This is fixed on Rampart trunk now! Thanks, Ruchith
2011/4/1 Ruchith Fernando <[email protected]>: > Hi Leoš, > > Here's a quick patch (on current trunk) to fix the issue for the most > common case IMHO. There are several other cases to check where > signature is constructed but feel free to use this if you need this > immediately. I will do a through check and commit a more comprehensive > fix if I find some time (or someone else might fix it :-) ). > > PATCH: http://pastebin.com/YLdhDvd5 > > Note that you will need unlimited strength policy. > > Here's the trace of messages from running the test : > http://pastebin.com/VgwPzyfb > > Hope this helps! > > Thanks, > Ruchith > > 2011/4/1 Ruchith Fernando <[email protected]>: >> 2011/4/1 Ruchith Fernando <[email protected]>: >>> Hi Leos, >>> >>> SHA256 is not supported right now. >>> >>> I just checked the rampart code to verify this and seems like we are >>> not using the digest value from the AlgorithmSuite available in the >>> policy. >>> >>> Also asymmetricSignature in AlgorithmSuite is hard coded to >>> http://www.w3.org/2000/09/xmldsig#rsa-sha1 >>> This value should be constructed properly depending on the parameters >>> available. (Example : See the use of >>> http://www.w3.org/2001/04/xmlenc#sha256 in [1]) >> Correction : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 >> >>> >>> Thanks, >>> Ruchith >>> >>> 1. >>> http://www.w3.org/TR/2010/WD-xmldsig-core1-20101130/Overview.html#sec-o-Simple >>> >>> 2011/3/17 Leos Literak <[email protected]>: >>>> Hi, >>>> >>>> >>>> >>>> Can anybody reply me? Is SHA256 really supported? >>>> >>>> >>>> >>>> Leos >>>> >>>> >>>> >>>> Od: Leos Literak [mailto:[email protected]] >>>> Odesláno: 15. března 2011 8:48 >>>> >>>> Komu: [email protected] >>>> Předmět: RE: SHA2 support >>>> >>>> >>>> >>>> Hello, >>>> >>>> >>>> >>>> Is there anybody out there who has ever used the SHA256 algorithm / knows >>>> how to configure it? >>>> >>>> >>>> >>>> Can you please help us? It becomes a major issue as SHA1 is obsoleted. >>>> >>>> Thank you in advance >>>> >>>> >>>> >>>> Leos >>>> >>>> >>>> >>>> Od: Leos Literak [mailto:[email protected]] >>>> Odesláno: 11. března 2011 15:49 >>>> Komu: [email protected] >>>> Předmět: RE: SHA2 support >>>> >>>> >>>> >>>> As mentioned in https://issues.apache.org/jira/browse/RAMPART-216 we used >>>> <sp:Basic256Sha256/> as well (and few others) with no luck. >>>> >>>> >>>> >>>> Od: Leos Literak [mailto:[email protected]] >>>> Odesláno: 11. března 2011 15:36 >>>> Komu: '[email protected]' >>>> Předmět: RE: SHA2 support >>>> >>>> >>>> >>>> Martin, >>>> >>>> >>>> >>>> Thank you for your quick reply. Can you help us, how to setup axis to use >>>> SHA256? >>>> >>>> >>>> >>>> Leoš >>>> >>>> >>>> >>>> Od: Martin Gainty [mailto:[email protected]] >>>> Odesláno: 11. března 2011 15:06 >>>> Komu: [email protected] >>>> Předmět: RE: SHA2 support >>>> >>>> >>>> >>>> the currently supported (Rampart) Digest Algorithms are: >>>> >>>> contents of org.apache.ws.secpolicy.SPConstants: >>>> >>>> public final static String SHA1 = >>>> "http://www.w3.org/2000/09/xmldsig#sha1";; >>>> public final static String SHA256 = >>>> "http://www.w3.org/2001/04/xmlenc#sha256";; >>>> public final static String SHA512 = >>>> "http://www.w3.org/2001/04/xmlenc#sha512";; >>>> >>>> if wish to request (rampart) support for a new Algorithm please file jira >>>> request at >>>> >>>> https://issues.apache.org/jira/browse/Rampart >>> >>> >>> >>> -- >>> http://ruchith.org >>> >> >> >> >> -- >> http://ruchith.org >> > > > > -- > http://ruchith.org > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
