Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4866

(7.4.z) [PicketLink] SignatureValidationUnitTestCase fails on IBM JDK

XMLWordPrintable

      Some tests in org.picketlink.test.identity.federation.api.saml.v2.SignatureValidationUnitTestCase from redhat-picketlink fails on IBM JDK.

      mvn -f modules/federation test -Dtest=SignatureValidationUnitTestCase

      javax.xml.crypto.dsig.XMLSignatureException: java.io.IOException: Invalid ASN.1 format of DSA signature
	at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:230)
	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:399)
	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.signImpl(XMLSignatureUtil.java:741)
	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:473)
	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:216)
	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:150)
	at org.picketlink.test.identity.federation.api.saml.v2.SignatureValidationUnitTestCase.testAuthnRequestCreationWithSignature(SignatureValidationUnitTestCase.java:84)
...

      Note: in the tests, using RSA instead of DSA works for IBM JDK.

            [JBEAP-4866] (7.4.z) [PicketLink] SignatureValidationUnitTestCase fails on IBM JDK

            Panagiotis Sotiropoulos added a comment -

            Verified with 7.4.6.GA-CR1 (I had to download ws-policy.xsd and modify its shema location in ws-trust.xsd, but the testcase passes)
             

            Panagiotis Sotiropoulos added a comment - Verified with 7.4.6.GA-CR1 (I had to download ws-policy.xsd and modify its shema location in ws-trust.xsd, but the testcase passes)  

            Ondrej Kotek added a comment -

            dcihak@redhat.com, the failure you described affects all the combinations, not just IBM JDK. It's possibly caused by something like JBEAP-4499.

            Ondrej Kotek added a comment - dcihak@redhat.com , the failure you described affects all the combinations, not just IBM JDK. It's possibly caused by something like JBEAP-4499 .

            Daniel Cihak added a comment - - edited

            thjenkin@redhat.com okotek@redhat.com Test currently fails on java.lang.RuntimeException: PL00092: Null Value:schema on IBM JDK during the 7.4.4.GA-CR1 test run.

            Daniel Cihak added a comment - - edited thjenkin@redhat.com okotek@redhat.com Test currently fails on java.lang.RuntimeException: PL00092: Null Value:schema on IBM JDK during the 7.4.4.GA-CR1 test run .

            Ondrej Kotek added a comment -

            pmackay@redhat.comdcihak@redhat.com, can you have a look please?

            Ondrej Kotek added a comment - pmackay@redhat.com ,  dcihak@redhat.com , can you have a look please?

            Tom Jenkinson added a comment -

            okotek@redhat.com - please can you confirm if this affects EAP 7.4.z still?

            Tom Jenkinson added a comment - okotek@redhat.com - please can you confirm if this affects EAP 7.4.z still?

            RH Bugzilla Integration added a comment -

            Carlo de Wolf <cdewolf@redhat.com> changed the Status of bug 1343363 from NEW to CLOSED

            RH Bugzilla Integration added a comment - Carlo de Wolf <cdewolf@redhat.com> changed the Status of bug 1343363 from NEW to CLOSED

            Pedro Igor Craveiro added a comment -

            No, I have figure out that there is an issue with the current version of xmlsec (santuario) we are using. If we change to:

            dependency>
      <groupId>org.apache.santuario</groupId>
      <artifactId>xmlsec</artifactId>
      <version>2.0.8</version>
    </dependency>

            Everything works fine. Going to send a PR changing, where 2.08 is the version used today in EAP.

            Pedro Igor Craveiro added a comment - No, I have figure out that there is an issue with the current version of xmlsec (santuario) we are using. If we change to: dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> <version>2.0.8</version> </dependency> Everything works fine. Going to send a PR changing, where 2.08 is the version used today in EAP.

            Ondrej Kotek added a comment -

            I do not know about any customer case related to this.

            Does it mean that DSA cannot be used with PicketLink signing on IBM JDK?

            Ondrej Kotek added a comment - I do not know about any customer case related to this. Does it mean that DSA cannot be used with PicketLink signing on IBM JDK?

            Pedro Igor Craveiro added a comment -

            Can we just change tests to use RSA for this one ? Or this issue is also related with any customer using DSA ?

            Pedro Igor Craveiro added a comment - Can we just change tests to use RSA for this one ? Or this issue is also related with any customer using DSA ?

              rhn-support-ivassile Ilia Vassilev
              okotek@redhat.com Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: