Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.2.1.CR1, 7.2.1.GA
Affects Version/s: 7.0.0.GA
Component/s: Security
Labels:
- test

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1343399
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.2.z.GA
Git Pull Request:
https://github.com/jbossas/redhat-picketlink/pull/69, https://github.com/jbossas/redhat-picketlink/commit/a81acd56d7aa214c5e11e11ebbaf16f0a2a29f79
Steps to Reproduce:

Hide

Run the tests.

Show
Run the tests.

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Signature validation fails for some key sizes on IBM JDK.

Some tests in org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase from redhat-picketlink fail on IBM JDK.

mvn -f modules/federation test -Dtest=SAML2MultipleAssertionAndSignatureTestCase

ERROR: Error validating signature:
org.picketlink.common.exceptions.ProcessingException: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:313)
	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:120)
	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:91)
	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.handleStatusResponseType(SAML2SignatureValidationHandler.java:58)
	at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.doSignatureTest(SAML2MultipleAssertionAndSignatureTestCase.java:346)
	at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.testSignaturesPostBindingNegativeType3(SAML2MultipleAssertionAndSignatureTestCase.java:119)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at junit.framework.TestCase.runTest(TestCase.java:168)
	at junit.framework.TestCase.runBare(TestCase.java:134)
	at junit.framework.TestResult$1.protect(TestResult.java:110)
	at junit.framework.TestResult.runProtected(TestResult.java:128)
	at junit.framework.TestResult.run(TestResult.java:113)
	at junit.framework.TestCase.run(TestCase.java:124)
	at junit.framework.TestSuite.runTest(TestSuite.java:243)
	at junit.framework.TestSuite.run(TestSuite.java:238)
	at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)
	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
Caused by: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
	at org.picketlink.common.DefaultPicketLinkLogger.signatureError(DefaultPicketLinkLogger.java:194)
	... 25 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:549)
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:254)
	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:518)
	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:309)
	... 24 more
Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256
	at com.ibm.crypto.provider.RSASignature.engineVerify(Unknown Source)
	at java.security.Signature$Delegate.engineVerify(Signature.java:1228)
	at java.security.Signature.verify(Signature.java:658)
	at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:181)
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:546)
	... 27 more

Note: The tests passes with kpg.initialize(1024); on IBM JDK.

is cloned by

JBEAP-4875 [QE](7.1.z) [PicketLink] Signature validation fails for some key sizes on IBM JDK (SAML2MultipleAssertionAndSignatureTestCase)

Closed

is incorporated by

JBEAP-15478 (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4

Closed

Assignee:: Ilia Vassilev

Reporter:: Ilia Vassilev

Tester:: Ondrej Kotek

QA Contact:: Ondrej Kotek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2018/09/19 9:52 AM

Updated:: 2024/09/02 3:29 PM

Resolved:: 2019/01/17 9:21 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates