[
https://issues.apache.org/jira/browse/RAMPART-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12678638#action_12678638
]
Heinz Zerbes commented on RAMPART-216:
--------------------------------------
No, it's a copy&paste problem.
My original policy is with only one sp:.
I'm sorry about this!
Heinz
> Wrong SignatureMethod and DigestMethod generated in request in case of
> algoritm suite having SHA256 hashing algorithm (example: Basic256Sha256)
> -----------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-216
> URL: https://issues.apache.org/jira/browse/RAMPART-216
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core, rampart-integration, rampart-policy
> Affects Versions: 1.3
> Environment: Windows XP/Vista, Java 1.4.2, Axis 2 1.3, Rampart 1.3
> Reporter: Heinz Zerbes
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.3
>
>
> My Rampart policy has a algoritm suit = Base256Sha256. In rest it is very
> simple (I will attach it to this issue).
> I expected to get from this suite a SignedInfo element in request like this:
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> <ds:Reference URI="#Id-27120928">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> <ds:DigestValue>.....</ds:DigestValue>
> </ds:Reference>
> But instead I get the following (always 'sha1'):
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#Id-27120928">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
> <ds:DigestValue>....</ds:DigestValue>
> </ds:Reference>
> It makes no difference what algorithms suit I take. I always get 'sha1'.
> In class org.apache.ws.secpolicy.model.AlgorithmSuite there is only
> asymmetricSignature = Constants.RSA_SHA1. In Constants.java the same. Thus
> the getAsymmetricSignature() method always return SHA1.
> Here is my policy:
> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; name="TelematikPolicy"
> targetNamespace="http://ws.test.xy/tel/transport/v1.2";>
> <wsdl:documentation>
> </wsdl:documentation>
> <wsp:Policy wsu:Id="TelematicsTransport_Binding_Signed_Policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10/>
>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>
> <wsp:Policy>
>
> <sp:WssX509V3Token10/>
>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
>
> <sp:sp:Basic256Sha256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:SignedParts>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsdl:definitions>
> Is there any workarround for this problem? I would appreciate it very much if
> you could give me a good hint! It's urgent.
> Thank you a lot!
> Heinz
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
