Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4875

[QE](7.1.z) [PicketLink] Signature validation fails for some key sizes on IBM JDK (SAML2MultipleAssertionAndSignatureTestCase)

XMLWordPrintable

      Signature validation fails for some key sizes on IBM JDK.

      Some tests in org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase from redhat-picketlink fail on IBM JDK.

      mvn -f modules/federation test -Dtest=SAML2MultipleAssertionAndSignatureTestCase

      ERROR: Error validating signature:
      org.picketlink.common.exceptions.ProcessingException: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
      	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:313)
      	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:120)
      	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:91)
      	at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.handleStatusResponseType(SAML2SignatureValidationHandler.java:58)
      	at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.doSignatureTest(SAML2MultipleAssertionAndSignatureTestCase.java:346)
      	at org.picketlink.test.identity.federation.web.saml.handlers.SAML2MultipleAssertionAndSignatureTestCase.testSignaturesPostBindingNegativeType3(SAML2MultipleAssertionAndSignatureTestCase.java:119)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
      	at java.lang.reflect.Method.invoke(Method.java:507)
      	at junit.framework.TestCase.runTest(TestCase.java:168)
      	at junit.framework.TestCase.runBare(TestCase.java:134)
      	at junit.framework.TestResult$1.protect(TestResult.java:110)
      	at junit.framework.TestResult.runProtected(TestResult.java:128)
      	at junit.framework.TestResult.run(TestResult.java:113)
      	at junit.framework.TestCase.run(TestCase.java:124)
      	at junit.framework.TestSuite.runTest(TestSuite.java:243)
      	at junit.framework.TestSuite.run(TestSuite.java:238)
      	at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83)
      	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)
      	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
      	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)
      	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)
      	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)
      	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
      Caused by: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
      	at org.picketlink.common.DefaultPicketLinkLogger.signatureError(DefaultPicketLinkLogger.java:194)
      	... 25 more
      Caused by: javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256
      	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:549)
      	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:254)
      	at org.picketlink.identity.federation.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:518)
      	at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:309)
      	... 24 more
      Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256
      	at com.ibm.crypto.provider.RSASignature.engineVerify(Unknown Source)
      	at java.security.Signature$Delegate.engineVerify(Signature.java:1228)
      	at java.security.Signature.verify(Signature.java:658)
      	at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:181)
      	at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:546)
      	... 27 more
      

      Note: The tests passes with kpg.initialize(1024); on IBM JDK.

              jondruse@redhat.com Jiri Ondrusek
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: