The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Diff for reading private key from a file(.pem) and sign SAML Assertion

Mon, 2009-04-06 03:06 by vijaymittalMon, 2009-04-06 03:09 by vijaymittal
Changes to Body
Line 1Line 1
  +
<p>
 
<span class="value">Hi,<br />
 
<span class="value">Hi,<br />
 
<br />
 
<br />
Line 11Line 12
 
<br />
 
<br />
 
Thanks,<br />
 
Thanks,<br />
-
Vijay<br />
+
Vijay</span>
  +
</p>
  +
<p>
  +
&nbsp;
  +
</p>
  +
<p>
  +
Code Snippet:<br />
  +
 <br />
 
<br />
 
<br />
-
<br />
+
String privKeyFile = &quot;abc.pem&quot;;<br />
-
</span>
+
String alias = &quot;test&quot;;<br />
-
<div class="qCodeSnippetRow">
+
char[] password = &quot;pwd&quot;.toCharArray();<br />
-
<div class="name">
+
// read private key PEM file<br />
-
Code Snippet:
+
java.io.DataInputStream dis = new java.io.DataInputStream(new FileInputStream(privKeyFile));<br />
-
</div>
+
byte[] privKeyBytes = new byte[(int)privKeyFile.length()];<br />
-
<div class="value">
+
dis.readFully(privKeyBytes);<br />
-
<div class="codeSnippet">
+
dis.close();<br />
-
<table border="0">
+
KeyFactory keyFactory = KeyFactory.getInstance(&quot;RSA&quot;);<br />
-
<tbody>
+
BASE64Decoder b64 = new BASE64Decoder();<br />
-
<tr>
+
// decode private key<br />
-
<td class="lineNumbers">
+
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(b64.decodeBuffer(privKeyBytes.toString()));<br />
-
<pre>
+
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privSpec); <br />
-
1:
+
samlassertion.sign(<br />
-
2:
+
Signature.getInstance(&quot;MD5withRSA&quot;).toString(),<br />
-
3:
+
privKey,<br />
-
4:
+
null<br />
-
5:
+
);
-
6:
+
</p>
-
7:
+
-
8:
+
-
9:
+
-
10:
+
-
11:
+
-
12:
+
-
13:
+
-
14:
+
-
15:
+
-
16:
+
-
17:
+
-
18:
+
-
19:
+
-
20:
+
-
21:
+
-
</pre>
+
-
</td>
+
-
<td class="codeBody">
+
-
<pre class="prettyprint">
+
-
<span class="typ">String</span><span class="pln"> privKeyFile </span><span class="pun">=</span><span class="pln"> </span><span class="str">&quot;abc.pem&quot;</span><span class="pun">;</span><span class="pln">
+
-
</span><span class="typ">String</span><span class="pln"> </span><span class="kwd">alias</span><span class="pln"> </span><span class="pun">=</span><span class="pln"> </span><span class="str">&quot;test&quot;</span><span class="pun">;</span><span class="pln">
+
-
</span><span class="kwd">char</span><span class="pun">[]</span><span class="pln"> password </span><span class="pun">=</span><span class="pln"> </span><span class="str">&quot;pwd&quot;</span><span class="pun">.</span><span class="pln">toCharArray</span><span class="pun">();</span><span class="pln">
+
-
</span><span class="com">// read private key PEM file</span><span class="pln">
+
-
java</span><span class="pun">.</span><span class="pln">io</span><span class="pun">.</span><span class="typ">DataInputStream</span><span class="pln"> dis </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> java</span><span class="pun">.</span><span class="pln">io</span><span class="pun">.</span><span class="typ">DataInputStream</span><span class="pun">(</span><span class="kwd">new</span><span class="pln"> </span><span class="typ">FileInputStream</span><span class="pun">(</span><span class="pln">privKeyFile</span><span class="pun">));</span><span class="pln">
+
-
</span><span class="kwd">byte</span><span class="pun">[]</span><span class="pln"> privKeyBytes </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="kwd">byte</span><span class="pun">[(</span><span class="kwd">int</span><span class="pun">)</span><span class="pln">privKeyFile</span><span class="pun">.</span><span class="pln">length</span><span class="pun">()];</span><span class="pln">
+
-
