Merge pull request #293 from rolandorh/configure_digest_algorithm_from_file

Read digest algorithm from configuration

Author: pitbulk

core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java

@@ -98,6 +98,7 @@ public class SettingsBuilder {
 	public final static String SECURITY_REQUESTED_AUTHNCONTEXTCOMPARISON = "onelogin.saml2.security.requested_authncontextcomparison";
 	public final static String SECURITY_WANT_XML_VALIDATION = "onelogin.saml2.security.want_xml_validation";
 	public final static String SECURITY_SIGNATURE_ALGORITHM = "onelogin.saml2.security.signature_algorithm";
+	public final static String SECURITY_DIGEST_ALGORITHM = "onelogin.saml2.security.digest_algorithm";
 	public final static String SECURITY_REJECT_UNSOLICITED_RESPONSES_WITH_INRESPONSETO = "onelogin.saml2.security.reject_unsolicited_responses_with_inresponseto";
 	public final static String SECURITY_ALLOW_REPEAT_ATTRIBUTE_NAME_PROPERTY_KEY = "onelogin.saml2.security.allow_duplicated_attribute_name";
 
@@ -216,7 +217,7 @@ public SettingsBuilder fromValues(Map<String, Object> samlData, KeyStoreSettings
 	/**
 	 * Builds the Saml2Settings object. Read the Properties object and set all the
 	 * SAML settings
-	 * 
+	 *
 	 * @return the Saml2Settings object with all the SAML settings loaded
 	 *
 	 */
@@ -365,6 +366,10 @@ private void loadSecuritySetting() {
 		if (signatureAlgorithm != null && !signatureAlgorithm.isEmpty())
 			saml2Setting.setSignatureAlgorithm(signatureAlgorithm);
 
+		String digestAlgorithm = loadStringProperty(SECURITY_DIGEST_ALGORITHM);
+		if (digestAlgorithm != null && !digestAlgorithm.isEmpty())
+			saml2Setting.setDigestAlgorithm(digestAlgorithm);
+
 		Boolean rejectUnsolicitedResponsesWithInResponseTo = loadBooleanProperty(SECURITY_REJECT_UNSOLICITED_RESPONSES_WITH_INRESPONSETO);
 		if (rejectUnsolicitedResponsesWithInResponseTo != null) {
 			saml2Setting.setRejectUnsolicitedResponsesWithInResponseTo(rejectUnsolicitedResponsesWithInResponseTo);

core/src/test/java/com/onelogin/saml2/test/settings/Saml2SettingsTest.java

@@ -299,7 +299,7 @@ public void testGetSPMetadataSigned() throws Exception {
 		assertEquals(Constants.C14NEXC, ds_signature_metadata.getFirstChild().getFirstChild().getAttributes().getNamedItem("Algorithm").getNodeValue());
 
 		assertEquals(Constants.RSA_SHA512, ds_signature_metadata.getFirstChild().getFirstChild().getNextSibling().getAttributes().getNamedItem("Algorithm").getNodeValue());
-		assertEquals(Constants.SHA1, ds_signature_metadata.getFirstChild().getFirstChild().getNextSibling().getNextSibling().getFirstChild().getNextSibling().getAttributes().getNamedItem("Algorithm").getNodeValue());
+		assertEquals(Constants.SHA512, ds_signature_metadata.getFirstChild().getFirstChild().getNextSibling().getNextSibling().getFirstChild().getNextSibling().getAttributes().getNamedItem("Algorithm").getNodeValue());
 
 		assertEquals("md:SPSSODescriptor", metadataDoc.getDocumentElement().getFirstChild().getNextSibling().getNodeName());
 

core/src/test/java/com/onelogin/saml2/test/settings/SettingBuilderTest.java

@@ -158,6 +158,7 @@ public void testLoadFromFileEmpty() throws IOException, CertificateException, UR
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting.getDigestAlgorithm());
 		assertFalse(setting.getSignMetadata());
 
 		assertNull(setting.getOrganization());
@@ -213,6 +214,7 @@ public void testLoadFromFileMinProp() throws IOException, CertificateException,
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting.getDigestAlgorithm());
 		assertFalse(setting.getSignMetadata());
 
 		assertNull(setting.getOrganization());
@@ -273,6 +275,7 @@ public void testLoadFromFileAllProp() throws IOException, CertificateException,
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA512, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA512, setting.getDigestAlgorithm());
 		assertTrue(setting.getSignMetadata());
 
 		Organization org = new Organization("SP Java", "SP Java Example", "http://sp.example.com");
@@ -338,6 +341,7 @@ public void testLoadFromFileCertString() throws IOException, CertificateExceptio
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting.getDigestAlgorithm());
 		assertFalse(setting.getSignMetadata());
 
 		Organization org = new Organization("SP Java", "SP Java Example", "http://sp.example.com");
@@ -392,6 +396,7 @@ public void testLoadFromFileContactString() throws IOException, CertificateExcep
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting.getDigestAlgorithm());
 		assertFalse(setting.getSignMetadata());
 
 		Organization org = new Organization("SP Java", "SP Java Example", "http://sp.example.com");
@@ -504,6 +509,7 @@ public void testLoadFromFileSomeEmptyProp() throws IOException, CertificateExcep
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting.getDigestAlgorithm());
 		assertTrue(setting.getSignMetadata());
 
 		assertNull(setting.getOrganization());
@@ -560,6 +566,7 @@ public void testLoadFromFileDifferentProp() throws IOException, CertificateExcep
 		assertEquals("minimum", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA512, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA512, setting.getDigestAlgorithm());
 		assertTrue(setting.getSignMetadata());
 
