Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] XMLSignatureException: algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.
  • Date: Mon, 04 Aug 2008 15:33:45 -0400




wrote:
Hi to all

i'm an university student and i'm developing a project that need to use some SAML component. In particular i've choose openSAML 1.1b for the java side;

Like Scott said, that version's not really supported any more, but read on...

##################################################################################
KeyPairGenerator keyGen =KeyPairGenerator.getInstance("DSA", "SUN");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG",
"SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();

ArrayList nuova=new ArrayList();
nuova.add(cert);


asr.sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1,
priv, nuova);
##################################################################################




You've got some mismatch of key types here. You're trying to sign with the RSA-SHA1 algorithm URI, but you're generating a DSA key in the KeyGenerator and using that private key as the signing key. If I recall correctly, this mismatch will result in the error you're seeing.

Also, maybe this is just test code or you have redacted something in the middle there, but: it doesn't really make sense to generate a signing key and then include some unrelated cert in the KeyInfo (your nuova array). The X509Data/X509Certificate element(s) generally have to either contain the end-entity cert with the public half of the signing key pair, or other certs that are a part of the signing certificate's chain, which is used for validation (establishing trust). That's not causing this error, just FYI.

--Brent







Archive powered by MHonArc 2.6.16.

Top of Page