You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Stefan Pröls (JIRA)" <ji...@apache.org> on 2015/09/22 12:08:04 UTC

[jira] [Commented] (CXF-2914) Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security signature from client

    [ https://issues.apache.org/jira/browse/CXF-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14902327#comment-14902327 ] 

Stefan Pröls commented on CXF-2914:
-----------------------------------

Did Basic256Sha256 every work that way?

In 3.1.3 I can set ws-security.symmetric.signature.algorithm and ws-security.asymmetric.signature.algorithm, which sets the signature algorithm fine, but does not influence the DigestMethod used in references. And Basic256Sha256 alone has no effect at all.


> Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security signature from client
> -------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2914
>                 URL: https://issues.apache.org/jira/browse/CXF-2914
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.10, 2.3
>            Reporter: Rich Newcomb
>            Assignee: David Valeri
>             Fix For: 2.2.10, 2.3
>
>         Attachments: cxf-2914-trunk.patch
>
>
> The digest algorithm "http://www.w3.org/2000/09/xmldsig#sha1" is used in digital signatures from clients configured via WS-SecurityPolicy even when an AlgorithmSuite is defined within the policy that should resolve to a different digest algorithm.  For example, the following AlgorithmSuite policy should result in the digest algorithm of "http://www.w3.org/2001/04/xmlenc#sha256" (per the WS-SecurityPolicy specification):
> <sp:AlgorithmSuite>
>     <wsp:Policy>
>         <sp:Basic256Sha256 />
>     </wsp:Policy>
> </sp:AlgorithmSuite>
> The correct digest algorithm is determined by the AlgorithmSuite in the Binding; however, the algorithm information is not propagated to the WSSecSignature object that creates the signature.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)