OpenSAML user discussion

[Paolo Selvini <>]

I did some more tests with signature verification and encoding of metadata 
files.
As far as I could understand, I should use unicode and declare encoding 
ISO-8859-1 in XML files with "added-latin" charset, that is when I use chars 
like è,é,à etc.

The only problem now is that when I marshall the signed SAML object 
(metadata) with

        Element newElement = marshaller.marshall(samlObject);
        String signedString = 
org.opensaml.xml.util.XMLHelper.nodeToString(newElement);

the output string does have a UTF-8 encoding declared at the top. After 
writing it to a file with FileOutputStream, the actual file encoding is 
preserved as ISO-8859-1, so any attempt to unmarshall it back for signature 
verification fails as an incorrect encoding is declared.
However, if I manually replace the <?xml version="1.0" encoding="UTF-8"?> 
with the more correct <?xml version="1.0" encoding="ISO-8859-1"?>, 
unmarshall, validation and verification are ok, both by my code with OpenSAML 
and by tools like Oxygen.

Is UTF-8 the default encoding used by OpenSAML? Isn't there any way to have 
OpenSAML declare the right encoding when marshalling DOM elements?

thanks again,
Paolo

-----Original Message-----
From: Paolo Selvini 
[mailto:]
Sent: venerdì 2 maggio 2008 20.13
To: 

Subject: RE: [OpenSAML] Verifying SAML signed metadata files

here is the code I use to read the file, sign it and write it back to disk:

// read the input file
File inputFile = new File(samlMessageFilename); int size = ((int) 
inputFile.length()); byte[] fileBytes = new byte[size]; FileInputStream 
freader = new FileInputStream(inputFile); freader.read(fileBytes, 0, size); 
freader.close();

// unmarshall the string into a SignableSAMLObject BasicParserPool parser = 
new BasicParserPool(); parser.setNamespaceAware(true); Document docXml = 
parser.parse(new StringReader(new String(fileBytes))); Element 
xmlObjectElement = docXml.getDocumentElement(); UnmarshallerFactory 
unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = 
unmarshallerFactory.getUnmarshaller(xmlObjectElement);
SignableSAMLObject samlObject = 
(SignableSAMLObject)unmarshaller.unmarshall(xmlObjectElement);

// build a signature object - the keyinfo structure contains the certificates 
in the given keystore Signature signature = getSignature(keystore, keyname, 
keystorePassword);

// marshall the SignableSAMLObject, sign it and convert it into a string 
samlObject.setSignature(signature);
Marshaller marshaller = 
Configuration.getMarshallerFactory().getMarshaller(samlObject);
Element newElement = marshaller.marshall(samlObject); 
Signer.signObject(samlObject.getSignature());
String signedString = 
org.opensaml.xml.util.XMLHelper.nodeToString(newElement);

// write the string to file
FileOutputStream fos = new FileOutputStream(signedString); 
fos.write(signedString.getBytes());
fos.flush();
fos.close();


----

I tried to verify with Oxygen and the metadata signed without accented chars 
verifies ok. The other, with accented "a" (à) does not verifiy.
Of course I am doing something wrong in the code above...






-----Original Message-----
From: Scott Cantor 
[mailto:]
Sent: venerdì 2 maggio 2008 19.02
To: 

Subject: RE: [OpenSAML] Verifying SAML signed metadata files

> However, if I use - for the value of such FriendlyName attribute -
> some accented chars (like à, è, ...) that are pretty common in the
> Italian language, the signature in the new signed file is no more verified.

How are you signing it? Can you verify it with Oxygen or some other tool?

-- Scott



Le informazioni contenute in questa comunicazione e negli allegati sono 
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso, 
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla 
immediatamente ed informarci via e-mail.

Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie 
per la collaborazione.


This e-mail and any attachment(s) are strictly confidential. This message 
must not be copied, disclosed or used by anybody other than the intended 
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and 
destroy this message immediately.

Please consider the environment before printing this e-mail. Thank you for 
your cooperation.

Le informazioni contenute in questa comunicazione e negli allegati sono 
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso, 
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla 
immediatamente ed informarci via e-mail.

Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie 
per la collaborazione.


This e-mail and any attachment(s) are strictly confidential. This message 
must not be copied, disclosed or used by anybody other than the intended 
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and 
destroy this message immediately.

Please consider the environment before printing this e-mail. Thank you for 
your cooperation.