Signature verification exception on Java 7

Description

Some IdPs experience signature verification exceptions in Shibboleth IdP.

Java 7 may raise an exception when it try to verify the data with the certificate of different key length.
If an SP has two certificates for signing in metadata, one with 1024bit key and the other with 2048bit, and also if the SP signs AuthnRequest, Java 7 occasionally seems to produce SignatureException and Shibboleth IdP does not catch it properly.

IdP should verify the signature with both certificates but the exception prevents it.

Log:
1:19:57.770 - ERROR [org.opensaml.xml.security.SigningUtil:250] - Error during signature verification java.security.SignatureException: Signature length not correct: got 256 but was expecting 128

Environment

Java 7

Activity

Scott Cantor February 11, 2013 at 4:01 PM

Fixed in r789

Fixed

Details

Assignee

Reporter

Components

Fix versions

Created January 30, 2013 at 8:39 PM
Updated August 4, 2021 at 9:24 PM
Resolved February 11, 2013 at 4:01 PM