All,
looking ate the latest activities in W3C XML security and other
specifications it is obvious that SHA-1 is being phased out step by
step. The replacement are SHA256 or other digest algos. Up to
now WSSecSignature was fixed to use SHA-1 as digest algorithm. To
accommodate the growing use of other algos I extended WSSecSignature
with some small functions to set and use other Digest algos.
To do so some shall use the standard URI of the digest algo, for
example:
wsSig.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256";);
(see TestWSSecurityNew18 how it works)
Default is to use SHA-1 not to break any application. Also the Axis
handler are not updated to support this extension. Is it required
to enhance to Axis handlers? The WSS standard are not yet updated
to accept/define other digest algos.
CAVEAT:
If you use this extension and you uses different digest algos in
one application to computer the signature digests the you cannot
use xmlsec-1.4.0 jar - this version has a problem in that case.
I've tested with xmlsec-1.4.1 jar. This is the reason why I not
yet enabled the new test case in the PackageTests.java until
we updated WSS4J to xmlsec-1.4.1.
In my environment xmlsec-1.4.1 runs without problems. xmlsec-1.4.2
gives problems when running some test cases, for example the
TestWSSecurityNew2.java - it report a missing binding of the
"ds:" prefix to a namespace.
Regards,
Werner
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
