Use of asymmetric key is implicit and defaults to RSA_SHA1 in the security
policy implementation
------------------------------------------------------------------------------------------------
Key: CXF-3646
URL: https://issues.apache.org/jira/browse/CXF-3646
Project: CXF
Issue Type: Bug
Components: Core, WS-* Components
Affects Versions: 2.3.2, 2.5
Environment: Linux
Reporter: vaidya.krishnamurthy
Since the use of SHA1 has been recently discouraged I tried to switch to
using atleast SHA256 ( http://www.w3.org/TR/xmldsig-core1/#sec-MessageDigests )
Currently the policy is set like this in the wsdl file :
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Sha256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
From the log I can see that a part of the message is signed with
rsa-sha1
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Timestamp-1">
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
