAML2)


Chronological Thread 
  • From: "Michael Ramirez" <>
  • To:
  • Subject: Re: Key-Confirmed Subject (Java SAML2)
  • Date: Tue, 12 Feb 2008 10:07:54 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=lsoMUUTSPGGSibFBR35jlOxRpvY7Y0w8Kg+S53cM+j35QnyQHu83oFQCx9LBFGv6vFgd+L06lacTZVtYoPz7UZOI/Lo8+SnnEZ9Wq2ayo3WSfpb4bHkBil0YMvmU+Ih5y87u5elk9Yu6s+FjHYua8UZ692hfRLd4cIB306sxOZU=
Thanks for the info Brent. With the array of builders, it seemed odd to me that this one type in particular required a manual process. Thanks for the clarification.

-Michael

On Feb 11, 2008 4:34 PM, Brent Putman <> wrote:
This was actually on my short list of things to clean up before we release 2.0.  I'll probably add a trivial type interface and builder to more directly support this sometime this week.  Scott has something similar in C++.

But you can still do it now b/c KeyInfoConfirmationDataType is just a new sub-type by restriction of SubjectConfirmationDataType.  So you can do something like:



// We don't have this defined anywhere currently, unfortunately
QName kicdType = new QName(SAMLConstants.SAML20_NS, "KeyInfoConfirmationDataType", SAMLConstants.SAML20_PREFIX);


XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();


// Note that the xsi:type is being specified explicitly in the 2nd arg to the buildObject() call.
SubjectConfirmationData scd =
  (SubjectConfirmationData) bf.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME)
  .buildObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME,   kicdType);


// You could instead use a KeyInfoGenerator to build and populate the KeyInfo
KeyInfo ki =
  (KeyInfo) bf.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME)
  .buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);


KeyInfoHelper.addCertificate(ki, getSubjectCertificate());



// The type-specific interface will probably have a getKeyInfos() to explicitly
// expose the KeyInfo children defined for that type.
scd.getUnknownXMLObjects().add(ki);



What I will probably be adding shortly is an interface that defines that type QName, a custom builder that takes care of expressing the xsi:type properly and the appropriate bits in the object provider config file.


HTH,
Brent




Michael Ramirez wrote:
Apologies if this has been asked/answered, but how would one go about creating a key-confirmed SubjectConfirmationData object with a provided X509Certificate? I don't anything implementing KeyInfoConfirmationDataType a la core spec 2.4.1.3.

Thanks!
Michael


Archive powered by MHonArc 2.6.16.

Top of Page