You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/02/03 13:39:24 UTC

Re: ws policies AlgorithmSuite

What is the Camel error? I tried it in a CXF system test and it worked
correctly. The problem is that CXF does not accept multiple AlgorithmSuites
as being valid, so the ExactlyOne method must be used instead.

Colm.


On Fri, Jan 31, 2014 at 12:23 PM, Kai Rommel <kr...@googlemail.com>wrote:

> Hi Colm,
> I tried it with ExactlyOnce, but the the the CamelContext did not start
> due to parsing issues of the blueprint beans.xml.
>
> Looking at:
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html
> in section 7.1 its says:
>
> /sp:AlgorithmSuite/wsp:Policy
> This required element contains one or more policy assertions that indicate
> the specific algorithm suite to use.
>
> So should it be possible to define several policy assertions without the
> ExactlyOne element?
>
> Kai
>
>
>
> 2014-01-31 Colm O hEigeartaigh <co...@apache.org>:
>
>> Your policy formulation is invalid, as you are saying that you want both
>> AlgorithmSuites to be enforced. Instead you need a policy alternative,
>> something like:
>>
>> <sp:AlgorithmSuite>
>>      <wsp:Policy>
>>         <wsp:ExactlyOne>
>>                 <sp:Basic128Rsa15 />
>>                 <sp:TripleDes />
>>         </wsp:ExactlyOne>
>>      </wsp:Policy>
>> </sp:AlgorithmSuite>
>>
>> Colm.
>>
>>
>> On Thu, Jan 30, 2014 at 6:14 PM, Kai Rommel <krommel2010@googlemail.com
>> >wrote:
>>
>> > Hi,
>> >
>> > I have a WS Consumer sending a signed and encrypted message.
>> > In the SOAP Header following algorithm is used:
>> > -<xenc:EncryptedKey Id="EK45302750"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
>> > In the SOAP Body:
>> > -<xenc:EncryptedData Id="ED23590466"
>> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> > Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
>> > Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>> >
>> > I want to consume this message by a WS-Provider configured via policies:
>> > When I set the  AlgorithmSuite in this way:
>> >
>> >         <sp:AlgorithmSuite>
>> >                 <wsp:Policy>
>> >                         <sp:TripleDes />
>> >                         <sp:Basic128Rsa15 />
>> >                 </wsp:Policy>
>> >         </sp:AlgorithmSuite>
>> >
>> > I get the error:
>> > ...org.apache.ws.security.processor.X509Util...
>> > #Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-1_5|...
>> > org.apache.ws.security.components.crypto.AlgorithmSuiteValidator...
>> > The Key transport method does not match the requirement...
>> >
>> > When I set the  AlgorithmSuite in this way:
>> >
>> >         <sp:AlgorithmSuite>
>> >                 <wsp:Policy>
>> >                         <sp:Basic128Rsa15 />
>> >                         <sp:TripleDes />
>> >                 </wsp:Policy>
>> >         </sp:AlgorithmSuite>
>> >
>> > I get the error:
>> > ...org.apache.ws.security.processor.EncryptedKeyProcessor..
>> >
>> > org.apache.ws.security.processor.X509Util...
>> > Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#tripledes-cbc|...
>> >
>> > #org.apache.ws.security.components.crypto.AlgorithmSuiteValidator#...
>> > The encryption algorithm does not match the requirement|.....
>> >
>> > Isn't it allowed to set several algorithms in the AlgorithmSuite?
>> > Or do I misinterpret something?
>> > Thanks.
>> > Best regards
>> > Kai
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com