OpenSAML user discussion

["Kurt Werner" <>]

Joana,

Here is some sample code of how I added
the keyInfo to a SAML 1.1 signature.  Code should be very similiar
for SAML 2.0

   
protected Signature addSignature(Response
response, Assertion assertion)
           
                  throws Exception
    {
        //prep the
builders
        SignatureBuilder
signatureBuilder =
           
(SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
        KeyInfoBuilder
keyInfoBuilder =
           
(KeyInfoBuilder) builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);

        //retrieve
the private key
        String alias
= bean.getKeyAlias() + bean.getKeyVersion();
        RSAPrivateKey
privateKey = KeyAccess.getPrivateKey(alias);

        //prepare the
credentials
        BasicCredential
credential = new BasicCredential();
        credential.setPrivateKey(privateKey);

        //create a
signature object
        Signature signature
=
           
(Signature) signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(credential);

        //add keyinfo
to signature
        KeyInfo keyinfo
= (KeyInfo) keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Certificate
certificate = KeyAccess.getCertificate(alias);
        KeyInfoHelper.addCertificate(keyinfo,
certificate);
        signature.setKeyInfo(keyinfo);

        SecurityHelper.prepareSignatureParams(signature,
credential, null, null);

        if (bean.signAssertion())
        {
           
assertion.setSignature(signature);
        }
        else
        {
           
response.setSignature(signature);
        }

        return signature;
    }

"Joana M. F. Trindade" <>

06/25/2008 04:41 PM

Please respond to

To
cc
Subject	[OpenSAML] Problems creating KeyInfo object

Hi,

I'm trying to create a KeyInfo object and set it to an OpenSAML Signature,
but I'm having problems. The signing seems to be working fine (well-formed
signature value), so I assume there must be something wrong with the way
I'm generating the KeyInfo object. My code is the following:

// ------
Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME)
            .buildObject(Signature.DEFAULT_ELEMENT_NAME);

signature.setSigningCredential(credential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
KeyInfoGenerator kiGenerator = kiFactory.newInstance();
KeyInfo keyInfo = kiGenerator.generate(credential);
                    
  
signature.setKeyInfo(keyInfo);
// ------

The only information I found about how to set a KeyInfo was the guide on
how to sign objects [1]. However, there's no example on how to create the
KeyInfo object from a Credential using a KeyInfoGenerator or the like.
I also tried google (of course..) but no success either. The OpenSAML and
XMLTooling versions I'm using are, respectively, 2.2.0 and 1.1.0.

Thanks,
Joana

[1] - https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG

-- 
Joana M. F. da Trindade

Email: 
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
LinkedIn: http://www.linkedin.com/in/joanatrindade

---

The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.