Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-2914

Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security signature from client

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.2.10, 2.3
    • 2.2.10, 2.3
    • WS-* Components
    • None

    Description

      The digest algorithm "http://www.w3.org/2000/09/xmldsig#sha1" is used in digital signatures from clients configured via WS-SecurityPolicy even when an AlgorithmSuite is defined within the policy that should resolve to a different digest algorithm. For example, the following AlgorithmSuite policy should result in the digest algorithm of "http://www.w3.org/2001/04/xmlenc#sha256" (per the WS-SecurityPolicy specification):

      <sp:AlgorithmSuite>
      <wsp:Policy>
      <sp:Basic256Sha256 />
      </wsp:Policy>
      </sp:AlgorithmSuite>

      The correct digest algorithm is determined by the AlgorithmSuite in the Binding; however, the algorithm information is not propagated to the WSSecSignature object that creates the signature.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            davaleri David Valeri
            rnewcomb Rich Newcomb
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment