You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by James01 <sm...@yahoo.com> on 2009/01/21 22:16:22 UTC
Configuring UsernameToken for algorithms
Hi,
I am using WSS4J 1.5.2 version. As per spec UsernameToken is using SHA1
for password digest. I need to use SHA2 to meet the requirements.
What is the best approach to specify UsernameToken to use SHA2 instead of
SHA1?
I appreciate your help.
Thanks
James
--
View this message in context: http://www.nabble.com/Configuring-UsernameToken-for-algorithms-tp21592332p21592332.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Fwd: Configuring UsernameToken for algorithms
Posted by José Ferreiro <jo...@gmail.com>.
Hello James,
Well, I took a look at this link(1), which explains the wss4j parameters for
the <requestFlow> and <responseFlow>.
>From there I landed on this link(2) which says:
public static final java.lang.String *SIG_ALGO*
Defines which signature algorithm to use. Currently this parameter is
ignored - SHA1RSA is the only supported algorithm, will be enhanced soon.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.SIG_ALGO, "SHA1RSA");
At first sight looks like SHA2 is not supported... But it should be noted
that this doc was done some time ago by the great work and dedication of
Davanum Srinivas!
To be 100% sure you may download the WSS4J 1.5.2 source code version and
take a look inside.
Hope this helps.
Warmest regards,
jose ferreiro
(1) - http://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters
(2) -
http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#SIG_ALGO
On Wed, Jan 21, 2009 at 10:16 PM, James01 <sm...@yahoo.com> wrote:
>
> Hi,
> I am using WSS4J 1.5.2 version. As per spec UsernameToken is using SHA1
> for password digest. I need to use SHA2 to meet the requirements.
>
> What is the best approach to specify UsernameToken to use SHA2 instead of
> SHA1?
>
> I appreciate your help.
>
> Thanks
> James
> --
> View this message in context:
> http://www.nabble.com/Configuring-UsernameToken-for-algorithms-tp21592332p21592332.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Jose Ferreiro
Systems Analysis and Design Specialist
MSc in Communication Systems, EPFL.
RE: Configuring UsernameToken for algorithms
Posted by Colm O hEigeartaigh <co...@progress.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi James,
You should be able to do it programatically, at least you can with the
code that's on the trunk. You must use a password type of #PasswordText
when digesting with anything other than SHA1-1 as per the 1.1 spec.
Something like this, assuming you have a provider installed that
supports SHA-2:
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
byte[] password = "verySecret".getBytes();
MessageDigest sha = MessageDigest.getInstance("SHA-2");
sha.reset();
sha.update(password);
String passwdDigest = Base64.encode(sha.digest());
builder.setUserInfo("wernerd", passwdDigest);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
Colm.
- -----Original Message-----
From: James01 [mailto:smbabu2008@yahoo.com]
Sent: 21 January 2009 21:16
To: wss4j-dev@ws.apache.org
Subject: Configuring UsernameToken for algorithms
Hi,
I am using WSS4J 1.5.2 version. As per spec UsernameToken is using
SHA1
for password digest. I need to use SHA2 to meet the requirements.
What is the best approach to specify UsernameToken to use SHA2
instead of
SHA1?
I appreciate your help.
Thanks
James
- --
View this message in context:
http://www.nabble.com/Configuring-UsernameToken-for-algorithms-tp2159233
2p21592332.html
Sent from the WSS4J mailing list archive at Nabble.com.
- ---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iQEVAwUBSXhQcQFWGKwtkNFcAQK/NQf/dDvHnksDONlN/B7mG2z9o7l7OmBGmro9
kLr2QItoW5yi1wnMGu8Rmb3Vsnby93ksEvH4Yd2N+aBAIQiuWTEXCR5NjLyW9zMB
rE2dxreEAQiH9uR4rttjcX3VthFO+SlBVLSq3HtT6M7aCv3O84+FPt1/D67jNsW9
ghkhuZfnd4v+ioKuV+0Ovyv3jVfQgeAE7FvVUSAhwgUw7J7z71sQfj61996Z3ItU
PUi2z1ogXPlPC2869VU7+kk0tDSYzmF/hTMiS0Ve6MLXC7SaaS3kNHo/Zwi4fIxb
4B/VLnsWLwpnmdsn6o04ldAMwWctlnW1YSisNPYlfdxtbDpltlMT/w==
=Fka5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org