Does Wss4jSecurityInterceptor support the use of SHA-2 algorithms?
I am using spring-ws 2.0.1 and wss4j 1.5.8. Our current configuration is working using sha1, but we have been asked to support the sha-2 family of algorithms. I changed the securementSignatureAlgorithm property to use sha256 as follows:
With this change, I am now getting the following exception:Code:<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"> <property name="enableSignatureConfirmation" value="false" /> <property name="validationSignatureCrypto" ref="pubCertCrypto" /> <property name="validationDecryptionCrypto" ref="privKeyCrypto" /> <property name="validationActions" value="Timestamp Signature Encrypt" /> <property name="timestampPrecisionInMilliseconds" value="true" /> <property name="validationTimeToLive" value="10" /> <property name="timestampStrict" value="true" /> <property name="validationCallbackHandlers"> <array> <ref bean="keystoreCallbackHandler" /> </array> </property> <property name="securementActions" value="Timestamp Signature Encrypt" /> <property name="securementUsername" value="wsserver" /> <property name="securementPassword" value="password" /> <property name="securementPasswordType" value="PasswordText" /> <property name="securementSignatureKeyIdentifier" value="DirectReference" /> <property name="securementSignatureAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" /> <property name="securementSignatureCrypto" ref="privKeyCrypto" /> <property name="securementEncryptionCrypto" ref="pubCertCrypto" /> <property name="securementEncryptionUser" value="useReqSigCert" /> <property name="securementEncryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <property name="securementEncryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <property name="securementSignatureParts" value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" /> <property name="securementEncryptionParts" value="{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken;{Content}{http://www.w3.org/2000/09/xmldsig#}Signature;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;" /> <property name="securementTimeToLive" value="10" /> </bean>
Has anyone configured SHA-2 algorithms using Wss4jSecurityInterceptor, and if so, how did you configure it?Code:org.apache.xml.security.signature.XMLSignatureException: Sorry, you supplied the wrong key type for this operation! You supplied a sun.security.rsa.RSAPublicKeyImpl but a javax.crypto.SecretKey is needed.
Thanks!
Reply With Quote
