Thank you for creating the JIRA. In this case i'm screwed i think. As far as I know, RSA-SHA256 is mandatory for this service to work. Is there a to work around it?
Is there a class that I can inherit from to make it work? Ted 2013/8/13 Colm O hEigeartaigh <[email protected]> > SHA-256 is only used for the digest algorithm for any of the standard > WS-SecurityPolicy AlgorithmSuites. The Signature Algorithm is always > RSA-SHA1 and cannot be configured. Ideally, we would have a new > specification to cater for newer security algorithms, but this does not > appear likely from my understanding. > > I've created a JIRA to find a way around this problem: > > https://issues.apache.org/jira/browse/CXF-5200 > > I think I will add a configuration option to override the default RSA-SHA1 > signature algorithm. > > Colm. > > > On Tue, Aug 13, 2013 at 2:19 PM, Ted Roeloffzen <[email protected] > >wrote: > > > I was afraid of that. > > > > The policy that is used is as follows: > > > > <wsp:Policy wsu:Id="..."> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:AsymmetricBinding> > > <wsp:Policy> > > <sp:InitiatorToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > <sp:RequireThumbprintReference/> > > <sp:WssX509V3Token10/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:InitiatorToken> > > <sp:RecipientToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator > > "> > > <wsp:Policy> > > <sp:RequireThumbprintReference/> > > <sp:WssX509V3Token10/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:RecipientToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256Sha256Rsa15/> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Lax/> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp/> > > <sp:OnlySignEntireHeadersAndBody/> > > </wsp:Policy> > > </sp:AsymmetricBinding> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > > > When I look at this policy, I'd think that SHA256 would be used i thought > > RSA-SHA256 would be used as the signature-algorithm, but when I look at > the > > XML that is output by CXF RSA-SHA1 is used. > > > > Where am I going wrong? > > > > Ted > > > > > > > > > > 2013/8/13 Colm O hEigeartaigh <[email protected]> > > > > > You can't set the SignatureAlgorithm if you are using > WS-SecurityPolicy, > > > as it defaults to that of the spec. What requirements do you have? What > > > signature algorithm do you want to use? > > > > > > Colm. > > > > > > > > > On Tue, Aug 13, 2013 at 1:36 PM, Ted Roeloffzen < > > [email protected]>wrote: > > > > > >> Hi Colm, > > >> > > >> The WSS4JOutInterceptor is created and configured automatically by > CXF, > > >> right? > > >> Can I somehow retrieve the WSS4JOutInterceptor during the process and > > set > > >> the signatureAlgorithm tag, without having to configure the entire > > >> interceptor? > > >> > > >> Ted > > >> > > >> > > >> > > >> > > >> 2013/8/13 Colm O hEigeartaigh <[email protected]> > > >> > > >>> If you are using WS-SecurityPolicy, then the spec defines the > signature > > >>> method as "RSA-SHA1" for Asymmetric Signature, and "HMAC-SHA1" for > > >>> Symmetric Signature. Otherwise, you can set it via the > > >>> "signatureAlgorithm" > > >>> configuration tag on the WSS4JOutInterceptor. > > >>> > > >>> Colm. > > >>> > > >>> > > >>> On Tue, Aug 13, 2013 at 8:08 AM, Ted Roeloffzen < > > >>> [email protected]>wrote: > > >>> > > >>> > Hi All, > > >>> > > > >>> > How does CXF determine which signature method to use? > > >>> > Does it retrieve it from the security-policy in the WSDL or do you > > >>> have to > > >>> > configure it? > > >>> > > > >>> > kind regards, > > >>> > > > >>> > Ted > > >>> > > > >>> > > >>> > > >>> > > >>> -- > > >>> Colm O hEigeartaigh > > >>> > > >>> Talend Community Coder > > >>> http://coders.talend.com > > >>> > > >> > > >> > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
