ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] 01/02: Expected signature algorithm is overwriten with default in case of DSA (#11)
Date Mon, 20 Apr 2020 14:43:11 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_2_x-fixes
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit 3c97792850bf14f79419fc5e9fc8d9e555e9b807
Author: Thomas Papke <web@thopap.de>
AuthorDate: Mon Apr 20 15:27:38 2020 +0200

    Expected signature algorithm is overwriten with default in case of DSA (#11)
    
    and EC Keys (WSS-670)
    * prevent overriding configured signature algorithm
    
    Co-authored-by: Thomas Papke <thomas.papke@icw.de>
---
 .../apache/wss4j/common/saml/SamlAssertionWrapper.java   | 16 ++++++++--------
 .../apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java    |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
index bc120ac..0657a48 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
@@ -484,7 +484,7 @@ public class SamlAssertionWrapper {
 
         signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto,
                 sendKeyValue, defaultCanonicalizationAlgorithm,
-                defaultRSASignatureAlgorithm, defaultSignatureDigestAlgorithm);
+                null, defaultSignatureDigestAlgorithm);
     }
 
     /**
@@ -550,13 +550,13 @@ public class SamlAssertionWrapper {
         String sigAlgo = signatureAlgorithm;
         if (sigAlgo == null) {
             sigAlgo = defaultRSASignatureAlgorithm;
-        }
-        String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
-        LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
-        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
-            sigAlgo = defaultDSASignatureAlgorithm;
-        } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
-            sigAlgo = defaultECDSASignatureAlgorithm;
+            String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+            LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
+            if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+                sigAlgo = defaultDSASignatureAlgorithm;
+            } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
+                sigAlgo = defaultECDSASignatureAlgorithm;
+            }
         }
         LOG.debug("Using Signature algorithm {}", sigAlgo);
         PrivateKey privateKey;
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index 75f54cb..393154b 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -233,7 +233,7 @@ public class SamlAlgorithmSuiteTest extends org.junit.Assert {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
-        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);
     }


Mime
View raw message