You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by ychawla <pr...@yahoo.com> on 2012/08/29 19:46:40 UTC

Signature Verification Algorithm

Hello All,
I am doing Signature / Verification in my web services and I would like the
server to be able to specify the signature algorithm.

In my policy WSDL, the algorithm is specified:
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic256Sha256 />
							</wsp:Policy>
						</sp:AlgorithmSuite>

On the client side, I can easily set the algorithm:


<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256"/>

However, on the server side I tried a similar configuration:

	<bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
		<constructor-arg>
			<map>
				<entry key="action" value="Signature Timestamp" />
				<entry key="signaturePropRefId"
value="wsCryptoPropertiesSignatureVerificationIn" />
				<entry key="wsCryptoPropertiesSignatureVerificationIn"
					value-ref="wsCryptoPropertiesSignatureVerificationIn" />

				
				<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
				<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256"/>
					
			</map>
		</constructor-arg>
	</bean>

But the server does not force the client to use the sha256 algorithm.  Is
there any way to tell the server to make the client use a specific
algorithm?  

Thanks,
Yogesh




--
View this message in context: http://cxf.547215.n5.nabble.com/Signature-Verification-Algorithm-tp5713333.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Signature Verification Algorithm

Posted by ychawla <pr...@yahoo.com>.

Hi Colm,
Thanks for the reply.  I am using CXF in conjunction with Apache Camel so I
believe I need to add the interceptors manually as I have done.

It looks like if you use CXF stand alone, you can use the configuration
outlined here:
http://cxf.apache.org/docs/ws-securitypolicy.html

I am configuring the WSS4J interceptors manually as show here:
http://cxf.apache.org/docs/ws-security.html

Is there any way to have Apache Camel use the policy implementation
specified here:
http://cxf.apache.org/docs/ws-securitypolicy.html

Thanks,
Yogesh



--
View this message in context: http://cxf.547215.n5.nabble.com/Signature-Verification-Algorithm-tp5713333p5713573.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Signature Verification Algorithm

Posted by Colm O hEigeartaigh <co...@apache.org>.

> But the server does not force the client to use the sha256 algorithm.  Is
> there any way to tell the server to make the client use a specific
> algorithm?

It seems like you are mixing a WS-SecurityPolicy configuration (the
"AlgorithmSuite" policy) with the WSS4JInInterceptor, which is the old
style non-policy interceptor.

For the WS-SecurityPolicy case you don't have to add any interceptor in
configuration, it is done for you. The server will check the algorithms the
client is using according to the AlgorithmSuite policy automatically.

Colm.

On Wed, Aug 29, 2012 at 6:46 PM, ychawla <pr...@yahoo.com>wrote:

> Hello All,
> I am doing Signature / Verification in my web services and I would like the
> server to be able to specify the signature algorithm.
>
> In my policy WSDL, the algorithm is specified:
>                                                 <sp:AlgorithmSuite>
>                                                         <wsp:Policy>
>
> <sp:Basic256Sha256 />
>                                                         </wsp:Policy>
>                                                 </sp:AlgorithmSuite>
>
> On the client side, I can easily set the algorithm:
>
>
> <entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> However, on the server side I tried a similar configuration:
>
>         <bean id="wss4jInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>                 <constructor-arg>
>                         <map>
>                                 <entry key="action" value="Signature
> Timestamp" />
>                                 <entry key="signaturePropRefId"
> value="wsCryptoPropertiesSignatureVerificationIn" />
>                                 <entry
> key="wsCryptoPropertiesSignatureVerificationIn"
>
> value-ref="wsCryptoPropertiesSignatureVerificationIn" />
>
>
>                                 <entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>                                 <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
>                         </map>
>                 </constructor-arg>
>         </bean>
>
> But the server does not force the client to use the sha256 algorithm.  Is
> there any way to tell the server to make the client use a specific
> algorithm?
>
> Thanks,
> Yogesh
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Signature-Verification-Algorithm-tp5713333.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com