Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Verifying SAML signed metadata files

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Verifying SAML signed metadata files


Chronological Thread 
  • From: Paolo Selvini <>
  • To: "" <>
  • Subject: RE: [OpenSAML] Verifying SAML signed metadata files
  • Date: Fri, 2 May 2008 20:12:44 +0200
  • Accept-language: it-IT, en-US
  • Acceptlanguage: it-IT, en-US

here is the code I use to read the file, sign it and write it back to disk:

// read the input file
File inputFile = new File(samlMessageFilename);
int size = ((int) inputFile.length());
byte[] fileBytes = new byte[size];
FileInputStream freader = new FileInputStream(inputFile);
freader.read(fileBytes, 0, size);
freader.close();

// unmarshall the string into a SignableSAMLObject
BasicParserPool parser = new BasicParserPool();
parser.setNamespaceAware(true);
Document docXml = parser.parse(new StringReader(new String(fileBytes)));
Element xmlObjectElement = docXml.getDocumentElement();
UnmarshallerFactory unmarshallerFactory =
Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller =
unmarshallerFactory.getUnmarshaller(xmlObjectElement);
SignableSAMLObject samlObject =
(SignableSAMLObject)unmarshaller.unmarshall(xmlObjectElement);

// build a signature object - the keyinfo structure contains the certificates
in the given keystore
Signature signature = getSignature(keystore, keyname, keystorePassword);

// marshall the SignableSAMLObject, sign it and convert it into a string
samlObject.setSignature(signature);
Marshaller marshaller =
Configuration.getMarshallerFactory().getMarshaller(samlObject);
Element newElement = marshaller.marshall(samlObject);
Signer.signObject(samlObject.getSignature());
String signedString =
org.opensaml.xml.util.XMLHelper.nodeToString(newElement);

// write the string to file
FileOutputStream fos = new FileOutputStream(signedString);
fos.write(signedString.getBytes());
fos.flush();
fos.close();


----

I tried to verify with Oxygen and the metadata signed without accented chars
verifies ok. The other, with accented "a" (à) does not verifiy.
Of course I am doing something wrong in the code above...






-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: venerdì 2 maggio 2008 19.02
To:

Subject: RE: [OpenSAML] Verifying SAML signed metadata files

> However, if I use - for the value of such FriendlyName attribute -
> some accented chars (like à, è, ...) that are pretty common in the
> Italian language, the signature in the new signed file is no more verified.

How are you signing it? Can you verify it with Oxygen or some other tool?

-- Scott



Le informazioni contenute in questa comunicazione e negli allegati sono
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso,
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla
immediatamente ed informarci via e-mail.

Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie
per la collaborazione.


This e-mail and any attachment(s) are strictly confidential. This message
must not be copied, disclosed or used by anybody other than the intended
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and
destroy this message immediately.

Please consider the environment before printing this e-mail. Thank you for
your cooperation.



Archive powered by MHonArc 2.6.16.

Top of Page