mace-opensaml-users - RE: [OpenSAML] Verifying SAML signed metadata files
Subject: OpenSAML user discussion
List archive
- From: Paolo Selvini <>
- To: "" <>
- Subject: RE: [OpenSAML] Verifying SAML signed metadata files
- Date: Mon, 5 May 2008 18:31:04 +0200
- Accept-language: it-IT, en-US
- Acceptlanguage: it-IT, en-US
Thanks Chad. Now I am using the writeNode method of XMLHelper. I prepared a
PrintWriter to output to a file and specified the ISO-8859-1 encoding.
However the XML header still reads
<?xml version="1.0" encoding="UTF-8"?>
instead of
<?xml version="1.0" encoding="ISO-8859-1"?>
like what it's there in the original unsigned file.
This is something that happens even without signing: simply read a SAML file
and write it back to disk as is:
// parse the XML file with encoding header ISO-8859-1
BasicParserPool parser = new BasicParserPool();
parser.setNamespaceAware(true);
Document docXml = parser.parse(new InputStreamReader(new
FileInputStream(inputFilename), "ISO-8859-1"));
Element xmlObjectElement = docXml.getDocumentElement();
// unmarshall the parsed DOM into a XMLObject
UnmarshallerFactory unmarshallerFactory =
Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller =
unmarshallerFactory.getUnmarshaller(xmlObjectElement);
XMLObject samlObject =
(XMLObject)unmarshaller.unmarshall(xmlObjectElement);
// marshall back the object to DOM
MarshallerFactory marshallerFactory =
Configuration.getMarshallerFactory();
Marshaller marshaller =
marshallerFactory.getMarshaller(samlObject);
Element newElement = marshaller.marshall(samlObject);
// write DOM to file using specified encoding
PrintWriter printWriter = new PrintWriter(outputFilename,
"ISO-8859-1");
XMLHelper.writeNode(newElement, printWriter);
printWriter.flush();
printWriter.close();
the output file has the XML header changed to UTF-8. The same happens if I
use an OutputStreamWriter connected to a FileOutputStream instead of a
PrintWriter.
Paolo
-----Original Message-----
From: Chad La Joie
[mailto:]
Sent: lunedì 5 maggio 2008 15.14
To:
Subject: Re: [OpenSAML] Verifying SAML signed metadata files
Paolo Selvini wrote:
> I did some more tests with signature verification and encoding of metadata
> files.
> As far as I could understand, I should use unicode and declare encoding
> ISO-8859-1 in XML files with "added-latin" charset, that is when I use
> chars like è,é,à etc.
>
> The only problem now is that when I marshall the signed SAML object
> (metadata) with
>
> Element newElement = marshaller.marshall(samlObject);
> String signedString =
> org.opensaml.xml.util.XMLHelper.nodeToString(newElement);
>
> the output string does have a UTF-8 encoding declared at the top. After
> writing it to a file with FileOutputStream, the actual file encoding is
> preserved as ISO-8859-1, so any attempt to unmarshall it back for signature
> verification fails as an incorrect encoding is declared.
> However, if I manually replace the <?xml version="1.0" encoding="UTF-8"?>
> with the more correct <?xml version="1.0" encoding="ISO-8859-1"?>,
> unmarshall, validation and verification are ok, both by my code with
> OpenSAML and by tools like Oxygen.
You should use the XMLHelper.writeNode(Node, Writer) method. The one that
creates a String is really only meant for things like getting the string to
write out to a log message.
> Is UTF-8 the default encoding used by OpenSAML? Isn't there any way to have
> OpenSAML declare the right encoding when marshalling DOM elements?
There is no "right" encoding when marshalling. It's only when you serialize
the DOM that encoding matters (in Java at least since all Strings are UTF-16,
always).
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security Werdstrasse 2, P.O. Box, 8021
Zürich, Switzerland phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
Le informazioni contenute in questa comunicazione e negli allegati sono
riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso,
copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla
immediatamente ed informarci via e-mail.
Prima di stampare questa e-mail consideratene l'impatto sull'ambiente. Grazie
per la collaborazione.
This e-mail and any attachment(s) are strictly confidential. This message
must not be copied, disclosed or used by anybody other than the intended
recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and
destroy this message immediately.
Please consider the environment before printing this e-mail. Thank you for
your cooperation.
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Scott Cantor, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/05/2008
- RE: [OpenSAML] Verifying SAML signed metadata files, Paolo Selvini, 05/02/2008
- Re: [OpenSAML] Verifying SAML signed metadata files, Chad La Joie, 05/02/2008
Archive powered by MHonArc 2.6.16.