ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] 02/02: Adding Saml ECDSA SHA1 test
Date Mon, 20 Apr 2020 14:43:12 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_2_x-fixes
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit 28d9993bf0d6d032b1325227e1b774a02d425b87
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Mon Apr 20 14:51:06 2020 +0100

    Adding Saml ECDSA SHA1 test
---
 .../wss4j/dom/saml/SamlAlgorithmSuiteTest.java     | 50 +++++++++++++++++++++-
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index 393154b..8c3b6ad 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -193,7 +193,7 @@ public class SamlAlgorithmSuiteTest extends org.junit.Assert {
     }
 
     @Test
-    public void signWithEcdsaAlgorithm() throws Exception {
+    public void signWithEcdsaAlgorithmSHA1() throws Exception {
         crypto = CryptoFactory.getInstance("wss40.properties");
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
@@ -206,7 +206,7 @@ public class SamlAlgorithmSuiteTest extends org.junit.Assert {
 
         samlAssertion.signAssertion(
             "wss40ec", "security", crypto, false,
-            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA1);
 
 
         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -233,6 +233,52 @@ public class SamlAlgorithmSuiteTest extends org.junit.Assert {
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+
+        verify(securityHeader, algorithmSuite, crypto);
+    }
+
+    @Test
+    public void signWithEcdsaAlgorithmSHA256() throws Exception {
+        crypto = CryptoFactory.getInstance("wss40.properties");
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        samlAssertion.signAssertion(
+                "wss40ec", "security", crypto, false,
+                CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+        Document signedDoc = wsSign.build(samlAssertion);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString =
+                    XMLUtils.prettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+
+        Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, null);
+        AlgorithmSuite algorithmSuite = createAlgorithmSuite();
+
+        try {
+            verify(securityHeader, algorithmSuite, crypto);
+            fail("Expected failure as C14n algorithm is not allowed");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+
         algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);


Mime
View raw message