First of all, thanks for the prompt response. >>>which specific algorithm do you want to implement on the server?
I'm trying to implement a client for an existing server. The server only accepts rsa-sha1 signatures. I can't read or modify the server code, I only have the WSDL to generate the client stubs. How can I force the client to use http://www.w3.org/2000/09/xmldsig#rsa-sha1? Thanks. On Wed, Mar 9, 2016 at 2:57 AM, Martin Gainty <mgai...@hotmail.com> wrote: > > > > > >> Date: Tue, 8 Mar 2016 14:40:27 +0100 >> Subject: WSsecurity: SignatureMethod error >> From: enrique.sori...@gmail.com >> To: java-user@axis.apache.org >> >> Hi all, I need some help with Axis2/rampart. >> >> I'm implementing a WS client. I generated the client stubs from a WSDL >> file by using wsdl2java (jaxbri binding). The WSDL file includes a >> WS-security policy, which sets TripleDesSha256Rsa15 as the >> AlgorithmSuite. >> >> Rampart is engaged, my Keystore is ok, and so on. The problem: the >> requests are signed with RsaSha256, but the server requires RsaSha1 >> signatures: > > MG>constrained by > MG><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig# > MG>which is of type anyURI <attribute name="Algorithm" type="anyURI" > use="required"/> > MG>anyURI is defined as > > 3.2.17 anyURI > > [Definition:] anyURI represents a Uniform Resource Identifier Reference > (URI). An anyURI value can be absolute or relative, and may have an optional > fragment identifier (i.e., it may be a URI Reference). This type should be > used to specify the intention that the value fulfills the role of a URI as > defined by [RFC 2396], as amended by [RFC 2732]. > > The mapping from anyURI values to URIs is as defined in Section 5.4 Locator > Attribute of [XML Linking Language] (see also Section 8 Character Encoding > in URI References of [Character Model]). This means that a wide range of > internationalized resource identifiers can be specified when an anyURI is > called for, and still be understood as URIs per [RFC 2396], as amended > by[RFC 2732], where appropriate to identify resources. > > NOTE: Each URI scheme imposes specialized syntax rules for URIs in that > scheme, including restrictions on the syntax of allowed fragement > identifiers. Because it is impractical for processors to check that a value > is a context-appropriate URI reference, this specification follows the lead > of [RFC 2396] (as amended by [RFC 2732]) in this matter: such rules and > restrictions are not part of type validity and are not checked by ·minimally > conforming· processors. Thus in practice the above definition imposes only > very modest obligations on·minimally conforming· processors. > > 3.2.17.1 Lexical representation > > The ·lexical space· of anyURI is finite-length character sequences which, > when the algorithm defined in Section 5.4 of [XML Linking Language] is > applied to them, result in strings which are legal URIs according to [RFC > 2396], as amended by [RFC 2732]. > > NOTE: Spaces are, in principle, allowed in the ·lexical space· of anyURI, > however, their use is highly discouraged (unless they are encoded by %20). > > 3.2.17.2 Constraining facets > > anyURI has the following ·constraining facets·: > > length > minLength > maxLength > pattern > enumeration > whiteSpace > > MG> > >> ... >> <ds:SignatureMethod >> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >> ... >> >> AFAIK, WS-SecurityPolicy specifies that RsaSha1 is always used for the >> signatures. The AlgorithmSuite (e.g. TripleDesSha256Rsa15) is used to >> configure the other crypto algorithms (digest, symmetric, wrapping, >> etc.), right? > > MG>so as long as http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 conforms > to anyURI type that should work > MG>which specific algorithm do you want to implement on the server? > >> >> What's happening here? Am I missing something? >> >> I'm using Java 1.8, axis2-1.7.1, rampart-1.7.0 and wss4j-1.6.19. >> >> Thanks in advance. >> Regards. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org >> For additional commands, e-mail: java-user-h...@axis.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org For additional commands, e-mail: java-user-h...@axis.apache.org
