Hi Leoš, Here's a quick patch (on current trunk) to fix the issue for the most common case IMHO. There are several other cases to check where signature is constructed but feel free to use this if you need this immediately. I will do a through check and commit a more comprehensive fix if I find some time (or someone else might fix it :-) ).
PATCH: http://pastebin.com/YLdhDvd5 Note that you will need unlimited strength policy. Here's the trace of messages from running the test : http://pastebin.com/VgwPzyfb Hope this helps! Thanks, Ruchith 2011/4/1 Ruchith Fernando <[email protected]>: > 2011/4/1 Ruchith Fernando <[email protected]>: >> Hi Leos, >> >> SHA256 is not supported right now. >> >> I just checked the rampart code to verify this and seems like we are >> not using the digest value from the AlgorithmSuite available in the >> policy. >> >> Also asymmetricSignature in AlgorithmSuite is hard coded to >> http://www.w3.org/2000/09/xmldsig#rsa-sha1 >> This value should be constructed properly depending on the parameters >> available. (Example : See the use of >> http://www.w3.org/2001/04/xmlenc#sha256 in [1]) > Correction : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > >> >> Thanks, >> Ruchith >> >> 1. >> http://www.w3.org/TR/2010/WD-xmldsig-core1-20101130/Overview.html#sec-o-Simple >> >> 2011/3/17 Leos Literak <[email protected]>: >>> Hi, >>> >>> >>> >>> Can anybody reply me? Is SHA256 really supported? >>> >>> >>> >>> Leos >>> >>> >>> >>> Od: Leos Literak [mailto:[email protected]] >>> Odesláno: 15. března 2011 8:48 >>> >>> Komu: [email protected] >>> Předmět: RE: SHA2 support >>> >>> >>> >>> Hello, >>> >>> >>> >>> Is there anybody out there who has ever used the SHA256 algorithm / knows >>> how to configure it? >>> >>> >>> >>> Can you please help us? It becomes a major issue as SHA1 is obsoleted. >>> >>> Thank you in advance >>> >>> >>> >>> Leos >>> >>> >>> >>> Od: Leos Literak [mailto:[email protected]] >>> Odesláno: 11. března 2011 15:49 >>> Komu: [email protected] >>> Předmět: RE: SHA2 support >>> >>> >>> >>> As mentioned in https://issues.apache.org/jira/browse/RAMPART-216 we used >>> <sp:Basic256Sha256/> as well (and few others) with no luck. >>> >>> >>> >>> Od: Leos Literak [mailto:[email protected]] >>> Odesláno: 11. března 2011 15:36 >>> Komu: '[email protected]' >>> Předmět: RE: SHA2 support >>> >>> >>> >>> Martin, >>> >>> >>> >>> Thank you for your quick reply. Can you help us, how to setup axis to use >>> SHA256? >>> >>> >>> >>> Leoš >>> >>> >>> >>> Od: Martin Gainty [mailto:[email protected]] >>> Odesláno: 11. března 2011 15:06 >>> Komu: [email protected] >>> Předmět: RE: SHA2 support >>> >>> >>> >>> the currently supported (Rampart) Digest Algorithms are: >>> >>> contents of org.apache.ws.secpolicy.SPConstants: >>> >>> public final static String SHA1 = >>> "http://www.w3.org/2000/09/xmldsig#sha1";; >>> public final static String SHA256 = >>> "http://www.w3.org/2001/04/xmlenc#sha256";; >>> public final static String SHA512 = >>> "http://www.w3.org/2001/04/xmlenc#sha512";; >>> >>> if wish to request (rampart) support for a new Algorithm please file jira >>> request at >>> >>> https://issues.apache.org/jira/browse/Rampart >> >> >> >> -- >> http://ruchith.org >> > > > > -- > http://ruchith.org > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
