I tried this through a junit after changing the algorithm. And here is what I got:
SEVERE: java.security.NoSuchAlgorithmException: unsupported algorithm Mar 14, 2014 12:14:22 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for ....... has thrown exception, unwinding now Throwable occurred: org.apache.cxf.binding.soap.SoapFault: Security processing failed. at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:280) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:141) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) Caused by: org.apache.ws.security.WSSecurityException: Error during Signature: at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:122) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52) at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:265) Here is the signature entry defined in the 'out' interceptor: *<entry key="signatureAlgorithm" value="http://www.w3.org/2001/04/xmlenc#sha256 <http://www.w3.org/2001/04/xmlenc#sha256>" />* I am not sure how to check for unlimited security policies. But since we would be running this on WebSphere, I don't think I have the liberty to have the unlimited security policies. Thanks, Giriraj. On Fri, Mar 14, 2014 at 5:51 AM, Colm O hEigeartaigh <cohei...@apache.org>wrote: > > Yes, Merlin supports SHA-256. Do you have the unlimited security policies > installed in the JDK? > > Colm. > > > > On Fri, Mar 14, 2014 at 3:08 AM, Giriraj Bhojak <girira...@gmail.com>wrote: > >> Hello Colm, >> >> I created the keystore using standard java keytool command. I am not sure >> how to create a BKS keystore. >> When I tried using sha256 signature algorithm (by configuring >> signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into >> algorithm not supported exception. sha1 signature algorithm worked properly. >> Doesn't merlin support sha256 signature algorithm? >> Do I need to use bouncy castle in this case? >> Could you please help me out with it? >> >> Thanks, >> Giriraj. >> On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >> wrote: >> >>> >>> With BouncyCastle, the Keystore type must be "BKS", so: >>> >>> org.apache.ws.security.crypto.merlin.keystore.type=BKS >>> >>> Note that the keystore itself must be compatible with BouncyCastle JKS >>> implementation. >>> >>> Colm. >>> >>> >>> On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <girira...@gmail.com>wrote: >>> >>>> Hello Colm, >>>> >>>> I didn't have any success using above properties. >>>> I got following: >>>> ... 2 more >>>> Caused by: >>>> org.apache.ws.security.components.crypto.CredentialException: Failed to >>>> load credentials. >>>> at >>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376) >>>> at >>>> org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190) >>>> at >>>> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140) >>>> at >>>> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117) >>>> ... 17 more >>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation >>>> not found >>>> at java.security.KeyStore.getInstance(KeyStore.java:122) >>>> at >>>> org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362) >>>> ... 20 more >>>> Caused by: java.security.KeyStoreException: KeyStore jks implementation >>>> not found >>>> at java.security.KeyStore.getInstance(KeyStore.java:150) >>>> at java.security.KeyStore.getInstance(KeyStore.java:120) >>>> ... 21 more >>>> >>>> It was working with Merlin earlier. Here is my properties file: >>>> org.apache.ws.security.crypto.merlin.keystore.file=sample.jks >>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>> org.apache.ws.security.crypto.merlin.keystore.type=jks >>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias1 >>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>> >>>> I have bcprov-jdk12-130.jar on the classpath. >>>> >>>> Could you please help me find out what I am doing wrong here? >>>> >>>> Thanks, >>>> Giriraj. >>>> >>>> >>>> On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh < >>>> cohei...@apache.org> wrote: >>>> >>>>> You can use BouncyCastle with the Merlin Crypto implementation. Simply >>>>> add the property: >>>>> >>>>> org.apache.ws.security.crypto.merlin.keystore.provider=BC >>>>> org.apache.ws.security.crypto.merlin.cert.provider=BC >>>>> >>>>> Colm. >>>>> >>>>> >>>>> On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak >>>>> <girira...@gmail.com>wrote: >>>>> >>>>>> We have a specific requirement to use Bouncy Castle in the project. >>>>>> Does this mean we can't use Bouncy Castle at all in the latest >>>>>> version of wss4j? >>>>>> >>>>>> Thanks, >>>>>> Giriraj. >>>>>> On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> From what I recall, there was essentially little difference between >>>>>>> the Merlin and BouncyCastle Crypto implementations, hence the latter was >>>>>>> removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle >>>>>>> implementation, i.e. what is the Merlin implementation not doing for >>>>>>> you? >>>>>>> >>>>>>> Colm. >>>>>>> >>>>>>> >>>>>>> On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <girira...@gmail.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> I need to use Bouncy Castle provider with WSS4J 1.6.13. >>>>>>>> Merlin is used by default since 1.6.x. >>>>>>>> Could anyone explain why this was done? >>>>>>>> I mean was there something with Bouncy Castle that prompted this >>>>>>>> change? >>>>>>>> >>>>>>>> And is following set of keys the right way to use Bouncy Castle >>>>>>>> with WSS4J (found this from >>>>>>>> https://community.oracle.com/thread/1529571?tstart=1872)? >>>>>>>> >>>>>>>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle >>>>>>>> org.apache.ws.security.crypto.merlin.keystore.type=PKCS12 >>>>>>>> org.apache.ws.security.crypto.merlin.keystore.password=password >>>>>>>> org.apache.ws.security.crypto.merlin.keystore.alias=alias >>>>>>>> org.apache.ws.security.crypto.merlin.alias.password=password >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> Giriraj. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Colm O hEigeartaigh >>>>>>> >>>>>>> Talend Community Coder >>>>>>> http://coders.talend.com >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Colm O hEigeartaigh >>>>> >>>>> Talend Community Coder >>>>> http://coders.talend.com >>>>> >>>>> -- >>>>> Colm O hEigeartaigh >>>>> >>>>> Talend Community Coder >>>>> <http://coders.talend.com>http://coders.talend.com >>>>> >>>>> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >