SANTUARIO-512 - security-config.xml is out of date
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk@1869257 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/xml/security/resource/config.xml b/src/main/java/org/apache/xml/security/resource/config.xml
index 71f5db7..4444697 100644
--- a/src/main/java/org/apache/xml/security/resource/config.xml
+++ b/src/main/java/org/apache/xml/security/resource/config.xml
@@ -250,8 +250,8 @@
RequiredKey="RSA"
JCEName="SHA1withRSA"/>
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha2224"
- Description="RSA Signature with SHA-2224 message digest"
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ Description="RSA Signature with SHA-224 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
@@ -326,6 +326,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
JCEName="SHA1withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
@@ -357,6 +358,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="EC"
JCEName="SHA512withECDSA"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
@@ -374,6 +376,7 @@
RequirementLevel="NOT RECOMMENDED"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacMD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
@@ -382,6 +385,7 @@
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HMACRIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
@@ -389,6 +393,7 @@
AlgorithmClass="Mac"
RequirementLevel="REQUIRED"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacSHA1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
@@ -397,6 +402,7 @@
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacSHA224"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
@@ -405,6 +411,7 @@
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacSHA256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
@@ -413,6 +420,7 @@
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacSHA384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
@@ -421,6 +429,7 @@
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
+ RequiredKey=""
JCEName="HmacSHA512"/>
<!-- Block encryption Algorithms -->
@@ -547,7 +556,9 @@
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"
Description="Key Agreement Diffie-Hellman"
AlgorithmClass="KeyAgreement"
- RequirementLevel="OPTIONAL"/>
+ RequirementLevel="OPTIONAL"
+ RequiredKey="DH"
+ JCEName="DH"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"
Description="Symmetric Key Wrap using Triple DES"
diff --git a/src/main/resources/security-config.xml b/src/main/resources/security-config.xml
index e20b365..d52aaae 100644
--- a/src/main/resources/security-config.xml
+++ b/src/main/resources/security-config.xml
@@ -17,7 +17,7 @@
specific language governing permissions and limitations
under the License.
-->
-<!-- This configuration file is used for configuration of the org.apache.xml.security -->
+<!-- This configuration file is used for configuration of the org.apache.xml.security.stax -->
<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration">
<Properties>
<Property NAME="securityTokenFactory" VAL="org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
@@ -72,121 +72,104 @@
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="128"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="MD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
Description="RIPEMD-160 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="160"
JCEName="RIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED"
- KeyLength="160"
JCEName="SHA-1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha224"
Description="SHA-224 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="224"
JCEName="SHA-224"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"
Description="SHA-1 message digest with 256 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="RECOMMENDED"
- KeyLength="256"
JCEName="SHA-256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"
Description="SHA message digest with 384 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="384"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA-384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
Description="SHA-1 message digest with 512 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="512"
JCEName="SHA-512"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#whirlpool"
- Description="WHIRLPOOL Message Digest with 512 bit"
+ Description="WHIRLPOOL message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="512"
JCEName="WHIRLPOOL"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-224"
Description="SHA-3 message digest with 224 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="224"
JCEName="SHA3-224"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-256"
Description="SHA-3 message digest with 256 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="256"
JCEName="SHA3-256"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-384"
Description="SHA-3 message digest with 384 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="384"
JCEName="SHA3-384"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha3-512"
Description="SHA-3 message digest with 512 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="512"
JCEName="SHA3-512"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha1"
Description="Mask Generation Function with SHA-1 used with the RSA-OAEP key transport algorithm"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="160"
JCEName="SHA-1"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha224"
Description="Mask Generation Function with SHA-224 used with the RSA-OAEP key transport algorithm"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="224"
JCEName="SHA-224"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha256"
Description="Mask Generation Function with SHA-256 used with the RSA-OAEP key transport algorithm"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="256"
JCEName="SHA-256"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha384"
Description="Mask Generation Function with SHA-384 used with the RSA-OAEP key transport algorithm"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="384"
JCEName="SHA-384"/>
<Algorithm URI="http://www.w3.org/2009/xmlenc11#mgf1sha512"
Description="Mask Generation Function with SHA-512 used with the RSA-OAEP key transport algorithm"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- KeyLength="512"
