[jdk11u-dev] RFR: 8305972: Update XML Security for Java to 3.0.2

Goetz Lindenmaier goetz at openjdk.org
Fri Jan 12 07:36:00 UTC 2024 

This backport is based on https://github.com/openjdk/jdk17u-dev/pull/2116 , the minimal version.
It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.

I needed the following adaptions you find in seperate commits:

**Resolves**:

The implementation in the jdk patched clean. 
There were some conflicts in the tests:

test/jdk/TEST.groups
  trivial resolve due to context.

test/jdk/javax/xml/crypto/dsig/GenerationTests.java
  trivial resolve due to context.  8241306 is missing in the context.

test/jdk/javax/xml/crypto/dsig/SecureValidation.java
 This file is not in 11.
  It came with "8241306: Add SignatureMethodParameterSpec subclass
  for RSASSA-PSS params" which was not backported. Changes omitted.

test/lib/jdk/test/lib/security/XMLUtils.java
  One chunk does not apply because the removed code differs.
  In 17, a switch statement is used that was adapted to Java 11.
  Moved the comment and exception thrown in 11 to the new place.


**Make it compile and make the tests work**:

The changes to the libraries compile out of the box.

The tests needed several adaptions. I did not remove the
bad code yet, but just commented it out to highlight the 
differences better for now.

test/jdk/javax/xml/crypto/dsig/Basic.java
  I had to remove test cases because
    8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
    8166597: Crypto support for the EdDSA Signature Algorithm
  are not in 11.

test/jdk/javax/xml/crypto/dsig/GenerationTests.java
  To make it compile, I
  replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
  Further, I commented a row of test coding that does not compile.
  "8166597: Crypto support for the EdDSA Signature Algorithm" would
  be needed to get these test cases working.
  This effectively removes the test cases for the new functionality.

test/jdk/javax/xml/crypto/dsig/HereFunction.java
  A simple tweak to enable testing of sha1 is not needed in 11.
  In 11, sha1 is still available per default as
  "8259709: Disable SHA-1 XML Signatures" was not backported.

test/lib/jdk/test/lib/security/XMLUtils.java
  More complex resolve because a previous backport was already adapted to 11.
  The code in 17 uses incompatible switch and instanceof
  in several places.
  It also needed adaptions because it does not compile as
    8166597: Crypto support for the EdDSA Signature Algorithm
  is not in 11.

-------------

Commit messages:
 - Merge branch 'openjdk:master' into goetz_backport_8305972-minimal
 - Fix tests, they now all pass
 - Resolve chunks that did not apply.
 - Backport 8309572 17u minimal change -- clean parts

Changes: https://git.openjdk.org/jdk11u-dev/pull/2455/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=2455&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8305972
  Stats: 1175 lines in 37 files changed: 917 ins; 144 del; 114 mod
  Patch: https://git.openjdk.org/jdk11u-dev/pull/2455.diff
  Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/2455/head:pull/2455

PR: https://git.openjdk.org/jdk11u-dev/pull/2455

More information about the jdk-updates-dev mailing list