[ws-wss4j] branch master updated: Expected signature algorithm is overwriten with default in case of DSA (#11)

coheigea Mon, 20 Apr 2020 06:28:25 -0700

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git



The following commit(s) were added to refs/heads/master by this push:
     new ee67fd8  Expected signature algorithm is overwriten with default in 
case of DSA (#11)
ee67fd8 is described below

commit ee67fd80db997dd1c35c924dce1400f6f35c4d1b
Author: Thomas Papke <w...@thopap.de>
AuthorDate: Mon Apr 20 15:27:38 2020 +0200

    Expected signature algorithm is overwriten with default in case of DSA (#11)
    
    and EC Keys (WSS-670)
    * prevent overriding configured signature algorithm
    
    Co-authored-by: Thomas Papke <thomas.pa...@icw.de>
---
 .../apache/wss4j/common/saml/SamlAssertionWrapper.java   | 16 ++++++++--------
 .../apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java    |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git 
a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
index 9019bc8..b894a73 100644
--- 
a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
+++ 
b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
@@ -484,7 +484,7 @@ public class SamlAssertionWrapper {
 
         signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto,
                 sendKeyValue, defaultCanonicalizationAlgorithm,
-                defaultRSASignatureAlgorithm, defaultSignatureDigestAlgorithm);
+                null, defaultSignatureDigestAlgorithm);
     }
 
     /**
@@ -550,13 +550,13 @@ public class SamlAssertionWrapper {
         String sigAlgo = signatureAlgorithm;
         if (sigAlgo == null) {
             sigAlgo = defaultRSASignatureAlgorithm;
-        }
-        String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
-        LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
-        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
-            sigAlgo = defaultDSASignatureAlgorithm;
-        } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
-            sigAlgo = defaultECDSASignatureAlgorithm;
+            String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+            LOG.debug("automatic sig algo detection: {}", pubKeyAlgo);
+            if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+                sigAlgo = defaultDSASignatureAlgorithm;
+            } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
+                sigAlgo = defaultECDSASignatureAlgorithm;
+            }
         }
         LOG.debug("Using Signature algorithm {}", sigAlgo);
         PrivateKey privateKey;
diff --git 
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
 
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index 0efdc08..f2a1ca8 100644
--- 
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ 
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -237,7 +237,7 @@ public class SamlAlgorithmSuiteTest {
             assertTrue(ex.getErrorCode() == 
WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
-        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);
     }

[ws-wss4j] branch master updated: Expected signature algorithm is overwriten with default in case of DSA (#11)

Reply via email to