0 Replies Latest reply on Jul 27, 2018 4:34 AM by vinay abhyankar

    sha256 Signature encoding error

    vinay abhyankar Newbie

      Hi All,

       

      I am installed/created the keystore file with Signature algorithm name: SHA256withRSA . But getting the below error from IDP side.

       

      Caused by: java.security.SignatureException: Signature encoding error

              at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:204)

              at java.security.Signature$Delegate.engineVerify(Signature.java:1219)

              at java.security.Signature.verify(Signature.java:652)

              at org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil.validate(SignatureUtil.java:141)

              at org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil.validateSignature(RedirectBindingSignatureUtil.java:238)

              at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyRedirectBindingSignature(SAML2SignatureValidationHandler.java:172)

              ... 38 more

      Caused by: java.io.IOException: ObjectIdentifier mismatch: 2.16.840.1.101.3.4.2.1

              at sun.security.rsa.RSASignature.decodeSignature(RSASignature.java:237)

              at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:195)

       

      That is due to the below lines in org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil class getSignature() method

       

      if ("DSA".equalsIgnoreCase(algo)) {

                  sig = Signature.getInstance(PicketLinkFederationConstants.DSA_SIGNATURE_ALGORITHM);

              } else if ("RSA".equalsIgnoreCase(algo)) {

                  sig = Signature.getInstance(PicketLinkFederationConstants.RSA_SIGNATURE_ALGORITHM); //SHA1withRSA

              }

       

      Because as I explained earlier I have created the keystore with SHA256withRSA so the keyalg RSA. But the above code is setting the Signature as SHA1withRSA even though it is SHA256withRSA.

       

      Can you please fix this ASAP if possible. We got stuck up due to this.

       

       

       

      Regards,

      Vinay