 		Organization org = new Organization("SP Java", "", "");
@@ -652,6 +659,7 @@ public void testFromProperties() throws IOException, Error, CertificateException
 		assertEquals("exact", setting2.getRequestedAuthnContextComparison());
 		assertTrue(setting2.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA1, setting2.getSignatureAlgorithm());
+		assertEquals(Constants.SHA1, setting2.getDigestAlgorithm());
 		assertFalse(setting2.getSignMetadata());
 
 		assertNull(setting2.getOrganization());
@@ -713,6 +721,7 @@ public void testLoadFromValues() throws Exception {
 		samlData.put(SECURITY_REQUESTED_AUTHNCONTEXTCOMPARISON, "exact");
 		samlData.put(SECURITY_WANT_XML_VALIDATION, "true");
 		samlData.put(SECURITY_SIGNATURE_ALGORITHM, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
+		samlData.put(SECURITY_DIGEST_ALGORITHM, "http://www.w3.org/2001/04/xmlenc#sha512");
 
 		// Compress
 		samlData.put(COMPRESS_REQUEST, "false");
@@ -777,6 +786,7 @@ public void testLoadFromValues() throws Exception {
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA512, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA512, setting.getDigestAlgorithm());
 		assertTrue(setting.getSignMetadata());
 		assertFalse(setting.getWantNameId());
 
@@ -868,6 +878,7 @@ public void testLoadFromValuesWithObjects() throws Exception {
 		samlData.put(SECURITY_REQUESTED_AUTHNCONTEXTCOMPARISON, "exact");
 		samlData.put(SECURITY_WANT_XML_VALIDATION, true);
 		samlData.put(SECURITY_SIGNATURE_ALGORITHM, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
+		samlData.put(SECURITY_DIGEST_ALGORITHM, "http://www.w3.org/2001/04/xmlenc#sha512");
 
 		// Compress
 		samlData.put(COMPRESS_REQUEST, "false");
@@ -924,6 +935,7 @@ public void testLoadFromValuesWithObjects() throws Exception {
 		assertEquals("exact", setting.getRequestedAuthnContextComparison());
 		assertTrue(setting.getWantXMLValidation());
 		assertEquals(Constants.RSA_SHA512, setting.getSignatureAlgorithm());
+		assertEquals(Constants.SHA512, setting.getDigestAlgorithm());
 		assertTrue(setting.getSignMetadata());
 		assertFalse(setting.getWantNameId());
 

core/src/test/resources/config/config.adfs.properties

@@ -36,7 +36,7 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe
 onelogin.saml2.sp.x509cert = -----BEGIN CERTIFICATE-----MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo-----END CERTIFICATE-----
 
 
-# Requires Format PKCS#8   BEGIN PRIVATE KEY	     
+# Requires Format PKCS#8   BEGIN PRIVATE KEY
 # If you have     PKCS#1   BEGIN RSA PRIVATE KEY  convert it by   openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem
 onelogin.saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9LcGorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6wsKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786UlujTvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXBBgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6RnfdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi+ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXzVYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRXEouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKCUn0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x9+QU/vJr7lMLzdoy-----END PRIVATE KEY-----
 
@@ -124,6 +124,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java 
 onelogin.saml2.organization.displayname = SP Java Example

core/src/test/resources/config/config.all.properties

@@ -130,12 +130,12 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
-# Algorithm that the toolkit will use on signing process. Options:
-# 'http://www.w3.org/2000/09/xmldsig#sha1'
-# 'http://www.w3.org/2001/04/xmlenc#sha256'
-# 'http://www.w3.org/2001/04/xmldsig-more#sha384'
-# 'http://www.w3.org/2001/04/xmlenc#sha512'
-onelogin.saml2.security.digest_algorithm = http://www.w3.org/2000/09/xmldsig#sha1
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
 
 # Organization
 onelogin.saml2.organization.name = SP Java 

core/src/test/resources/config/config.allowduplicatednames.properties

@@ -127,6 +127,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java 
 onelogin.saml2.organization.displayname = SP Java Example

core/src/test/resources/config/config.different.properties

@@ -127,6 +127,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java
 

core/src/test/resources/config/config.knownIdpPrivateKey.properties

@@ -131,6 +131,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java
 onelogin.saml2.organization.displayname = SP Java Example

core/src/test/resources/config/config.my.properties

@@ -124,6 +124,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java 
 onelogin.saml2.organization.displayname = SP Java Example

core/src/test/resources/config/config.mywithmulticert.properties

@@ -126,6 +126,13 @@ onelogin.saml2.security.want_xml_validation = true
 #  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
 onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
 
+# Algorithm that the toolkit will use on digest process. Options:
+#  'http://www.w3.org/2000/09/xmldsig#sha1'
+#  'http://www.w3.org/2001/04/xmlenc#sha256'
+#  'http://www.w3.org/2001/04/xmldsig-more#sha384'
+#  'http://www.w3.org/2001/04/xmlenc#sha512'
+onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha512
+
 # Organization
 onelogin.saml2.organization.name = SP Java 
 onelogin.saml2.organization.displayname = SP Java Example