Re: ws policies AlgorithmSuite

Fri, 31 Jan 2014 02:29:32 -0800 

Your policy formulation is invalid, as you are saying that you want both
AlgorithmSuites to be enforced. Instead you need a policy alternative,
something like:

<sp:AlgorithmSuite>
     <wsp:Policy>
        <wsp:ExactlyOne>
                <sp:Basic128Rsa15 />
                <sp:TripleDes />
        </wsp:ExactlyOne>
     </wsp:Policy>
</sp:AlgorithmSuite>

Colm.


On Thu, Jan 30, 2014 at 6:14 PM, Kai Rommel <[email protected]>wrote:

> Hi,
>
> I have a WS Consumer sending a signed and encrypted message.
> In the SOAP Header following algorithm is used:
> -<xenc:EncryptedKey Id="EK45302750"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> In the SOAP Body:
> -<xenc:EncryptedData Id="ED23590466"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>
> I want to consume this message by a WS-Provider configured via policies:
> When I set the  AlgorithmSuite in this way:
>
>         <sp:AlgorithmSuite>
>                 <wsp:Policy>
>                         <sp:TripleDes />
>                         <sp:Basic128Rsa15 />
>                 </wsp:Policy>
>         </sp:AlgorithmSuite>
>
> I get the error:
> ...org.apache.ws.security.processor.X509Util...
> #Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-1_5|...
> org.apache.ws.security.components.crypto.AlgorithmSuiteValidator...
> The Key transport method does not match the requirement...
>
> When I set the  AlgorithmSuite in this way:
>
>         <sp:AlgorithmSuite>
>                 <wsp:Policy>
>                         <sp:Basic128Rsa15 />
>                         <sp:TripleDes />
>                 </wsp:Policy>
>         </sp:AlgorithmSuite>
>
> I get the error:
> ...org.apache.ws.security.processor.EncryptedKeyProcessor..
>
> org.apache.ws.security.processor.X509Util...
> Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#tripledes-cbc|...
>
> #org.apache.ws.security.components.crypto.AlgorithmSuiteValidator#...
> The encryption algorithm does not match the requirement|.....
>
> Isn't it allowed to set several algorithms in the AlgorithmSuite?
> Or do I misinterpret something?
> Thanks.
> Best regards
> Kai
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to