Skip to content

Commit

Permalink
Fix #232 Make Fingerprint check case insensitive
Browse files Browse the repository at this point in the history
  • Loading branch information
@pitbulk
pitbulk committed Nov 26, 2019
1 parent e43459b commit fd80067
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
2 changes: 1 addition & 1 deletion core/src/main/java/com/onelogin/saml2/util/Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1014,7 +1014,7 @@ public static Boolean validateSignNode(Node signNode, X509Certificate cert, Stri
X509Certificate providedCert = keyInfo.getX509Certificate();
String calculatedFingerprint = calculateX509Fingerprint(providedCert, alg);
for (String fingerprintStr : fingerprint.split(",")) {
if (calculatedFingerprint.equals(fingerprintStr.trim())) {
if (calculatedFingerprint.equalsIgnoreCase(fingerprintStr.trim())) {
res = signature.checkSignatureValue(providedCert);
}
}
Expand Down
9 changes: 9 additions & 0 deletions core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1092,6 +1092,8 @@ public void testValidateSign() throws URISyntaxException, IOException, Certifica
X509Certificate cert = Util.loadCert(certString);
String fingerprint_sha1 = "afe71c28ef740bc87425be13a2263d37971da1f9";
String fingerprint_sha256 = "c51cfa06c7a49767f6eab18238eae1c56708e29264da3d11f538a12cd2c357ba";
String fingerprint_sha1_uppercase = "AFE71C28EF740BC87425BE13A2263D37971DA1F9";
String fingerprint_sha256_uppercase = "C51CFA06C7A49767F6EAB18238EAE1C56708E29264DA3D11F538A12CD2C357BA";

// Signed Response
String signedResponseStr = Util.getFileAsString("data/responses/signed_message_response.xml.base64");
Expand All @@ -1102,6 +1104,8 @@ public void testValidateSign() throws URISyntaxException, IOException, Certifica
assertTrue(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha1, null, RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha1, "SHA-1", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha256, "SHA-256", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha1_uppercase, "SHA-1", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha256_uppercase, "SHA-256", RESPONSE_SIGNATURE_XPATH));
assertFalse(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, fingerprint_sha256, "SHA-256", ASSERTION_SIGNATURE_XPATH));
assertFalse(Util.validateSign(samlSignedResponseDocument, cert, null, null, ""));
assertFalse(Util.validateSign(samlSignedResponseDocument, (X509Certificate) null, null, null, ""));
Expand All @@ -1114,6 +1118,7 @@ public void testValidateSign() throws URISyntaxException, IOException, Certifica
assertTrue(Util.validateSign(samlSignedAssertionDocument, cert, null, null, ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedAssertionDocument, (X509Certificate) null, fingerprint_sha1, null, ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedAssertionDocument, (X509Certificate) null, fingerprint_sha1, "SHA-1", ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlSignedAssertionDocument, (X509Certificate) null, fingerprint_sha1_uppercase, "SHA-1", ASSERTION_SIGNATURE_XPATH));
assertFalse(Util.validateSign(samlSignedAssertionDocument, (X509Certificate) null, fingerprint_sha1, "SHA-1", RESPONSE_SIGNATURE_XPATH));

// Double Signed Response
Expand All @@ -1127,8 +1132,12 @@ public void testValidateSign() throws URISyntaxException, IOException, Certifica
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha1, null, RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha1, "SHA-1", ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha1, "SHA-1", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha1_uppercase, "SHA-1", ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha1_uppercase, "SHA-1", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha256, "SHA-256", ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha256, "SHA-256", RESPONSE_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha256_uppercase, "SHA-256", ASSERTION_SIGNATURE_XPATH));
assertTrue(Util.validateSign(samlDoubleSignedResponseDocument, (X509Certificate) null, fingerprint_sha256_uppercase, "SHA-256", RESPONSE_SIGNATURE_XPATH));
}

/**
Expand Down

0 comments on commit fd80067

Please sign in to comment.