Hi,
who can give me an example how to encrypt assertion? thanks.
Thanks&Best Regards
Li Ji Xian
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaXMLEncryption
Hi Putmanb,
Thanks for your response.
I can run it, but I have another question, if I use RSA algorithm to encrypt, how do I set block size of RSA algorithm? Below is exception:
org.opensaml.xml.encryption.EncryptionException: Error encrypting XMLObject
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:453)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:343)
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:257)
at SamlTest.main(SamlTest.java:208)
Caused by: java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.encryptData(Unknown Source)
at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:450)
... 3 more
Thanks&Best Regards
Li Ji Xian
Many thanks, Putmanb.
By the way, if I need digest assertion, should I digest signature info or digest only other assertion info except signature info?
Hi Putman,
I need digest whole aeestion with Enveloped method, here is few lines of code:
Assertion assertion = getAssertion2();
Signature signature = create(Signature.class, Signature.DEFAULT_ELEMENT_NAME);
org.opensaml.xml.signature.KeyInfo openKeyInfo = create(org.opensaml.xml.signature.KeyInfo.class,org.opensaml.xml.signature.KeyInfo.DEFAULT_ELEMENT_NAME);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
X509Certificate cert = (X509Certificate)publickeyStore.getCertificate("serverkey");
KeyInfoHelper.addCertificate(openKeyInfo, cert);
signature.setKeyInfo(openKeyInfo);
signature.setSigningCredential(privatecredential);
SAMLObjectContentReference contentReference = new SAMLObjectContentReference(assertion);
signature.getContentReferences().add(contentReference);
Below is assertion output, I can't find anything in <ds:DigestValue/>,why?
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
<ds:SignatureMethod/>
<ds:Reference
URI="#_01f817fbb3f0714ec25bf19a509cc6ab"
>
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="ds saml2"
/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<ds:DigestValue/>
</ds:Reference>
<ds:Reference
URI="#_01f817fbb3f0714ec25bf19a509cc6ab"
>
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
>
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="ds saml2"
/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<ds:DigestValue/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICHzCCAYigAwIBAgIETawCXzANBgkqhkiG9w0BAQUFADBUMQwwCgYDVQQGEwNtY2IxDDAKBgNV
BAgTA21jYjEMMAoGA1UEBxMDbWNiMQwwCgYDVQQKEwNtY2IxDDAKBgNVBAsTA21jYjEMMAoGA1UE
AxMDbWNiMB4XDTExMDQxODA5MjAzMVoXDTExMDcxNzA5MjAzMVowVDEMMAoGA1UEBhMDbWNiMQww
CgYDVQQIEwNtY2IxDDAKBgNVBAcTA21jYjEMMAoGA1UEChMDbWNiMQwwCgYDVQQLEwNtY2IxDDAK
BgNVBAMTA21jYjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo3nuqqSaZ+5/vFub9vWoUM26
9klTmshTMXskPcs+UzQG0/S8O/cbi/uZpSK/z3ZYtD2P/E6PofdwgREXl1tYydgRn6iG48i7IIRX
QmoLk++GEWu1RLe0M5R9kyno5E0qMehtfoO37vLo9S09j+mperRYJDspi+1KmiiOb9zA5H8CAwEA
ATANBgkqhkiG9w0BAQUFAAOBgQCJr4T7o+4SSVFhJhW3e0bxxYNu0Qy0M0sw0bjDJKzuOOoq6RqG
nbXNlYfW+FINhrgSxQByyNER4yGC39nRjAECUkZcBMzZvQ2R9CCduTxxx67lNmtDm1VuW9GfwVKU
A+G3INKFxQ1L6wdrc7tpe5tUvR+NK2uVxVOczvgabkkPyA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>