saml

svn Tue, 01 Apr 2008 03:04:18 -0700

Author: prabath
Date: Tue Apr  1 03:04:15 2008
New Revision: 15441

Log:


Signature validation fixes

Modified:
   
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/X509CredentialUtil.java

Modified: 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/X509CredentialUtil.java
==============================================================================
--- 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/X509CredentialUtil.java
    (original)
+++ 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml/X509CredentialUtil.java
    Tue Apr  1 03:04:15 2008
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.wso2.solutions.identity.relyingparty.saml;
 
 import java.io.ByteArrayInputStream;
@@ -8,6 +24,8 @@
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
 import org.apache.xml.security.utils.Base64;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Exponent;
@@ -22,14 +40,15 @@
 import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
 
 /**
- * This class creates the X509CredentialImpl that is needed to 
- * verify the signature.
- *
+ * This class creates the X509CredentialImpl that is needed to verify the
+ * signature.
  */
 public class X509CredentialUtil {
 
     public static KeyStore systemKeyStore = null;
 
+    public static BigInteger DEFAULT_EXPONENET = new BigInteger("65537");
+
     /**
      * Creates the X509Credential from the TrustStore certificate.
      */
@@ -44,13 +63,15 @@
                 credential = new X509CredentialImpl(cert);
             }
         } catch (KeyStoreException e) {
-            throw new 
RelyingPartyException("errorExtractingCertFromTrustStore", new String[] { alias 
}, e);
+            throw new RelyingPartyException(
+                    "errorExtractingCertFromTrustStore",
+                    new String[] { alias }, e);
         }
         return credential;
     }
 
     /**
-     * Creates the certificate from the KeyInfo element. 
+     * Creates the certificate from the KeyInfo element.
      */
     public static X509Credential loadCredentialFromSignature(Signature 
signature)
             throws RelyingPartyException {
@@ -76,7 +97,8 @@
                     X509Certificate certElem = (X509Certificate) ite.next();
                     String certValue = certElem.getValue();
                     byte[] certInBytes = Base64.decode(certValue);
-                    ByteArrayInputStream bis = new 
ByteArrayInputStream(certInBytes);
+                    ByteArrayInputStream bis = new ByteArrayInputStream(
+                            certInBytes);
                     CertificateFactory factory = CertificateFactory
                             .getInstance("X509");
                     java.security.cert.X509Certificate x509Cert = 
(java.security.cert.X509Certificate) factory
@@ -92,24 +114,36 @@
                 RSAKeyValue rsaKey = val.getRSAKeyValue();
 
                 Element elem = rsaKey.getDOM();
+                OMElement omElem = (OMElement) new OMDOMFactory().getDocument()
+                        .importNode(elem, true);
+
+                Element modElem = null;
+                Element expElem = null;
 
-                Element modElem = (Element) elem.getElementsByTagName(
-                        Modulus.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
-                Element expElem = (Element) elem.getElementsByTagName(
-                        Exponent.DEFAULT_ELEMENT_LOCAL_NAME).item(0);
+                modElem = (Element) omElem
+                        .getFirstChildWithName(Modulus.DEFAULT_ELEMENT_NAME);
+                expElem = (Element) omElem
+                        .getFirstChildWithName(Exponent.DEFAULT_ELEMENT_NAME);
 
                 BigInteger mod = Base64.decodeBigIntegerFromElement(modElem);
-                BigInteger exp = Base64.decodeBigIntegerFromElement(expElem);
+                BigInteger exp = null;
+
+                if (expElem != null) {
+                    exp = Base64.decodeBigIntegerFromElement(expElem);
+                } else {
+                    exp = DEFAULT_EXPONENET;
+                }
+
                 credential = new X509CredentialImpl(mod, exp);
             } else {
-               assert false : "unknown key info";
+                assert false : "unknown key info";
             }
         } catch (Exception e) {
-            throw new RelyingPartyException("errorReadingFromKeyInfo", 
-                    new Object[]{e.getClass(), e.getMessage()});
+            throw new RelyingPartyException("errorReadingFromKeyInfo",
+                    new Object[] { e.getClass(), e.getMessage() });
         }
 
         return credential;
     }
 
-}
+}
\ No newline at end of file

_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev

[Identity-dev] svn commit r15441 - trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/saml

Reply via email to