axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <ruchith.ferna...@gmail.com>
Subject Re: SHA2 support
Date Fri, 01 Apr 2011 06:11:38 GMT
Hi Leoš,

Here's a quick patch (on current trunk) to fix the issue for the most
common case IMHO. There are several other cases to check where
signature is constructed but feel free to use this if you need this
immediately. I will do a through check and commit a more comprehensive
fix if I find some time (or someone else might fix it :-) ).

PATCH: http://pastebin.com/YLdhDvd5

Note that you will need unlimited strength policy.

Here's the trace of messages from running the test :
http://pastebin.com/VgwPzyfb

Hope this helps!

Thanks,
Ruchith

2011/4/1 Ruchith Fernando <ruchith.fernando@gmail.com>:
> 2011/4/1 Ruchith Fernando <ruchith.fernando@gmail.com>:
>> Hi Leos,
>>
>> SHA256 is not supported right now.
>>
>> I just checked the rampart code to verify this and seems like we are
>> not using the digest value from the AlgorithmSuite available in the
>> policy.
>>
>> Also asymmetricSignature in AlgorithmSuite is hard coded to
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> This value should be constructed properly depending on the parameters
>> available. (Example : See the use of
>> http://www.w3.org/2001/04/xmlenc#sha256 in [1])
> Correction : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>
>>
>> Thanks,
>> Ruchith
>>
>> 1. http://www.w3.org/TR/2010/WD-xmldsig-core1-20101130/Overview.html#sec-o-Simple
>>
>> 2011/3/17 Leos Literak <leos.literak@gemsystem.cz>:
>>> Hi,
>>>
>>>
>>>
>>> Can anybody reply me? Is SHA256 really supported?
>>>
>>>
>>>
>>> Leos
>>>
>>>
>>>
>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>> Odesláno: 15. března 2011 8:48
>>>
>>> Komu: java-dev@axis.apache.org
>>> Předmět: RE: SHA2 support
>>>
>>>
>>>
>>> Hello,
>>>
>>>
>>>
>>> Is there anybody out there who has ever used the SHA256 algorithm / knows
>>> how to configure it?
>>>
>>>
>>>
>>> Can you please help us? It becomes a major issue as SHA1 is obsoleted.
>>>
>>> Thank you in advance
>>>
>>>
>>>
>>> Leos
>>>
>>>
>>>
>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>> Odesláno: 11. března 2011 15:49
>>> Komu: java-dev@axis.apache.org
>>> Předmět: RE: SHA2 support
>>>
>>>
>>>
>>> As mentioned in https://issues.apache.org/jira/browse/RAMPART-216 we used
>>> <sp:Basic256Sha256/> as well (and few others) with no luck.
>>>
>>>
>>>
>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>> Odesláno: 11. března 2011 15:36
>>> Komu: 'java-dev@axis.apache.org'
>>> Předmět: RE: SHA2 support
>>>
>>>
>>>
>>> Martin,
>>>
>>>
>>>
>>> Thank you for your quick reply. Can you help us, how to setup axis to use
>>> SHA256?
>>>
>>>
>>>
>>> Leoš
>>>
>>>
>>>
>>> Od: Martin Gainty [mailto:mgainty@hotmail.com]
>>> Odesláno: 11. března 2011 15:06
>>> Komu: java-dev@axis.apache.org
>>> Předmět: RE: SHA2 support
>>>
>>>
>>>
>>> the currently supported (Rampart) Digest Algorithms are:
>>>
>>> contents of org.apache.ws.secpolicy.SPConstants:
>>>
>>>     public final static String SHA1 =
>>> "http://www.w3.org/2000/09/xmldsig#sha1";
>>>     public final static String SHA256 =
>>> "http://www.w3.org/2001/04/xmlenc#sha256";
>>>     public final static String SHA512 =
>>> "http://www.w3.org/2001/04/xmlenc#sha512";
>>>
>>> if wish to request (rampart) support for a new Algorithm please file jira
>>> request at
>>>
>>> https://issues.apache.org/jira/browse/Rampart
>>
>>
>>
>> --
>> http://ruchith.org
>>
>
>
>
> --
> http://ruchith.org
>



-- 
http://ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message