JCEName="SHA-512"/>
<!-- Signature Algorithms -->
@@ -194,69 +177,69 @@
Description="Digital Signature Algorithm with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED"
- KeyLength="160"
- RequiredKey="SHA1withDSA"
+ RequiredKey="DSA"
JCEName="SHA1withDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
Description="RSA Signature with MD5 message digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="128"
- RequiredKey="MD5withRSA"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
JCEName="MD5withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
Description="RSA Signature with RIPEMD-160 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="160"
- RequiredKey="RIPEMD160withRSA"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
JCEName="RIPEMD160withRSA"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
Description="RSA Signature with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED"
- KeyLength="160"
- RequiredKey="SHA1withRSA"
+ RequiredKey="RSA"
JCEName="SHA1withRSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+ Description="RSA Signature with SHA-224 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
+ JCEName="SHA224withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
Description="RSA Signature with SHA-256 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="256"
- RequiredKey="SHA256withRSA"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
JCEName="SHA256withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
Description="RSA Signature with SHA-384 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="384"
- RequiredKey="SHA384withRSA"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
JCEName="SHA384withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
Description="RSA Signature with SHA-512 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- KeyLength="512"
- RequiredKey="SHA512withRSA"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ RequiredKey="RSA"
JCEName="SHA512withRSA"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
Description="RSASSA-PSS Signature with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED"
- KeyLength="160"
- RequiredKey="SHA1withRSAandMGF1"
+ RequiredKey="RSA"
JCEName="SHA1withRSAandMGF1"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
@@ -264,8 +247,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
- KeyLength="224"
- RequiredKey="SHA224withRSAandMGF1"
+ RequiredKey="RSA"
JCEName="SHA224withRSAandMGF1"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"
@@ -273,8 +255,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
- KeyLength="256"
- RequiredKey="SHA256withRSAandMGF1"
+ RequiredKey="RSA"
JCEName="SHA256withRSAandMGF1"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"
@@ -282,8 +263,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
- KeyLength="384"
- RequiredKey="SHA384withRSAandMGF1"
+ RequiredKey="RSA"
JCEName="SHA384withRSAandMGF1"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"
@@ -291,8 +271,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc6931.txt"
- KeyLength="512"
- RequiredKey="SHA512withRSAandMGF1"
+ RequiredKey="RSA"
JCEName="SHA512withRSAandMGF1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
@@ -300,7 +279,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
- RequiredKey="SHA1withECDSA"
+ RequiredKey="EC"
JCEName="SHA1withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"
@@ -308,7 +287,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
- RequiredKey="SHA224withECDSA"
+ RequiredKey="EC"
JCEName="SHA224withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
@@ -316,7 +295,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
- RequiredKey="SHA256withECDSA"
+ RequiredKey="EC"
JCEName="SHA256withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
@@ -324,7 +303,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
- RequiredKey="SHA384withECDSA"
+ RequiredKey="EC"
JCEName="SHA384withECDSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
@@ -332,7 +311,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
- RequiredKey="SHA512withECDSA"
+ RequiredKey="EC"
JCEName="SHA512withECDSA"/>
<Algorithm URI="http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160"
@@ -340,7 +319,7 @@
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
SpecificationURL="https://tools.ietf.org/html/rfc6931"
- RequiredKey="RIPEMD160withECDSA"
+ RequiredKey="EC"
JCEName="RIPEMD160withECDSA"/>
<!-- MAC Algorithms -->
@@ -348,18 +327,18 @@
Description="Message Authentication code using MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HmacMD5"
+ RequiredKey=""
JCEName="HmacMD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
Description="Message Authentication code using RIPEMD-160"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HMACRIPEMD160"
+ RequiredKey=""
JCEName="HMACRIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
@@ -367,42 +346,43 @@
AlgorithmClass="Mac"
RequirementLevel="REQUIRED"
KeyLength="0"
- RequiredKey="HmacSHA1"
+ RequiredKey=""
JCEName="HmacSHA1"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
Description="Message Authentication code using SHA-224"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HmacSHA224"
+ RequiredKey=""
JCEName="HmacSHA224"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
Description="Message Authentication code using SHA-256"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HmacSHA256"
+ RequiredKey=""
JCEName="HmacSHA256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
Description="Message Authentication code using SHA-384"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HmacSHA384"
+ RequiredKey=""
JCEName="HmacSHA384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
Description="Message Authentication code using SHA-512"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
KeyLength="0"
- RequiredKey="HmacSHA512"
+ RequiredKey=""
JCEName="HmacSHA512"/>
<!-- Block encryption Algorithms -->
@@ -597,7 +577,7 @@
RequiredKey="SEED"
JCEName="SEEDWrap"/>
</JCEAlgorithmMappings>
- <ResourceResolvers>
+ <ResourceResolvers>
<Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument"
DESCRIPTION="A simple resolver for requests of same-document URIs"/>
<Resolver JAVACLASS="org.apache.xml.security.stax.impl.resourceResolvers.ResolverFilesystem"