Signature validation fails for some key sizes on IBM JDK.
Some tests in org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase from redhat-picketlink fail on IBM JDK.
mvn -f modules/federation test -Dtest=SAML2MultipleAssertionAndSignatureTestCase
ERROR: Error validating signature: org.picketlink.common.exceptions.ProcessingException: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure: at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:313) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:120) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:91) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.handleStatusResponseType(SAML2SignatureValidationHandler.java:58) at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.doSignatureTest(SAML2MultipleAssertionAndSignatureTestCase.java:346) at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.testSignaturesPostBindingNegativeType3(SAML2MultipleAssertionAndSignatureTestCase.java:119) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:507) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:243) at junit.framework.TestSuite.run(TestSuite.java:238) at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) Caused by: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure: at org.picketlink.common.DefaultPicketLinkLogger.signatureError(DefaultPicketLinkLogger.java:194) ... 25 more Caused by: javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256 at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:549) at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:254) at org.picketlink.identity.federation.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:518) at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:309) ... 24 more Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256 at com.ibm.crypto.provider.RSASignature.engineVerify(Unknown Source) at java.security.Signature$Delegate.engineVerify(Signature.java:1228) at java.security.Signature.verify(Signature.java:658) at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:181) at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:546) ... 27 more
Note: The tests passes with kpg.initialize(1024); on IBM JDK.
- is cloned by
-
JBEAP-4875 [QE](7.1.z) [PicketLink] Signature validation fails for some key sizes on IBM JDK (SAML2MultipleAssertionAndSignatureTestCase)
- Closed
- is incorporated by
-
JBEAP-15478 (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4
- Closed