On 06/01/2012 01:28 PM, David Wall wrote:
Not sure who to ask, but is there a list of supported canonicalization methods?
I'm not sure if it is documented anywhere, but the config.xml file in the source code lists all of the supported CanonicalizationMethod algorithms. See:
http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?view=markup
How about for Java 6's XML Digital Signature code?
For Oracle JDK 6: http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#XMLDSigProvider
There are only the two include/exclusive versions defined in javax.xml.crypto.dsig CanonicalizationMethod (each with/without comments) that are basically like: http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Is there a way to use the latest, like "http://www.w3.org/TR/xml-c14n11"; or "http://www.w3.org/TR/2008/REC-xml-c14n11-20080502";? I gave these a try on Java 6 and they were not found, so not sure if I have the wrong literals or they are not supported. Is anything supported more than those defined in CanonicalizationMethod? I found that I could use RSA_SHA512 SignatureMethod with "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; even though it's not defined as a constant in there either.
Oracle's JDK 6 does support some of the stronger SHA (256, 384, 512) algorithms but does not support C14N 1.1. You will have to upgrade to JDK 7, or you can try using the latest Apache Santuario provider with JDK 6. (You may need to register it in your java.security file or invoke it using the provider name).
--Sean
