0

i am trying to decode a SAML request using my java code, and i get an 'incorrect header check error'. my code for decoding the request is:

public static String decode(String encSAMLRequest){
    String ret = null;

    SamlRequest samlRequest = null; //the xml is compressed (deflate) and encoded (base64)
    byte[] decodedBytes = null;
    try { 
        decodedBytes = new Base64().decode(encSAMLRequest.getBytes("UTF-8"));
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    try {
        //try DEFLATE (rfc 1951) -- according to SAML spec
        ret = new String(inflate(decodedBytes, true));
        //return new SamlRequest(new String(inflate(decodedBytes, true)));
    } catch (Exception ze) {
        //try zlib (rfc 1950) -- initial impl didn't realize java docs are wrong
        try {
            System.out.println(new String(inflate(decodedBytes, false)));
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        //return new SamlRequest(new String(inflate(decodedBytes, false)));
    }
    return ret;
}


private static byte[] inflate(byte[] bytes, boolean nowrap) throws Exception {

    Inflater decompressor = null;
    InflaterInputStream decompressorStream = null;
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    try {
        decompressor = new Inflater(nowrap);
        decompressorStream = new InflaterInputStream(new ByteArrayInputStream(bytes), 
          decompressor);
        byte[] buf = new byte[1024];
        int count;
        while ((count = decompressorStream.read(buf)) != -1) {
            out.write(buf, 0, count);
        }
        return out.toByteArray();
    } finally {
        if (decompressor != null) {
            decompressor.end();
        }
        try {
            if (decompressorStream != null) {
                decompressorStream.close();
            }
         } catch (IOException ioe) {
             /*ignore*/
         }
         try {
             if (out != null) {
                 out.close();
             }
         } catch (IOException ioe) {
             /*ignore*/
         }
      }
   }

I intend to decode this: PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzk2Zjk2MjFjLWY4ZWYtNDliNS05OTZhLWNlYmRhMGRiOTcxZSIgSXNzdWVJbnN0YW50PSIyMDE0LTA2LTI0VDA2OjA1OjU2WiIgVmVyc2lvbj0iMi4wIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VJbmRleD0iMCIgPjxzYW1sOklzc3Vlcj51cm46ZmVkZXJhdGlvbjpNaWNyb3NvZnRPbmxpbmU8L3NhbWw6SXNzdWVyPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDpwZXJzaXN0ZW50Ii8+PC9zYW1scDpBdXRoblJlcXVlc3Q+"

The request after decoding should be something like:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_7171b0b2-19f2-4ba2-8f94-24b5e56b7f1e" IssueInstant="2014-01-30T16:18:35Z" Version="2.0" AssertionConsumerServiceIndex="0" >
  <saml:Issuer>urn:federation:MicrosoftOnline</saml:Issuer>
  <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</samlp:AuthnRequest>

when i decode using this tool, i get the correct request XML. what can i do in my code to get the correct SAML Request XML?

Gaurav Sood
  • 680
  • 4
  • 17
  • 38

1 Answers1

2

Your string to decode isn't compressed. If you simply base64-decode it you'll see the XML you're looking for. For example

echo "PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzk2Zjk2MjFjLWY4ZWYtNDliNS05OTZhLWNlYmRhMGRiOTcxZSIgSXNzdWVJbnN0YW50PSIyMDE0LTA2LTI0VDA2OjA1OjU2WiIgVmVyc2lvbj0iMi4wIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VJbmRleD0iMCIgPjxzYW1sOklzc3Vlcj51cm46ZmVkZXJhdGlvbjpNaWNyb3NvZnRPbmxpbmU8L3NhbWw6SXNzdWVyPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDpwZXJzaXN0ZW50Ii8+PC9zYW1scDpBdXRoblJlcXVlc3Q+" | base64 -d

There's what looks like a fairly comprehensive explanation of how thing actually work over at: Python: Inflate and Deflate implementations

Community
  • 1
  • 1
Eric
  • 5,137
  • 4
  • 34
  • 31