Re: Antwort: Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm)

Tue, 08 Sep 2009 07:39:10 -0700 

Hi Torsten,
Our JDK release schedule was changed a little and this will now be fixed in JDK 6u18. See http://bugs.sun.com/view_bug.do?bug_id=6845600 


It should be fixed in the 6u18 early access release, available here: 
http://download.java.net/jdk6/


--Sean

torsten.reinh...@gi-de.com wrote:


Hi Sean and all others,

JDK6u16 is out now since a while, but I still get


_java.lang.RuntimeException_: _javax.xml.crypto.MarshalException_: 
unsupported signature algorithm: 
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256



=> Are the stronger algorithms SHA256-RSA re-targeted to another Update 
of JDK6 ?



Please let me know, if there is any solution in sight, or any other 
workaround,
since I can´t use the endorsed mechanism due to a lot of side-effects 
for others.....


thanx, Torsten



*Sean Mullan <sean.mul...@sun.com>*
Gesendet von: sean.mul...@sun.com

27.05.2009 20:37
Bitte antworten an
security-dev@xml.apache.org


        
An
        security-dev@xml.apache.org
Kopie
        
Thema
        Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm)


        





torsten.reinh...@gi-de.com wrote:
 >
 > Hi,
 >
 > I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to
 > JDK6 (where xmlsec is included now).
 >
 > After that I got
 > javax.xml.crypto.MarshalException: unsupported signature algorithm:
 > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
 >                 at

 > 
org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86)

 >                 at

 > 
org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122)

 >                 at

 > 
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119)

 >                 at

 > 
org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152)

 >                 at

 > 
org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116)

 >
 > so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and
 > commons-logging into that folder.
 > That worked fine for me - but not for my collegues.
 >
 > They than run into "NoClassDefFoundError" from different points - one
 > were missing the Log4J Logger class implementation (could be resolved by
 > putting log4j.jar to lib\endorsed), the others had trouble with WSS4J
 > and so on.
 >
 > I wouldn´t like to put all our libraries in the lib\endorsed folder - is
 > there another way to use xmlsec-1.4.2 in JDK6.0 ?

 > Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches
 > (>=1.6.0_14) ?

We don't have plans to integrate the entire xmlsec-1.4.2 in Sun's JDK 6.
XMLSec 1.4.2 is already in JDK 7 (via OpenJDK:
https://jdk7.dev.java.net/). However, I have just opened an RFE to add
support for the stronger SHA256-RSA and SHA512-RSA algorithms and
targeted it to JDK 6u16. In the meantime the only workaround I know is
to use the endorsed libraries mechanism.

--Sean

























					Reply via email to