I added some system tests to show how to specify a custom AlgorithmSuite to use an AES-GCM algorithm for encryption:
http://svn.apache.org/viewvc?view=revision&revision=1235775 <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128GCM/> </wsp:Policy> </sp:AlgorithmSuite> The tests are @Ignore'd until we pick up WSS4J 1.6.5, but you should be able to adapt it easily enough for your own test case. Colm. 2012/1/23 Dmitriev Vadim <[email protected]>: > Colm, > > Thank you very much for sharing your experience. At least now I know that > I'm walking on unstable ground. > > Regards. > -- Vadim > > > On 23.01.2012 16:19, Colm O hEigeartaigh wrote: >>> >>> I already read your article (BTW, thank you for writing it!), but haven't >>> found how to declare custom AlgorithmSuite in WSDL properly. >>> It is the right way? >>> <wss:AlgorithmSuite> >>> <wsp:Policy> >>> <someNameSpace:customSuite /> >>> </wsp:Policy> >>> </wss:AlgorithmSuite> >> >> There is no "proper" way of declaring custom AlgorithmSuites in the >> WSDL, as it's not supported in the WS-SP specification, as you point >> out. The example that was linked in the blog just overrides the >> Basic128 AlgorithmSuite to allow 512 bit asymmetric keys. Your policy >> statement above looks fine to me though. >> >> Colm. >> >> On Mon, Jan 23, 2012 at 11:56 AM, Vadim Dmitriev<[email protected]> wrote: >>> >>> I already read your article (BTW, thank you for writing it!), but haven't >>> found how to declare custom AlgorithmSuite in WSDL properly. >>> It is the right way? >>> <wss:AlgorithmSuite> >>> <wsp:Policy> >>> <someNameSpace:customSuite /> >>> </wsp:Policy> >>> </wss:AlgorithmSuite> >>> >>> WS-SP specification doesn't define how to extend AS, only lists >>> predefined algorithms, so I'm afraid to use some unspecified controversial >>> approach which won't be supported anywhere except CXF. >>> >>> P.S. >>> Honestly, I was looking for something like >>> <AlgorithmSuite id="customSuite"> >>> <DigestAlgorithm id="..." /> >>> <EncryptionAlgorithm id="..." /> >>> </AlgorithmSuite> >>> This way 3rd parties will have algorithm IDs to use in WS-S header (i.e. >>> these IDs will be declared in WSDL, not in some external convention). >>> >>> --Vadim >>> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
