I cannot set the signatureKeyAlgorithm to "SHA256withRSA"

[bartland]

On a WSDL containing

<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
  :
            <sp:AlgorithmSuite signatureAlgorithm="SHA256withRSA">
              <wsp:Policy>
                <sp:Basic256Sha256Rsa15/>
              </wsp:Policy>
            </sp:AlgorithmSuite>
  :
          </wsp:Policy>
        </sp:TransportBinding>

In SecurityUtil.getKeyAlgo(String algo) algo is always null so returns the default SHA1 algorithm.

In the equivalent dotNet code I have to explicitly set binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256. In CXF there is the property override "ws-security.asymmetric.signature.algorithm"

How can I override this in metro?

[DamienJDev]

Looking into the code it seems to me that the class:
com.sun.xml.wss.jaxws.impl.SecurityTubeBase - in the method - initializeOutgoingProcessingContext(Packet packet, boolean isSCMessage)

has a call that sets the algorthims to be used:
ctx.setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));

and this seems to set the signing algorithm etc

While the class:
com.sun.xml.wss.jaxws.impl.SecurityClientTube - in the method - processClientRequestPacket(Packet packet)

appears to be missing an equivalent call (Should have):
((ProcessingContextImpl) ctx).setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));

which means when the message is then processed the algorthim suite is then set to the defaults, rather than to the user set/wsdl values.

I haven't managed to get the metro suite to build to test if this fixes the issue as yet, but it looks likely to be a bug caused by the missing line of code.

[DamienJDev]

Ok. it is set by the super class, but appears to be a default set of algorithms via the XWSSPolicyGenerator, still digging for a root cause.

[DamienJDev]

I've created a patch to allow the API override to work, please refer to #58