RE: Configuring UsernameToken for algorithms

Colm O hEigeartaigh Thu, 22 Jan 2009 02:55:19 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi James,


You should be able to do it programatically, at least you can with the
code that's on the trunk. You must use a password type of #PasswordText
when digesting with anything other than SHA1-1 as per the 1.1 spec.
Something like this, assuming you have a provider installed that
supports SHA-2:

WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
byte[] password = "verySecret".getBytes();
MessageDigest sha = MessageDigest.getInstance("SHA-2");
sha.reset();
sha.update(password);
String passwdDigest = Base64.encode(sha.digest());
        
builder.setUserInfo("wernerd", passwdDigest);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);

Colm.

- -----Original Message-----
From: James01 [mailto:[email protected]] 
Sent: 21 January 2009 21:16
To: [email protected]
Subject: Configuring UsernameToken for algorithms


Hi,
  I am using WSS4J 1.5.2 version.  As per spec UsernameToken is using
SHA1
for password digest. I need to use SHA2 to meet the requirements.

   What is the best approach to specify UsernameToken to use SHA2
instead of
SHA1?

   I appreciate your help. 

Thanks
James
- -- 
View this message in context:
http://www.nabble.com/Configuring-UsernameToken-for-algorithms-tp2159233
2p21592332.html
Sent from the WSS4J mailing list archive at Nabble.com.


- ---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQEVAwUBSXhQcQFWGKwtkNFcAQK/NQf/dDvHnksDONlN/B7mG2z9o7l7OmBGmro9
kLr2QItoW5yi1wnMGu8Rmb3Vsnby93ksEvH4Yd2N+aBAIQiuWTEXCR5NjLyW9zMB
rE2dxreEAQiH9uR4rttjcX3VthFO+SlBVLSq3HtT6M7aCv3O84+FPt1/D67jNsW9
ghkhuZfnd4v+ioKuV+0Ovyv3jVfQgeAE7FvVUSAhwgUw7J7z71sQfj61996Z3ItU
PUi2z1ogXPlPC2869VU7+kk0tDSYzmF/hTMiS0Ve6MLXC7SaaS3kNHo/Zwi4fIxb
4B/VLnsWLwpnmdsn6o04ldAMwWctlnW1YSisNPYlfdxtbDpltlMT/w==
=Fka5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

RE: Configuring UsernameToken for algorithms

Reply via email to