Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Key-Confirmed Subject (Java SAML2)

Subject: OpenSAML user discussion

List archive

Re: Key-Confirmed Subject (Java SAML2)


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: Key-Confirmed Subject (Java SAML2)
  • Date: Tue, 12 Feb 2008 21:27:35 -0500

FYI, I just checked in the new KeyInfoConfirmationDataType interface and builder.

--Brent


Brent Putman wrote:
This was actually on my short list of things to clean up before we release 2.0.  I'll probably add a trivial type interface and builder to more directly support this sometime this week.  Scott has something similar in C++.

But you can still do it now b/c KeyInfoConfirmationDataType is just a new sub-type by restriction of SubjectConfirmationDataType.  So you can do something like:



// We don't have this defined anywhere currently, unfortunately
QName kicdType = new QName(SAMLConstants.SAML20_NS, "KeyInfoConfirmationDataType", SAMLConstants.SAML20_PREFIX);


XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();


// Note that the xsi:type is being specified explicitly in the 2nd arg to the buildObject() call.
SubjectConfirmationData scd =
  (SubjectConfirmationData) bf.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME)
  .buildObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME,   kicdType);


// You could instead use a KeyInfoGenerator to build and populate the KeyInfo
KeyInfo ki =
  (KeyInfo) bf.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME)
  .buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);


KeyInfoHelper.addCertificate(ki, getSubjectCertificate());



// The type-specific interface will probably have a getKeyInfos() to explicitly
// expose the KeyInfo children defined for that type.
scd.getUnknownXMLObjects().add(ki);



What I will probably be adding shortly is an interface that defines that type QName, a custom builder that takes care of expressing the xsi:type properly and the appropriate bits in the object provider config file.


HTH,
Brent



Michael Ramirez wrote:
Apologies if this has been asked/answered, but how would one go about creating a key-confirmed SubjectConfirmationData object with a provided X509Certificate? I don't anything implementing KeyInfoConfirmationDataType a la core spec 2.4.1.3.

Thanks!
Michael



Archive powered by MHonArc 2.6.16.

Top of Page