Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-558

org.apache.ws.security.message.WSSecSignature can't support custom provider

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.18
    • Fix Version/s: 2.2.0, 2.1.9
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      WSSecSignature().init not flexible to use custom java.security.Provider
      Which leads to the exceptions to use non-standard implementations of encryption algorithms

      Current code:

      WSSecSignature.java
          public WSSecSignature() {
              super();
              init();
          }
          
          public WSSecSignature(WSSConfig config) {
              super(config);
              init();
          }
          
          private void init() {
              // Try to install the Santuario Provider - fall back to the JDK provider if this does
              // not work
              try {
                  signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
              } catch (NoSuchProviderException ex) {
                  signatureFactory = XMLSignatureFactory.getInstance("DOM");
              }
              try {
                  keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
              } catch (NoSuchProviderException ex) {
                  keyInfoFactory = KeyInfoFactory.getInstance("DOM");
              }
          }
      

      My example of solution:

      WSSecSignature.java
          public CustomWSSecSignature() {
              super();
              init(null);
          }
          
          public CustomWSSecSignature(Provider povider) {
              super();
              init(povider);
          }
          
          private void init(Provider povider) {
          	if (povider == null)
          		try {
          			// Try to install the Santuario Provider - fall back to the JDK provider if this does
          			// not work
          			signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
          		} catch (NoSuchProviderException ex) {
          			signatureFactory = XMLSignatureFactory.getInstance("DOM");
          		}
          	else
          		signatureFactory = XMLSignatureFactory.getInstance("DOM", povider);
          	KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
          }
      

      It will be very useful to use in vss4j

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              smithsv Sergey Smith
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: