ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] branch master updated: Expected signature algorithm is overwriten with default in case of DSA (#11)
Date Mon, 20 Apr 2020 13:27:48 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new ee67fd8  Expected signature algorithm is overwriten with default in case of DSA (#11)
ee67fd8 is described below

commit ee67fd80db997dd1c35c924dce1400f6f35c4d1b
Author: Thomas Papke <web@thopap.de>
AuthorDate: Mon Apr 20 15:27:38 2020 +0200

    Expected signature algorithm is overwriten with default in case of DSA (#11)
    
    and EC Keys (WSS-670)
    * prevent overriding configured signature algorithm
    
    Co-authored-by: Thomas Papke <thomas.papke@icw.de>
---
 .../apache/wss4j/common/saml/SamlAssertionWrapper.java   | 16 ++++++++--------
 .../apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java    |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
index 9019bc8..b894a73 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
@@ -484,7 +484,7 @@ public class SamlAssertionWrapper {
 
         signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto,
                 sendKeyValue, defaultCanonicalizationAlgorithm,
-                defaultRSASignatureAlgorithm, defaultSignatureDigestAlgorithm);
+                null, defaultSignatureDigestAlgorithm);
     }
 
     /**
@@ -550,13 +550,13 @@ public class SamlAssertionWrapper {
         String sigAlgo = signatureAlgorithm;
         if (sigAlgo == null) {
             sigAlgo = defaultRSASignatureAlgorithm;
-        }
-        String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
-        LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
-        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
-            sigAlgo = defaultDSASignatureAlgorithm;
-        } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
-            sigAlgo = defaultECDSASignatureAlgorithm;
+            String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+            LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
+            if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+                sigAlgo = defaultDSASignatureAlgorithm;
+            } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
+                sigAlgo = defaultECDSASignatureAlgorithm;
+            }
         }
         LOG.debug("Using Signature algorithm {}", sigAlgo);
         PrivateKey privateKey;
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index 0efdc08..f2a1ca8 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -237,7 +237,7 @@ public class SamlAlgorithmSuiteTest {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
-        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);
     }


Mime
View raw message