Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1359

JiriOndrusek · 2024-04-25T08:11:18Z

… santuario-xmlsec,ws-trust

integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java

-                this.getClass().getClassLoader().getResource("servicestore.jks").openStream(),
-                "sspass".toCharArray());
+                this.getClass().getClassLoader().getResource("myservice-keystore.jks").openStream(),
+                "myservice-keystore-password".toCharArray());


integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java

@@ -86,8 +86,8 @@
    @POST
    @Path("/{encryption}/decrypt")
    public byte[] decrypt(byte[] encrypted, @PathParam("encryption") Encryption encryption) throws Exception {
-        Key privateKey = keyStore.getKey("myservicekey", "skpass".toCharArray());
-        return encryption.decrypt(encrypted, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", privateKey);
+        Key privateKey = keyStore.getKey("myservice", "myservice-keystore-password".toCharArray());


integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java

-        X509Certificate cert = (X509Certificate) keyStore.getCertificate("myclientkey");
+                this.getClass().getClassLoader().getResource("myclient-keystore.jks").openStream(),
+                "myclient-keystore-password".toCharArray());
+        Key key = keyStore.getKey("myclient", "myclient-keystore-password".toCharArray());


integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java

-        Key key = keyStore.getKey("myclientkey", "ckpass".toCharArray());
-        X509Certificate cert = (X509Certificate) keyStore.getCertificate("myclientkey");
+                this.getClass().getClassLoader().getResource("myclient-keystore.jks").openStream(),
+                "myclient-keystore-password".toCharArray());


integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java

-                "cspass".toCharArray());
-        X509Certificate cert = (X509Certificate) keyStore.getCertificate("myclientkey");
+                this.getClass().getClassLoader().getResource("myclient-keystore.jks").openStream(),
+                "myclient-keystore-password".toCharArray());


ppalaga

Thanks @JiriOndrusek

JiriOndrusek · 2024-05-07T06:32:09Z

@ppalaga I added backport to 3.8 labe; as I think that this PR should be backorted. I'll prepare a PR.

Fixed certificate generation + algorithms to be compliant with FIPs -…

143b6c1

… santuario-xmlsec,ws-trust

github-advanced-security bot found potential problems Apr 25, 2024

View reviewed changes

ppalaga approved these changes May 6, 2024

View reviewed changes

ppalaga merged commit 3deaedf into quarkiverse:main May 6, 2024
23 of 24 checks passed

JiriOndrusek added the backport/3.8 label May 7, 2024

JiriOndrusek mentioned this pull request May 7, 2024

[3.8] Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1370

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1359

Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1359

JiriOndrusek commented Apr 25, 2024

ppalaga left a comment

JiriOndrusek commented May 7, 2024

Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1359

Several tests from WS-Trust and Santuario XML Security are failing on FIPS machine #1359

Conversation

JiriOndrusek commented Apr 25, 2024

ppalaga left a comment

Choose a reason for hiding this comment

JiriOndrusek commented May 7, 2024