search

italia / spid-spring

SPID extension for Java Spring
BSD 3-Clause "New" or "Revised" License
29 stars 22 forks source link

Elemento SignatureValue vuoto #10

Closed vincenzocorso closed 2 years ago

vincenzocorso commented 3 years ago

Salve quando provo a generare una richiesta, l'elemento <SignatureValue /> è vuoto. Questo causa il seguente errore durante la richiesta post diretta allo spid test env: TypeError: argument should be a bytes-like object or ASCII string, not 'NoneType'

immagine

Un esempio di richiesta generata è il seguente:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" AttributeConsumingServiceIndex="1" Destination="http://localhost:8088/sso" ID="_53d4af8588354677b4f9cf383b4805c4" IssueInstant="2021-02-26T21:54:23.687Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="http://localhost:8080">http://localhost:8080</saml2:Issuer>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
         <ds:Reference URI="#_53d4af8588354677b4f9cf383b4805c4">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue />
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue />
      <ds:KeyInfo>
         <ds:KeyValue>
            <ds:RSAKeyValue>
               <ds:Modulus>vx4qAxptDe6NkHqXGUTRurYXLuXy5kja0x0So1JVQOOluKwtDHVrlcophtkCNr5TI1Vc6znGuwro
j6OKepo6PLsjPVWYZq+mLZKUyJ6/yFOPDDQwfsvNMxjZ28j6hFE+fPozQ2WPltQsRBOXipn/InhV
M1HM+tIwJ6+PK4eRJkaXo6aPD45ffYwlA21jZYp5hcjCGvwG8FNIZrUbLqjwppcY7vcN2LpiAm4t
ypachQzJOqKJx1F1UZE4wEE1H8yHZgtdo3wL0NGGZ5zRiV5ECjHvpz+EYckBL9DDpzFy95g7tn0S
zTcB/ktIQL4iKfnzezHl5jMBf8tJPn6ImOE69w==</ds:Modulus>
               <ds:Exponent>AQAB</ds:Exponent>
            </ds:RSAKeyValue>
         </ds:KeyValue>
         <ds:X509Data>
            <ds:X509Certificate>MIIEMDCCAxigAwIBAgIJAK8BDpV2YZ66MA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQGEwJJVDER
MA8GA1UECAwIVmVyY2VsbGkxETAPBgNVBAcMCFZlcmNlbGxpMRswGQYDVQQKDBJDb211bmUgZGkg
VmVyY2VsbGkxDTALBgNVBAsMBFNwaWQxHzAdBgNVBAMMFmNvbXVuZS52ZXJjZWxsaS5nb3YuaXQx
KjAoBgkqhkiG9w0BCQEWG3NwaWRAY29tdW5lLnZlcmNlbGxpLmdvdi5pdDAeFw0yMTAyMjYxNTU0
NDRaFw0yNDAyMjYxNTU0NDRaMIGsMQswCQYDVQQGEwJJVDERMA8GA1UECAwIVmVyY2VsbGkxETAP
BgNVBAcMCFZlcmNlbGxpMRswGQYDVQQKDBJDb211bmUgZGkgVmVyY2VsbGkxDTALBgNVBAsMBFNw
aWQxHzAdBgNVBAMMFmNvbXVuZS52ZXJjZWxsaS5nb3YuaXQxKjAoBgkqhkiG9w0BCQEWG3NwaWRA
Y29tdW5lLnZlcmNlbGxpLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8e
KgMabQ3ujZB6lxlE0bq2Fy7l8uZI2tMdEqNSVUDjpbisLQx1a5XKKYbZAja+UyNVXOs5xrsK6I+j
inqaOjy7Iz1VmGavpi2SlMiev8hTjww0MH7LzTMY2dvI+oRRPnz6M0Nlj5bULEQTl4qZ/yJ4VTNR
zPrSMCevjyuHkSZGl6Omjw+OX32MJQNtY2WKeYXIwhr8BvBTSGa1Gy6o8KaXGO73Ddi6YgJuLcqW
nIUMyTqiicdRdVGROMBBNR/Mh2YLXaN8C9DRhmec0YleRAox76c/hGHJAS/Qw6cxcveYO7Z9Es03
Af5LSEC+Iin583sx5eYzAX/LST5+iJjhOvcCAwEAAaNTMFEwHQYDVR0OBBYEFDIUYHNbbiU61Tuw
v6GEJ+OM+eO1MB8GA1UdIwQYMBaAFDIUYHNbbiU61Tuwv6GEJ+OM+eO1MA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAI/pCiIce1EJkSu8Nt/t8C2veVE9PlKKcVTIkk7FsEBPgOeN
y0iMvJzWeunj1/oJWl2EGVPQP1WCkv2wPipFyo4q3sudzK3yeIPRBrdllCqmtIEsQ/tb+fgNbVyP
EHQ0495eQlwOk4M6YIsmFRt4czKMF2RvgorXbWRCh1enLTkLsR8M3kA82olM0IOUH1KWTLr1df27
3GgJk6sCl5TF/xEhk9fGvvabM476t8ZnCktimvjTk9+ZvH0AIGHRrlcMpPrFSIOmCLnWV0hhMZCF
K0xRJhsKMZqmQmamL1MxLOC8Wuckqw29JQxNV2LqOXZzJ8DWQpG1+y07Y/Gnq4r7FoM=</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
   <saml2p:NameIDPolicy xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
   <saml2p:RequestedAuthnContext xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
      <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.spid.gov.it/SpidL2</saml:AuthnContextClassRef>
   </saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
vincenzocorso commented 3 years ago

Ho risolto. E' necessario richiamare il metodo Signer.signObject nel metodo printAuthnRequest Il problema era dato dal fatto che gli elementi <SignatureValue/> e <DigestValue/> erano vuoti.

public String printAuthnRequest(AuthnRequest authnRequest) throws IntegrationServiceException {

  Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(authnRequest); // object to DOM converter
  Element authDOM;
  try {
      authDOM = marshaller.marshall(authnRequest);
  }
  catch (MarshallingException e) {
      log.error("printAuthnRequest :: " + e.getMessage(), e);
      throw new IntegrationServiceException(e);
  }

  /* Bisogna richiamare questo metodo */
  try {
      Signer.signObject(authnRequest.getSignature());
  } catch (SignatureException e) {
      e.printStackTrace();
  }

  // converting to a DOM
  StringWriter requestWriter = new StringWriter();
  requestWriter = new StringWriter();
  XMLHelper.writeNode(authDOM, requestWriter);
  String authnRequestString = requestWriter.toString(); // DOM to string

  return authnRequestString;

}