commit 21eb481750f34e2b32583cc566a1abe2ce9e05fd
author Colm O hEigeartaigh <coheigea@apache.org> Mon Apr 20 14:51:06 2020 +0100
committer Colm O hEigeartaigh <coheigea@apache.org> Mon Apr 20 14:51:06 2020 +0100
tree 1ec590d4ba443777c1ee0173ea962356d15044af
parent ee67fd80db997dd1c35c924dce1400f6f35c4d1b

Adding Saml ECDSA SHA1 test

ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java

diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
index f2a1ca8..d6bdc7e 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
@@ -197,7 +197,7 @@
     }
 
     @Test
-    public void signWithEcdsaAlgorithm() throws Exception {
+    public void signWithEcdsaAlgorithmSHA1() throws Exception {
         crypto = CryptoFactory.getInstance("wss40.properties");
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
@@ -210,7 +210,7 @@
 
         samlAssertion.signAssertion(
             "wss40ec", "security", crypto, false,
-            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+            CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA1);
 
 
         Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -237,6 +237,52 @@
             assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
         }
 
+        algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA1);
+
+        verify(securityHeader, algorithmSuite, crypto);
+    }
+
+    @Test
+    public void signWithEcdsaAlgorithmSHA256() throws Exception {
+        crypto = CryptoFactory.getInstance("wss40.properties");
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        samlAssertion.signAssertion(
+                "wss40ec", "security", crypto, false,
+                CanonicalizationMethod.EXCLUSIVE, WSConstants.ECDSA_SHA256);
+
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+        Document signedDoc = wsSign.build(samlAssertion);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString =
+                    XMLUtils.prettyDocumentToString(signedDoc);
+            LOG.debug(outputString);
+        }
+
+        Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, null);
+        AlgorithmSuite algorithmSuite = createAlgorithmSuite();
+
+        try {
+            verify(securityHeader, algorithmSuite, crypto);
+            fail("Expected failure as C14n algorithm is not allowed");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+
         algorithmSuite.addSignatureMethod(WSConstants.ECDSA_SHA256);
 
         verify(securityHeader, algorithmSuite, crypto);