axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <ruchith.ferna...@gmail.com>
Subject Re: SHA2 support
Date Fri, 01 Apr 2011 06:54:03 GMT
This is fixed on Rampart trunk now!

Thanks,
Ruchith

2011/4/1 Ruchith Fernando <ruchith.fernando@gmail.com>:
> Hi Leoš,
>
> Here's a quick patch (on current trunk) to fix the issue for the most
> common case IMHO. There are several other cases to check where
> signature is constructed but feel free to use this if you need this
> immediately. I will do a through check and commit a more comprehensive
> fix if I find some time (or someone else might fix it :-) ).
>
> PATCH: http://pastebin.com/YLdhDvd5
>
> Note that you will need unlimited strength policy.
>
> Here's the trace of messages from running the test :
> http://pastebin.com/VgwPzyfb
>
> Hope this helps!
>
> Thanks,
> Ruchith
>
> 2011/4/1 Ruchith Fernando <ruchith.fernando@gmail.com>:
>> 2011/4/1 Ruchith Fernando <ruchith.fernando@gmail.com>:
>>> Hi Leos,
>>>
>>> SHA256 is not supported right now.
>>>
>>> I just checked the rampart code to verify this and seems like we are
>>> not using the digest value from the AlgorithmSuite available in the
>>> policy.
>>>
>>> Also asymmetricSignature in AlgorithmSuite is hard coded to
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>> This value should be constructed properly depending on the parameters
>>> available. (Example : See the use of
>>> http://www.w3.org/2001/04/xmlenc#sha256 in [1])
>> Correction : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>>
>>>
>>> Thanks,
>>> Ruchith
>>>
>>> 1. http://www.w3.org/TR/2010/WD-xmldsig-core1-20101130/Overview.html#sec-o-Simple
>>>
>>> 2011/3/17 Leos Literak <leos.literak@gemsystem.cz>:
>>>> Hi,
>>>>
>>>>
>>>>
>>>> Can anybody reply me? Is SHA256 really supported?
>>>>
>>>>
>>>>
>>>> Leos
>>>>
>>>>
>>>>
>>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>>> Odesláno: 15. března 2011 8:48
>>>>
>>>> Komu: java-dev@axis.apache.org
>>>> Předmět: RE: SHA2 support
>>>>
>>>>
>>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>> Is there anybody out there who has ever used the SHA256 algorithm / knows
>>>> how to configure it?
>>>>
>>>>
>>>>
>>>> Can you please help us? It becomes a major issue as SHA1 is obsoleted.
>>>>
>>>> Thank you in advance
>>>>
>>>>
>>>>
>>>> Leos
>>>>
>>>>
>>>>
>>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>>> Odesláno: 11. března 2011 15:49
>>>> Komu: java-dev@axis.apache.org
>>>> Předmět: RE: SHA2 support
>>>>
>>>>
>>>>
>>>> As mentioned in https://issues.apache.org/jira/browse/RAMPART-216 we used
>>>> <sp:Basic256Sha256/> as well (and few others) with no luck.
>>>>
>>>>
>>>>
>>>> Od: Leos Literak [mailto:leos.literak@gemsystem.cz]
>>>> Odesláno: 11. března 2011 15:36
>>>> Komu: 'java-dev@axis.apache.org'
>>>> Předmět: RE: SHA2 support
>>>>
>>>>
>>>>
>>>> Martin,
>>>>
>>>>
>>>>
>>>> Thank you for your quick reply. Can you help us, how to setup axis to use
>>>> SHA256?
>>>>
>>>>
>>>>
>>>> Leoš
>>>>
>>>>
>>>>
>>>> Od: Martin Gainty [mailto:mgainty@hotmail.com]
>>>> Odesláno: 11. března 2011 15:06
>>>> Komu: java-dev@axis.apache.org
>>>> Předmět: RE: SHA2 support
>>>>
>>>>
>>>>
>>>> the currently supported (Rampart) Digest Algorithms are:
>>>>
>>>> contents of org.apache.ws.secpolicy.SPConstants:
>>>>
>>>>     public final static String SHA1 =
>>>> "http://www.w3.org/2000/09/xmldsig#sha1";
>>>>     public final static String SHA256 =
>>>> "http://www.w3.org/2001/04/xmlenc#sha256";
>>>>     public final static String SHA512 =
>>>> "http://www.w3.org/2001/04/xmlenc#sha512";
>>>>
>>>> if wish to request (rampart) support for a new Algorithm please file jira
>>>> request at
>>>>
>>>> https://issues.apache.org/jira/browse/Rampart
>>>
>>>
>>>
>>> --
>>> http://ruchith.org
>>>
>>
>>
>>
>> --
>> http://ruchith.org
>>
>
>
>
> --
> http://ruchith.org
>



-- 
http://ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message