OpenSAML user discussion

[Chad La Joie <>]

Check the Javadocs for the return type of KeyStore.PrivateKeyEntry, it's 
not org.opensaml.xml.signature.X509Certificate.  The OpenSAML object is 
the XMLObject for the XML Digital Signature spec's X509Certificate element.

lakshmi narasimhan wrote:
> Hello all,
>
> I'm trying to generate a valid SAML assertion using openSAML API. For
> signing the assertion, I'm generating the certificate using Java Keytool
> utility as follows:
>
>  keytool -genkey -alias myservicekey -keyalg RSA -sigalg SHA1withRSA
> -keypass skpass -storepass sspass -keystore serviceKeystore.jks -dname
> "cn=localhost"
> keytool -genkey -alias myclientkey -keyalg RSA -sigalg SHA1withRSA -keypass
> ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"
> keytool -genkey -alias unauthorizedkey -keyalg RSA -sigalg SHA1withRSA
> -keypass ukpass -storepass uspass -keystore unauthIdentity.jks -dname
> "cn=unauthorizedkey"
>
> keytool -export -rfc -keystore clientKeystore.jks -storepass cspass -alias
> MyClientKey -file MyClient.cer
> keytool -import -trustcacerts -keystore serviceKeystore.jks -storepass
> sspass -alias MyClientKey -file MyClient.cer -noprompt
>
> keytool -export -rfc -keystore serviceKeystore.jks -storepass sspass -alias
> MyServiceKey -file MyService.cer
> keytool -import -trustcacerts -keystore clientKeystore.jks -storepass cspass
> -alias MyServiceKey -file MyService.cer -noprompt
>
> import java.security.cert.X509Certificate;
>
>
>     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
>           char[] password = "cspass".toCharArray();
>           FileInputStream fis = new
> FileInputStream("C:/clientKeystore.jks");
>           ks.load(fis, password);
>           fis.close();
>
>           KeyStore.PrivateKeyEntry pkEntry =
> (KeyStore.PrivateKeyEntry)ks.getEntry("myclientkey", new
>   KeyStore.PasswordProtection("ckpass".toCharArray()));
>           PrivateKey pk = pkEntry.getPrivateKey();
>  //I'm receiving type cast error here
>           org.opensaml.xml.signature.X509Certificate certificate =
> (org.opensaml.xml.signature.X509Certificate)pkEntry.getCertificate();
>
>           BasicX509Credential credential = new BasicX509Credential();
>           //credential.setEntityCertificate(certificate);
>           credential.setPrivateKey(pk);
>
>
> While running the above code, I'm getting the following exception:
>
> 10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
> INFO: ObjectProviders load complete
> 10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
> INFO: Preparing to load ObjectProviders
> 10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
> INFO: ObjectProviders load complete
> java.lang.ClassCastException: sun.security.x509.X509CertImpl
>  at com.aviva.tam.pmi.SAML2ResponseCreate.main(SAML2ResponseCreate.java:161)
>
> I'm getting the exception mentioned above when I try typecasting the X509
> cert generated by Java API into an OpenSAML X509Certificate. Could you
> please suggest how I should add an X509 certificate to a SAML assertion
> using OpenSAML API v2.0?
>
> Thanks,
> Laks.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch