[jdk17u-dev] RFR: 8305972: Update XML Security for Java to 3.0.2 [v3]

Matthias Baesken mbaesken at openjdk.org
Mon Dec 4 13:33:52 UTC 2023 

On Mon, 4 Dec 2023 12:55:10 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

>> I backport this for parity with 17.0.11-oracle.
>> 
>> The backport was almost clean, except for two trivial resolves due to differences in whitespace in the context.
>> 
>> The change comes with a CSR, which is already approved for 17.
>> But the CSR requires changes wrt. to the original change. 
>> In 17, no EDDSA support is added.
>> 
>> The PR comes with two commits:
>> 1. the almost clean backport. I already skipped two comments added in head but not needed in 17 (SignatureMethod, DigestMethod).
>> 2. removing the eddsa support.
>> 
>> Tests pass, SAP nightly testing passed.
>
> Goetz Lindenmaier has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
> 
>   More EDDSA cleanups

The deleted line in [src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java](https://github.com/openjdk/jdk17u-dev/pull/2006/files#diff-cdae7f9a1a033faaeeb5482bcbe882149c3881acf409558f5c7297a5ef3f205b)
might be restored but otherwise looks okay to me.

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml line 30:

> 28:                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureEDDSA$SignatureEd2559" />
> 29:       <SignatureAlgorithm URI="http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"
> 30:                           JAVACLASS="com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureEDDSA$SignatureEd448" />

Is the eddsa changed really wanted here ?

src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java line 1:

> 1: /*

is EDDSA really wanted in the older release / backport ?

src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java line 1023:

> 1021:         }
> 1022:     }
> 1023: 

Don#t think we need to delete this line, maybe it is a leftover from the removed EDDSA ?

test/jdk/javax/xml/crypto/dsig/GenerationTests.java line 1:

> 1: /*

There are a few eddsa related changes in the file, is that intentional ?

-------------

Marked as reviewed by mbaesken (Reviewer).

PR Review: https://git.openjdk.org/jdk17u-dev/pull/2006#pullrequestreview-1761886982
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2006#discussion_r1413563570
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2006#discussion_r1413556592
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2006#discussion_r1413870216
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2006#discussion_r1413562413

More information about the jdk-updates-dev mailing list