santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Antwort: Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm)
Date Tue, 08 Sep 2009 14:38:32 GMT
Hi Torsten,

Our JDK release schedule was changed a little and this will now be fixed 
in JDK 6u18. See http://bugs.sun.com/view_bug.do?bug_id=6845600

It should be fixed in the 6u18 early access release, available here: 
http://download.java.net/jdk6/

--Sean

torsten.reinhard@gi-de.com wrote:
> 
> Hi Sean and all others,
> 
> JDK6u16 is out now since a while, but I still get
> 
> _java.lang.RuntimeException_: _javax.xml.crypto.MarshalException_: 
> unsupported signature algorithm: 
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> 
> => Are the stronger algorithms SHA256-RSA re-targeted to another Update 
> of JDK6 ?
> 
> Please let me know, if there is any solution in sight, or any other 
> workaround,
> since I can´t use the endorsed mechanism due to a lot of side-effects 
> for others.....
> 
> thanx, Torsten
> 
> 
> 
> *Sean Mullan <Sean.Mullan@Sun.COM>*
> Gesendet von: Sean.Mullan@Sun.COM
> 
> 27.05.2009 20:37
> Bitte antworten an
> security-dev@xml.apache.org
> 
> 
> 	
> An
> 	security-dev@xml.apache.org
> Kopie
> 	
> Thema
> 	Re: JDK6 and xmlsec-1.4.2 issue (unsupported signature algorithm)
> 
> 
> 	
> 
> 
> 
> 
> 
> torsten.reinhard@gi-de.com wrote:
>  >
>  > Hi,
>  >
>  > I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to
>  > JDK6 (where xmlsec is included now).
>  >
>  > After that I got
>  > javax.xml.crypto.MarshalException: unsupported signature algorithm:
>  > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>  >                 at
>  > 
> org.jcp.xml.dsig.internal.dom.DOMSignatureMethod.unmarshal(DOMSignatureMethod.java:86)
>  >                 at
>  > 
> org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:122)
>  >                 at
>  > 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:119)
>  >                 at
>  > 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:152)
>  >                 at
>  > 
> org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:116)
>  >
>  > so I tried the lib\endorsed workaround, and put xmlsec-1.4.2 and
>  > commons-logging into that folder.
>  > That worked fine for me - but not for my collegues.
>  >
>  > They than run into "NoClassDefFoundError" from different points - one
>  > were missing the Log4J Logger class implementation (could be resolved by
>  > putting log4j.jar to lib\endorsed), the others had trouble with WSS4J
>  > and so on.
>  >
>  > I wouldn´t like to put all our libraries in the lib\endorsed folder - is
>  > there another way to use xmlsec-1.4.2 in JDK6.0 ?
> 
>  > Is there a plan to include xmlsec-1.4.2 in one of the next JDK patches
>  > (>=1.6.0_14) ?
> 
> We don't have plans to integrate the entire xmlsec-1.4.2 in Sun's JDK 6.
> XMLSec 1.4.2 is already in JDK 7 (via OpenJDK:
> https://jdk7.dev.java.net/). However, I have just opened an RFE to add
> support for the stronger SHA256-RSA and SHA512-RSA algorithms and
> targeted it to JDK 6u16. In the meantime the only workaround I know is
> to use the endorsed libraries mechanism.
> 
> --Sean
> 


Mime
View raw message