santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm)
Date Wed, 27 May 2009 18:36:30 GMT
torsten.reinhard@gi-de.com wrote:
> 
> Hi,
> 
> I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to 
> JDK6 (where xmlsec is included now).
> 
> After that I got
> javax.xml.crypto.MarshalException: unsupported signature algorithm: 
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>                 at 
> org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86)
>                 at 
> org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122)
>                 at 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119)
>                 at 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152)
>                 at 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116)
> 
> so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and 
> commons-logging into that folder.
> That worked fine for me - but not for my collegues.
> 
> They than run into "NoClassDefFoundError" from different points - one 
> were missing the Log4J Logger class implementation (could be resolved by 
> putting log4j.jar to lib\endorsed), the others had trouble with WSS4J 
> and so on.
> 
> I wouldn´t like to put all our libraries in the lib\endorsed folder - is 
> there another way to use xmlsec-1.4.2 in JDK6.0 ?

> Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches 
> (>=1.6.0_14) ?

We don't have plans to integrate the entire xmlsec-1.4.2 in Sun's JDK 6. 
XMLSec 1.4.2 is already in JDK 7 (via OpenJDK: 
https://jdk7.dev.java.net/). However, I have just opened an RFE to add 
support for the stronger SHA256-RSA and SHA512-RSA algorithms and 
targeted it to JDK 6u16. In the meantime the only workaround I know is 
to use the endorsed libraries mechanism.

--Sean

Mime
View raw message