Announcement Announcement Module
Collapse
No announcement yet.
Does Wss4jSecurityInterceptor support the use of SHA-2 algorithms? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Does Wss4jSecurityInterceptor support the use of SHA-2 algorithms?

    I am using spring-ws 2.0.1 and wss4j 1.5.8. Our current configuration is working using sha1, but we have been asked to support the sha-2 family of algorithms. I changed the securementSignatureAlgorithm property to use sha256 as follows:

    Code:
    <bean id="wss4jSecurityInterceptor"
    		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    		<property name="enableSignatureConfirmation" value="false" />
    		<property name="validationSignatureCrypto" ref="pubCertCrypto" />
    		<property name="validationDecryptionCrypto" ref="privKeyCrypto" />
    		<property name="validationActions" value="Timestamp Signature Encrypt" />
    		<property name="timestampPrecisionInMilliseconds" value="true" />
    		<property name="validationTimeToLive" value="10" />
    		<property name="timestampStrict" value="true" />
    		<property name="validationCallbackHandlers">
    			<array>
    				<ref bean="keystoreCallbackHandler" />
    			</array>
    		</property>
    		<property name="securementActions" value="Timestamp Signature Encrypt" />
    		<property name="securementUsername" value="wsserver" />
    		<property name="securementPassword" value="password" />
    		<property name="securementPasswordType" value="PasswordText" />
    		<property name="securementSignatureKeyIdentifier" value="DirectReference" />
    		<property name="securementSignatureAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
    		<property name="securementSignatureCrypto" ref="privKeyCrypto" />
    		<property name="securementEncryptionCrypto" ref="pubCertCrypto" />
    		<property name="securementEncryptionUser" value="useReqSigCert" />
    		<property name="securementEncryptionKeyTransportAlgorithm"
    			value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    		<property name="securementEncryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
    		<property name="securementSignatureParts"
    			value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />
    		<property name="securementEncryptionParts"
    			value="{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken;{Content}{http://www.w3.org/2000/09/xmldsig#}Signature;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />
    		<property name="securementTimeToLive" value="10" />
    
    	</bean>
    With this change, I am now getting the following exception:

    Code:
    org.apache.xml.security.signature.XMLSignatureException: Sorry, you supplied the wrong key type for this operation! You supplied a sun.security.rsa.RSAPublicKeyImpl but a javax.crypto.SecretKey is needed.
    Has anyone configured SHA-2 algorithms using Wss4jSecurityInterceptor, and if so, how did you configure it?

    Thanks!
Working...
X