Subject: OpenSAML user discussion
List archive
- From: Hubert Le Van Gong <>
- To:
- Subject: Re: [OpenSAML] XML signature issue(s)
- Date: Wed, 10 Sep 2008 22:16:17 +0200
| Hi Edward,
I just tried it but got the same behaviour. I found the same error being discussed here but I don't really see how this could apply to this case since I'm not doing verification - only signing.
Hubert
On Sep 10, 2008, at 7:05 PM, wrote:
I believe you have to add the object to be signed to the signature using signature.addDocument(...)
Edward Thompson
(704) 383-9933
401 South Tryon Street
Three Wachovia Center, Sixth floor
Charlotte, NC 28202
Authentication & Entitlements
Hubert Le Van Gong <>
Sent by: 09/10/2008 10:56 AM
| | To | | | cc | | | Subject | [OpenSAML] XML signature issue(s) |
|
Hi Guys,
I'm following the example on the wiki to sign an XML object (either a
SAML2 Assertion or a class that extends AbstractSignableXMLObject).
The code I use is very much like the one on the wiki:
BasicX509Credential stCred = new BasicX509Credential();
stCred.setEntityCertificate(myApp.cert);
Signature signature = (Signature)
Configuration.getBuilderFactory()
.getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(stCred);
signature
.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature
.setCanonicalizationAlgorithm
(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
myAssertion.setSignature(signature);
try {
Configuration
.getMarshallerFactory
().getMarshaller(myAssertion).marshall(myAssertion);
} catch(MarshallingException e) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, e);
}
try {
Signer.signObject(signature);
} catch(SignatureException e) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, e);
}
If I run this code on an assertion (myAssertion) I get the following
exception:
Exception in thread "main" java.lang.RuntimeException:
org.apache.xml.security.signature.XMLSignatureException: object not
initialized for signature or verification
Original Exception was java.security.SignatureException: object not
initialized for signature or verification
at
org.apache.xml.security.utils.SignerOutputStream.write(Unknown Source)
at
org
.apache
.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(Unknown
Source)
at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(Unknown
Source)
at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(Unknown
Source)
at
org
.apache
.xml
.security
.c14n
.implementations.CanonicalizerBase.engineCanonicalizeSubTree(Unknown
Source)
at
org
.apache
.xml
.security
.c14n
.implementations
.Canonicalizer20010315Excl.engineCanonicalizeSubTree(Unknown Source)
at
org
.apache
.xml
.security
.c14n
.implementations
.Canonicalizer20010315Excl.engineCanonicalizeSubTree(Unknown Source)
at
org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Unknown
Source)
at
org
.apache.xml.security.signature.SignedInfo.signInOctectStream(Unknown
Source)
at
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at org.opensaml.xml.signature.Signer.signObject(Signer.java:78)
Any idea what went wrong?
If I run the same code on my own class, replacing:
myAssertion.setSignature(signature);
with
ep.EPR.setSignature(signature);
and the marshalling line
Configuration
.getMarshallerFactory
().getMarshaller(myAssertion).marshall(myAssertion);
with:
Configuration
.getMarshallerFactory().getMarshaller(ep.EPR).marshall(ep.EPR);
I get another error (same place - calling Signer.signObject()):
1370 [main] ERROR org.opensaml.xml.signature.Signer - Unable to
compute signature, Signature XMLObject does not have the XMLSignature
created during marshalling.
SEVERE: null
org.opensaml.xml.signature.SignatureException: XMLObject does not have
an XMLSignature instance, unable to compute signature
at org.opensaml.xml.signature.Signer.signObject(Signer.java:75)
That one is also surprising since the EPR class does extend
AbstractSignableXMLObject and does get the signature.
Any hint greatly appreciated!
Hubert
|
Archive powered by MHonArc 2.6.16.