dis</span><span class="pun">.</span><span class="pln">readFully</span><span class="pun">(</span><span class="pln">privKeyBytes</span><span class="pun">);</span><span class="pln">
+
-
dis</span><span class="pun">.</span><span class="pln">close</span><span class="pun">();</span><span class="pln">
+
-
</span><span class="typ">KeyFactory</span><span class="pln"> keyFactory </span><span class="pun">=</span><span class="pln"> </span><span class="typ">KeyFactory</span><span class="pun">.</span><span class="pln">getInstance</span><span class="pun">(</span><span class="str">&quot;RSA&quot;</span><span class="pun">);</span><span class="pln">
+
-
BASE64Decoder b64 </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> BASE64Decoder</span><span class="pun">();</span><span class="pln">
+
-
</span><span class="com">// decode private key</span><span class="pln">
+
-
PKCS8EncodedKeySpec privSpec </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> PKCS8EncodedKeySpec</span><span class="pun">(</span><span class="pln">b64</span><span class="pun">.</span><span class="pln">decodeBuffer</span><span class="pun">(</span><span class="pln">privKeyBytes</span><span class="pun">.</span><span class="kwd">toString</span><span class="pun">()));</span><span class="pln">
+
-
</span><span class="typ">RSAPrivateKey</span><span class="pln"> privKey </span><span class="pun">=</span><span class="pln"> </span><span class="pun">(</span><span class="typ">RSAPrivateKey</span><span class="pun">)</span><span class="pln"> keyFactory</span><span class="pun">.</span><span class="pln">generatePrivate</span><span class="pun">(</span><span class="pln">privSpec</span><span class="pun">);</span><span class="pln">
+
-
samlassertion</span><span class="pun">.</span><span class="pln">sign</span><span class="pun">(</span><span class="pln">
+
-
</span><span class="typ">Signature</span><span class="pun">.</span><span class="pln">getInstance</span><span class="pun">(</span><span class="str">&quot;MD5withRSA&quot;</span><span class="pun">).</span><span class="kwd">toString</span><span class="pun">(),</span><span class="pln">
+
-
privKey</span><span class="pun">,</span><span class="pln">
+
-
</span><span class="kwd">null</span><span class="pln">
+
-
</span><span class="pun">);</span>
+
-
</pre>
+
-
</td>
+
-
</tr>
+
-
</tbody>
+
-
</table>
+
-
</div>
+
-
</div>
+
-
</div>
+
 
 
Current revision:

vijaymittal

reading private key from a file(.pem) and sign SAML Assertion

Hi,

I am working on SAML assertion. I have a private key abc.pem. I want to read this file and sign the assertion. The code I found on the internet is what I have written. I might be wrong, but somehow I think this code is for generation private key from a public key, which is what I don't want. I already have a private key, alias and its password. I just want to read it from file and sign the assertion. You help would be greatly appreciated.

Thanks,
Vijay

 

Code Snippet:
 

String privKeyFile = "abc.pem";
String alias = "test";
char[] password = "pwd".toCharArray();
// read private key PEM file
java.io.DataInputStream dis = new java.io.DataInputStream(new FileInputStream(privKeyFile));
byte[] privKeyBytes = new byte[(int)privKeyFile.length()];
dis.readFully(privKeyBytes);
dis.close();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
BASE64Decoder b64 = new BASE64Decoder();
// decode private key
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(b64.decodeBuffer(privKeyBytes.toString()));
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privSpec);
samlassertion.sign(
Signature.getInstance("MD5withRSA").toString(),
privKey,
null
);

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I