JBoss Identity SVN: r654 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util.
by jboss-identity-commits@lists.jboss.org
Author: marcelkolsteren
Date: 2009-07-20 17:46:48 -0400 (Mon, 20 Jul 2009)
New Revision: 654
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
Log:
JBID-132: fixed redirect binding computes incorrect signatures for SAML responses
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-07-20 16:55:47 UTC (rev 653)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-07-20 21:46:48 UTC (rev 654)
@@ -71,7 +71,7 @@
if(relayState != null && relayState.length() > 0 )
urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
- byte[] sigValue = computeSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
+ byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest, urlEncodedRelayState, signingKey);
//Now construct the URL
return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
@@ -104,7 +104,7 @@
if(relayState != null && relayState.length() > 0 )
urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
- byte[] sigValue = computeSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
+ byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse, urlEncodedRelayState, signingKey);
//Now construct the URL
return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
@@ -121,7 +121,7 @@
public static String getSAMLRequestURLWithSignature(String urlEncodedRequest, String urlEncodedRelayState,
PrivateKey signingKey) throws IOException, GeneralSecurityException
{
- byte[] sigValue = computeSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
+ byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest, urlEncodedRelayState, signingKey);
return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
}
@@ -137,7 +137,7 @@
public static String getSAMLResponseURLWithSignature(String urlEncodedResponse, String urlEncodedRelayState,
PrivateKey signingKey) throws IOException, GeneralSecurityException
{
- byte[] sigValue = computeSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
+ byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse, urlEncodedRelayState, signingKey);
return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
}
@@ -188,11 +188,11 @@
//***************** Private Methods **************
private static byte[] computeSignature(
- String urlEncodedRequest, String urlEncodedRelayState,
+ String requestOrResponseKeyValuePair, String urlEncodedRelayState,
PrivateKey signingKey) throws IOException, GeneralSecurityException
{
StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest=").append(urlEncodedRequest);
+ sb.append(requestOrResponseKeyValuePair);
if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
{
sb.append("&RelayState=").append(urlEncodedRelayState);