mace-opensaml-users - RE: [OpenSAML] Verifying SAML signed metadata files
Subject: OpenSAML user discussion
List archive
- From: Paolo Selvini <>
- To: "" <>
- Subject: RE: [OpenSAML] Verifying SAML signed metadata files
- Date: Mon, 5 May 2008 15:04:49 +0200
- Accept-language: it-IT, en-US
- Acceptlanguage: it-IT, en-US
I did some more tests with signature verification and encoding of metadata
files.
As far as I could understand, I should use unicode and declare encoding
ISO-8859-1 in XML files with "added-latin" charset, that is when I use chars
like è,é,à etc.
The only problem now is that when I marshall the signed SAML object
(metadata) with
Element newElement = marshaller.marshall(samlObject);
String signedString =
org.opensaml.xml.util.XMLHelper.nodeToString(newElement);
the output string does have a UTF-8 encoding declared at the top. After
writing it to a file with FileOutputStream, the actual file encoding is
preserved as ISO-8859-1, so any attempt to unmarshall it back for signature
verification fails as an incorrect encoding is declared.
However, if I manually replace the <?xml version="1.0" encoding="UTF-8"?>
with the more correct <?xml version="1.0" encoding="ISO-8859-1"?>,
unmarshall, validation and verification are ok, both by my code with OpenSAML
and by tools like Oxygen.
Is UTF-8 the default encoding used by OpenSAML? Isn't there any way to have
OpenSAML declare the right encoding when marshalling DOM elements?
thanks again,
Paolo
-----Original Message-----
From: Paolo Selvini
[mailto:]
Sent: venerdì 2 maggio 2008 20.13
To:
Subject: RE: [OpenSAML] Verifying SAML signed metadata files
here is the code I use to read the file, sign it and write it back to disk:
// read the input file
File inputFile = new File(samlMessageFilename); int size = ((int)
inputFile.length()); byte[] fileBytes = new byte[size]; FileInputStream
freader = new FileInputStream(inputFile); freader.read(fileBytes, 0, size);
freader.close();
// unmarshall the string into a SignableSAMLObject BasicParserPool parser =
new BasicParserPool(); parser.setNamespaceAware(true); Document docXml =
parser.parse(new StringReader(new String(fileBytes))); Element
xmlObjectElement = docXml.getDocumentElement(); UnmarshallerFactory
unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller =
unmarshallerFactory.getUnmarshaller(xmlObjectElement);
SignableSAMLObject samlObject =
(SignableSAMLObject)unmarshaller.unmarshall(xmlObjectElement);
// build a signature object - the keyinfo structure contains the certificates
in the given keystore Signature signature = getSignature(keystore, keyname,
keystorePassword);
// marshall the SignableSAMLObject, sign it and convert it into a string
samlObject.setSignature(signature);
Marshaller marshaller =
Configuration.getMarshallerFactory().getMarshaller(samlObject);
Element newElement = marshaller.marshall(samlObject);
Signer.signObject(samlObject.getSignature());
String signedString =
org.opensaml.xml.util.XMLHelper.nodeToString(newElement);
// write the string to file
FileOutputStream fos = new FileOutputStream(signedString);
fos.write(signedString.getBytes());
fos.flush();
fos.close();
----
I tried to verify with Oxygen and the metadata signed without accented chars
verifies ok. The other, with accented "a" (à) does not verifiy.
Of course I am doing something wrong in the code above...
-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: venerdì 2 maggio 2008 19.02
To:
Subject: RE: [OpenSAML] Verifying SAML signed metadata files
> However, if I use - for the value of such FriendlyName attribute -
> some accented chars (like à, è, ...) that are pretty common in the
> Italian language, the signature in the new signed file is no more verified.
How are you signing it? Can you verify it with Oxygen or some other tool?
-- Scott
Le informazioni contenute in questa comunicazione e negli allegati sono
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso,
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla
immediatamente ed informarci via e-mail.
Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie
per la collaborazione.
This e-mail and any attachment(s) are strictly confidential. This message
must not be copied, disclosed or used by anybody other than the intended
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and
destroy this message immediately.
Please consider the environment before printing this e-mail. Thank you for
your cooperation.
Le informazioni contenute in questa comunicazione e negli allegati sono
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso,
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla
immediatamente ed informarci via e-mail.
Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie
per la collaborazione.
This e-mail and any attachment(s) are strictly confidential. This message
must not be copied, disclosed or used by anybody other than the intended
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and
destroy this message immediately.
Please consider the environment before printing this e-mail. Thank you for
your cooperation.
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Scott Cantor, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/02/2008
Archive powered by MHonArc 2.6.16.