OpenSAML user discussion

[Chad La Joie <>]

You're on the wrong mailing list, if some one else's signature validator 
has a problem you need to contact them.

Ravi Balasubramanian wrote:
> I am generating a SAML response with digital signature and my
> x509certificate data. Trying to validate the digital signature using
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html
>
> Having two issues:
>
> 1.      The verifier is looking for node within <Signature.. /> specified by
> Reference URI. But my digital signature does not have that node. Reference
> URL is defaulting to the Assertion ID which is being digitally signed. 
> 2.	Even when I manually add the node, the verification fails.  My
> digital signature code looks like this:
>
>  
>
>                     KeyStore ks =
> KeyStore.getInstance(KeyStore.getDefaultType()); 
>
>                     char[] password = "xxxxxx".toCharArray(); 
>
>                     FileInputStream fis = new
> FileInputStream("c:/keystore/test.ks"); 
>
>                     ks.load(fis, password); 
>
>                     fis.close(); 
>
>                     char[] achKeyStorePass = password;
>
>                     String keyAlias = "mytestkey";
>
>                     PrivateKey pk =  (PrivateKey)
> ks.getKey(keyAlias,achKeyStorePass);
>
>                     X509Certificate certificate = (X509Certificate)
> ks.getCertificate(keyAlias);
>
>                     BasicX509Credential credential = new
> BasicX509Credential(); 
>
>                     credential.setEntityCertificate(certificate); 
>
>                     credential.setPrivateKey(pk); 
>
>                     Signature signature = (new
> SignatureBuilder()).buildObject(); 
>
>                     Namespace signNS = new
> Namespace("http://www.w3.org/2009/09/xmldsig#
> <http://www.w3.org/2009/09/xmldsig> ", "");
>
>                     signature.addNamespace(signNS);
>
>                     signature.setSigningCredential(credential); 
>
>  
> signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA); 
>
>  
> signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_OMIT_
> COMMENTS); 
>
>                     KeyInfo keyinfo = (new
> KeyInfoBuilder()).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
>
>                     KeyInfoHelper.addCertificate(keyinfo, certificate);
>
>  
> SecurityHelper.prepareSignatureParams(signature,credential, null, null);
>
>                     assertion.setSignature(signature);
>
>  
>
> The code generates signature but when validating, says not able to validate.
>
>  

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch