Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Reading self signed cert and storing as saml metadata

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Reading self signed cert and storing as saml metadata


Chronological Thread 
  • From: rangeli nepal <>
  • To:
  • Subject: Re: [OpenSAML] Reading self signed cert and storing as saml metadata
  • Date: Wed, 17 Nov 2010 03:20:49 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=P+4qnwG9jlU3xb8hk5dEU3Q+qmpjr80Sbb6Nt6t6+qeXGrReidp1NkqLyawPNJwL7e VkKt+tIawBH3k+Z4/Na8YeXXWbQwUlXsOP/9KvqLNTUCeAzix+2mKidPb+elyP5OKA/v tYhiI/B4hCXD+363k60ZjzBbZHUSRQFDX8IpQ=

I was under the impression that both
SAML2HTTPPostSimpleSignRule,SAML2HTTPRedirectDeflateSignatureRule use
X509Util.decodeCertificate.
and X509Certificate on Metadata or with authnrequest are without
---BEGIN--- and ----END---
rn

On Tue, Nov 16, 2010 at 4:27 PM, Brent Putman
<>
wrote:
>
> On 11/16/10 4:17 PM, rangeli nepal wrote:
>> One question about X509Util.decodeCertificate(cert.getBytes())
>>
>> If I use with the cert that has BEGIN and END. it works fine. But If I
>> strip it out throws an exception.
>> Is there a way to handle it.?
>
>
>
>
> Not that I am aware of.   It's just a lightweight wrapper around a call
> to org.apache.commons.ssl.TrustMaterial, and as far as I know, it
> expects properly formatted PEM data, where the BEGIN and END delimiters
> are required (as opposed to just Base64-encoded DER).  But feel free to
> investigate their library:
>
>
> http://juliusdavies.ca/commons-ssl/
>
>
> There might be some other way to read the cert data in that is agnostic
> to whether the PEM formatting is there.  I haven't done it in awhile,
> but something makes me think that the standard Java CertificateFactory
> may work that way.
>



Archive powered by MHonArc 2.6.16.

Top of Page