Hi Sean and all others, JDK6u16 is out now since a while, but I still get
java.lang.RuntimeException: javax.xml.crypto.MarshalException: unsupported signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 => Are the stronger algorithms SHA256-RSA re-targeted to another Update of JDK6 ? Please let me know, if there is any solution in sight, or any other workaround, since I can´t use the endorsed mechanism due to a lot of side-effects for others..... thanx, Torsten Sean Mullan <sean.mul...@sun.com> Gesendet von: sean.mul...@sun.com 27.05.2009 20:37 Bitte antworten an security-dev@xml.apache.org An security-dev@xml.apache.org Kopie Thema Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm) torsten.reinh...@gi-de.com wrote: > > Hi, > > I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to > JDK6 (where xmlsec is included now). > > After that I got > javax.xml.crypto.MarshalException: unsupported signature algorithm: > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > at > org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86) > at > org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122) > at > org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119) > at > org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152) > at > org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116) > > so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and > commons-logging into that folder. > That worked fine for me - but not for my collegues. > > They than run into "NoClassDefFoundError" from different points - one > were missing the Log4J Logger class implementation (could be resolved by > putting log4j.jar to lib\endorsed), the others had trouble with WSS4J > and so on. > > I wouldn´t like to put all our libraries in the lib\endorsed folder - is > there another way to use xmlsec-1.4.2 in JDK6.0 ? > Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches > (>=1.6.0_14) ? We don't have plans to integrate the entire xmlsec-1.4.2 in Sun's JDK 6. XMLSec 1.4.2 is already in JDK 7 (via OpenJDK: https://jdk7.dev.java.net/). However, I have just opened an RFE to add support for the stronger SHA256-RSA and SHA512-RSA algorithms and targeted it to JDK 6u16. In the meantime the only workaround I know is to use the endorsed libraries mechanism. --Sean
