> Date: Tue, 8 Mar 2016 14:40:27 +0100
> Subject: WSsecurity: SignatureMethod error
> From: enrique.sori...@gmail.com
> To: java-user@axis.apache.org
>
> Hi all, I need some help with Axis2/rampart.
>
> I'm implementing a WS client. I generated the client stubs from a WSDL
> file by using wsdl2java (jaxbri binding). The WSDL file includes a
> WS-security policy, which sets TripleDesSha256Rsa15 as the
> AlgorithmSuite.
>
> Rampart is engaged, my Keystore is ok, and so on. The problem: the
> requests are signed with RsaSha256, but the server requires RsaSha1
> signatures:
MG>constrained by MG><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#MG>which is of type anyURI
<attribute name="Algorithm" type="anyURI" use="required"/>
MG>anyURI is defined as3.2.17 anyURI[Definition:] anyURI represents a Uniform
Resource Identifier Reference (URI). An anyURI value can be absolute or
relative, and may have an optional fragment identifier (i.e., it may be a URI
Reference). This type should be used to specify the intention that the value
fulfills the role of a URI as defined by [RFC 2396], as amended by [RFC
2732].The mapping from anyURI values to URIs is as defined in Section 5.4
Locator Attribute of [XML Linking Language] (see also Section 8 Character
Encoding in URI References of [Character Model]). This means that a wide range
of internationalized resource identifiers can be specified when an anyURI is
called for, and still be understood as URIs per [RFC 2396], as amended by[RFC
2732], where appropriate to identify resources.NOTE: Each URI scheme imposes
specialized syntax rules for URIs in that scheme, including restrictions on the
syntax of allowed fragement identifiers. Because it is impractical for
processors to check that a value is a context-appropriate URI reference, this
specification follows the lead of [RFC 2396] (as amended by [RFC 2732]) in this
matter: such rules and restrictions are not part of type validity and are not
checked by ·minimally conforming· processors. Thus in practice the above
definition imposes only very modest obligations on·minimally conforming·
processors.3.2.17.1 Lexical representationThe ·lexical space· of anyURI is
finite-length character sequences which, when the algorithm defined in Section
5.4 of [XML Linking Language] is applied to them, result in strings which are
legal URIs according to [RFC 2396], as amended by [RFC 2732].
NOTE: Spaces are, in principle, allowed in the ·lexical space· of anyURI,
however, their use is highly discouraged (unless they are encoded by
%20).3.2.17.2 Constraining facetsanyURI has the following ·constraining facets·:
lengthminLengthmaxLengthpatternenumerationwhiteSpaceMG>
> ...
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> ...
>
> AFAIK, WS-SecurityPolicy specifies that RsaSha1 is always used for the
> signatures. The AlgorithmSuite (e.g. TripleDesSha256Rsa15) is used to
> configure the other crypto algorithms (digest, symmetric, wrapping,
> etc.), right?
MG>so as long as http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 conforms to
anyURI type that should workMG>which specific algorithm do you want to
implement on the server?
>
> What's happening here? Am I missing something?
>
> I'm using Java 1.8, axis2-1.7.1, rampart-1.7.0 and wss4j-1.6.19.
>
> Thanks in advance.
> Regards.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org
> For additional commands, e-mail: java-user-h...@axis.apache.org
>
