ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] branch master updated: Adding Saml ECDSA SHA1 test
Date Mon, 20 Apr 2020 13:52:42 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new 21eb481  Adding Saml ECDSA SHA1 test
21eb481 is described below

commit 21eb481750f34e2b32583cc566a1abe2ce9e05fd
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Mon Apr 20 14:51:06 2020 +0100

    Adding Saml ECDSA SHA1 test
---
 .../wss4j/dom/saml/SamlAlgorithmSuiteTest.java     | 50 +++++++++++++++++++++-
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index f2a1ca8..d6bdc7e 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -197,7 +197,7 @@ public class SamlAlgorithmSuiteTest {
     }
 
     @Test
-    public void signWithEcdsaAlgorithm() throws Exception {
+    public void signWithEcdsaAlgorithmSHA1() throws Exception {
         crypto = CryptoFactory.getInstance("wss40.properties");
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
@@ -210,7 +210,7 @@ public class SamlAlgorithmSuiteTest {
 
         samlAssertion.signAssertion(
             "wss40ec", "security", crypto, false,
-            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA1);
 
 
         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -237,6 +237,52 @@ public class SamlAlgorithmSuiteTest {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+
+        verify(securityHeader, algorithmSuite, crypto);
+    }
+
+    @Test
+    public void signWithEcdsaAlgorithmSHA256() throws Exception {
+        crypto = CryptoFactory.getInstance("wss40.properties");
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        samlAssertion.signAssertion(
+                "wss40ec", "security", crypto, false,
+                CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+        Document signedDoc = wsSign.build(samlAssertion);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString =
+                    XMLUtils.prettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+
+        Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, null);
+        AlgorithmSuite algorithmSuite = createAlgorithmSuite();
+
+        try {
+            verify(securityHeader, algorithmSuite, crypto);
+            fail("Expected failure as C14n algorithm is not allowed");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+
         algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);


Mime
View raw message