[
https://issues.apache.org/jira/browse/WSS-258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-258.
-----------------------------------
> Newer version of SecureConversation not recognised for derived key algorithm
> ----------------------------------------------------------------------------
>
> Key: WSS-258
> URL: https://issues.apache.org/jira/browse/WSS-258
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.10
> Reporter: Steve Jones
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6, 1.5.11
>
>
> The algorithm factory
> "org.apache.ws.security.conversation.dkalgo.AlgoFactory" only recognises the
> algorithm:
> http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
> It should also recognise the p_sha1 algorithm from the more recent version of
> WS-SecureConversation:
> http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1
> Derived keys will work with the more recent version as long as the algorithm
> is omitted.
> Here's an example of a token that won't work due to the new algorithm:
> <wssc:DerivedKeyToken
>
> wssc:Algorithm="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1";
> wsu:Id="DerivedKey-Enc-4-2aab8c8e7dcbb5783588ab810c3d8b77"
> xmlns:wssc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";>
> <wsse:SecurityTokenReference>
> <wsse:KeyIdentifier
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";>Y55P46dTEkU3kk4LKsY16NXwRJ0=</wsse:KeyIdentifier>
> </wsse:SecurityTokenReference>
> <wssc:Generation>0</wssc:Generation>
> <wssc:Length>16</wssc:Length>
> <wssc:Label>DerivedKey</wssc:Label>
> <wssc:Nonce>A5c4yKeiuHrOeVq3kcMpMA==</wssc:Nonce>
> </wssc:DerivedKeyToken>
> The associated error is:
> Caused by: java.lang.RuntimeException: Undefined 'No such algorithm' resource
> property
> at
> org.apache.ws.security.conversation.ConversationException.getMessage(ConversationException.java:94)
> at
> org.apache.ws.security.conversation.ConversationException.<init>(ConversationException.java:47)
> at
> org.apache.ws.security.conversation.ConversationException.<init>(ConversationException.java:70)
> at
> org.apache.ws.security.conversation.dkalgo.AlgoFactory.getInstance(AlgoFactory.java:42)
> at
> org.apache.ws.security.processor.DerivedKeyTokenProcessor.deriveKey(DerivedKeyTokenProcessor.java:101)
> ... 35 more
> Caused by: java.util.MissingResourceException: Can't find resource for bundle
> java.util.PropertyResourceBundle, key No such algorithm
> at java.util.ResourceBundle.getObject(ResourceBundle.java:374)
> at java.util.ResourceBundle.getString(ResourceBundle.java:334)
> at
> org.apache.ws.security.conversation.ConversationException.getMessage(ConversationException.java:92)
> ... 39 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
