Subject: OpenSAML user discussion
List archive
- From: Hubert Le Van Gong <>
- To:
- Subject: Re: [OpenSAML] XML signature issue(s)
- Date: Wed, 10 Sep 2008 22:16:17 +0200
Hi Edward,
I just tried it but got the same behaviour. I found the same error being discussed here but I don't really see how this could apply to this case since I'm not doing verification - only signing.
Hubert
On Sep 10, 2008, at 7:05 PM, wrote: I believe you have to add the object to be signed to the signature using signature.addDocument(...)
Edward Thompson (704) 383-9933 401 South Tryon Street Three Wachovia Center, Sixth floor Charlotte, NC 28202 Authentication & Entitlements Hubert Le Van Gong <> Sent by: 09/10/2008 10:56 AM | To | | cc | | Subject | [OpenSAML] XML signature issue(s) |
| Hi Guys, I'm following the example on the wiki to sign an XML object (either a SAML2 Assertion or a class that extends AbstractSignableXMLObject). The code I use is very much like the one on the wiki: BasicX509Credential stCred = new BasicX509Credential(); stCred.setEntityCertificate(myApp.cert); Signature signature = (Signature) Configuration.getBuilderFactory() .getBuilder(Signature.DEFAULT_ELEMENT_NAME) .buildObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(stCred); signature .setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); signature .setCanonicalizationAlgorithm (SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); myAssertion.setSignature(signature); try { Configuration .getMarshallerFactory ().getMarshaller(myAssertion).marshall(myAssertion); } catch(MarshallingException e) { Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, e); } try { Signer.signObject(signature); } catch(SignatureException e) { Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, e); } If I run this code on an assertion (myAssertion) I get the following exception: Exception in thread "main" java.lang.RuntimeException: org.apache.xml.security.signature.XMLSignatureException: object not initialized for signature or verification Original Exception was java.security.SignatureException: object not initialized for signature or verification at org.apache.xml.security.utils.SignerOutputStream.write(Unknown Source) at org .apache .xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(Unknown Source) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(Unknown Source) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(Unknown Source) at org .apache .xml .security .c14n .implementations.CanonicalizerBase.engineCanonicalizeSubTree(Unknown Source) at org .apache .xml .security .c14n .implementations .Canonicalizer20010315Excl.engineCanonicalizeSubTree(Unknown Source) at org .apache .xml .security .c14n .implementations .Canonicalizer20010315Excl.engineCanonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Unknown Source) at org .apache.xml.security.signature.SignedInfo.signInOctectStream(Unknown Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) at org.opensaml.xml.signature.Signer.signObject(Signer.java:78) Any idea what went wrong? If I run the same code on my own class, replacing: myAssertion.setSignature(signature); with ep.EPR.setSignature(signature); and the marshalling line Configuration .getMarshallerFactory ().getMarshaller(myAssertion).marshall(myAssertion); with: Configuration .getMarshallerFactory().getMarshaller(ep.EPR).marshall(ep.EPR); I get another error (same place - calling Signer.signObject()): 1370 [main] ERROR org.opensaml.xml.signature.Signer - Unable to compute signature, Signature XMLObject does not have the XMLSignature created during marshalling. SEVERE: null org.opensaml.xml.signature.SignatureException: XMLObject does not have an XMLSignature instance, unable to compute signature at org.opensaml.xml.signature.Signer.signObject(Signer.java:75) That one is also surprising since the EPR class does extend AbstractSignableXMLObject and does get the signature. Any hint greatly appreciated! Hubert
|
Archive powered by MHonArc 2.6.16.