You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/04/20 13:52:42 UTC
[ws-wss4j] branch master updated: Adding Saml ECDSA SHA1 test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 21eb481 Adding Saml ECDSA SHA1 test
21eb481 is described below
commit 21eb481750f34e2b32583cc566a1abe2ce9e05fd
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Apr 20 14:51:06 2020 +0100
Adding Saml ECDSA SHA1 test
---
.../wss4j/dom/saml/SamlAlgorithmSuiteTest.java | 50 +++++++++++++++++++++-
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index f2a1ca8..d6bdc7e 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -197,7 +197,7 @@ public class SamlAlgorithmSuiteTest {
}
@Test
- public void signWithEcdsaAlgorithm() throws Exception {
+ public void signWithEcdsaAlgorithmSHA1() throws Exception {
crypto = CryptoFactory.getInstance("wss40.properties");
SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
@@ -210,7 +210,7 @@ public class SamlAlgorithmSuiteTest {
samlAssertion.signAssertion(
"wss40ec", "security", crypto, false,
- CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+ CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA1);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -237,6 +237,52 @@ public class SamlAlgorithmSuiteTest {
assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
}
+ algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+
+ verify(securityHeader, algorithmSuite, crypto);
+ }
+
+ @Test
+ public void signWithEcdsaAlgorithmSHA256() throws Exception {
+ crypto = CryptoFactory.getInstance("wss40.properties");
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+ callbackHandler.setIssuer("www.example.com");
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+ samlAssertion.signAssertion(
+ "wss40ec", "security", crypto, false,
+ CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+ Document signedDoc = wsSign.build(samlAssertion);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+
+ Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, null);
+ AlgorithmSuite algorithmSuite = createAlgorithmSuite();
+
+ try {
+ verify(securityHeader, algorithmSuite, crypto);
+ fail("Expected failure as C14n algorithm is not allowed");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+
algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
verify(securityHeader, algorithmSuite, crypto);