Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] RE: Digital signature not valid

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] RE: Digital signature not valid


Chronological Thread 
  • From: "Ravi Balasubramanian" <>
  • To: <>
  • Subject: RE: [OpenSAML] RE: Digital signature not valid
  • Date: Fri, 28 Aug 2009 08:53:56 -0400

No. I am want to make sure the code segment I have is right, as I tried in
multiple signature validators and all failed to validate.

The error I get is digest value and data does not match.

-----Original Message-----
From: Chad La Joie
[mailto:]

Sent: Friday, August 28, 2009 8:50 AM
To:

Subject: Re: [OpenSAML] RE: Digital signature not valid

You're on the wrong mailing list, if some one else's signature validator
has a problem you need to contact them.

Ravi Balasubramanian wrote:
> I am generating a SAML response with digital signature and my
> x509certificate data. Trying to validate the digital signature using
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html
>
> Having two issues:
>
> 1. The verifier is looking for node within <Signature.. /> specified by
> Reference URI. But my digital signature does not have that node. Reference
> URL is defaulting to the Assertion ID which is being digitally signed.
> 2. Even when I manually add the node, the verification fails. My
> digital signature code looks like this:
>
>
>
> KeyStore ks =
> KeyStore.getInstance(KeyStore.getDefaultType());
>
> char[] password = "xxxxxx".toCharArray();
>
> FileInputStream fis = new
> FileInputStream("c:/keystore/test.ks");
>
> ks.load(fis, password);
>
> fis.close();
>
> char[] achKeyStorePass = password;
>
> String keyAlias = "mytestkey";
>
> PrivateKey pk = (PrivateKey)
> ks.getKey(keyAlias,achKeyStorePass);
>
> X509Certificate certificate = (X509Certificate)
> ks.getCertificate(keyAlias);
>
> BasicX509Credential credential = new
> BasicX509Credential();
>
> credential.setEntityCertificate(certificate);
>
> credential.setPrivateKey(pk);
>
> Signature signature = (new
> SignatureBuilder()).buildObject();
>
> Namespace signNS = new
> Namespace("http://www.w3.org/2009/09/xmldsig#
> <http://www.w3.org/2009/09/xmldsig> ", "");
>
> signature.addNamespace(signNS);
>
> signature.setSigningCredential(credential);
>
>
> signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);

>
>
>
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_OMIT_
> COMMENTS);
>
> KeyInfo keyinfo = (new
> KeyInfoBuilder()).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
>
> KeyInfoHelper.addCertificate(keyinfo, certificate);
>
>
> SecurityHelper.prepareSignatureParams(signature,credential, null, null);
>
> assertion.setSignature(signature);
>
>
>
> The code generates signature but when validating, says not able to
validate.
>
>
>
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch





Archive powered by MHonArc 2.6.16.

Top of Page