Wrong SignatureMethod and DigestMethod generated in request in case of algoritm
suite having SHA256 hashing algorithm (example: Basic256Sha256)
-----------------------------------------------------------------------------------------------------------------------------------------------
Key: RAMPART-216
URL: https://issues.apache.org/jira/browse/RAMPART-216
Project: Rampart
Issue Type: Bug
Components: rampart-core, rampart-integration, rampart-policy
Affects Versions: 1.3
Environment: Windows XP/Vista, Java 1.4.2, Axis 2 1.3, Rampart 1.3
Reporter: Heinz Zerbes
Assignee: Ruchith Udayanga Fernando
Fix For: 1.3
My Rampart policy has a algoritm suit = Base256Sha256. In rest it is very
simple (I will attach it to this issue).
I expected to get from this suite a SignedInfo element in request like this:
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#Id-27120928">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>.....</ds:DigestValue>
</ds:Reference>
But instead I get the following (always 'sha1'):
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-27120928">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>....</ds:DigestValue>
</ds:Reference>
It makes no difference what algorithms suit I take. I always get 'sha1'.
In class org.apache.ws.secpolicy.model.AlgorithmSuite there is only
asymmetricSignature = Constants.RSA_SHA1. In Constants.java the same. Thus the
getAsymmetricSignature() method always return SHA1.
Here is my policy:
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; name="TelematikPolicy"
targetNamespace="http://ws.test.xy/tel/transport/v1.2";>
<wsdl:documentation>
</wsdl:documentation>
<wsp:Policy wsu:Id="TelematicsTransport_Binding_Signed_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
Is there any workarround for this problem? I would appreciate it very much if
you could give me a good hint! It's urgent.
Thank you a lot!
Heinz
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
