[jdk11u-dev] RFR: 8305972: Update XML Security for Java to 3.0.2 [v3]

Goetz Lindenmaier goetz at openjdk.org
Thu Jan 18 14:28:23 UTC 2024 

On Thu, 18 Jan 2024 09:44:29 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

>> This backport is based on https://github.com/openjdk/jdk17u-dev/pull/2116 , the minimal version.
>> It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.
>> 
>> I needed the following adaptions you find in seperate commits:
>> 
>> **Resolves**:
>> 
>> The implementation in the jdk patched clean. 
>> There were some conflicts in the tests:
>> 
>> test/jdk/TEST.groups
>>   trivial resolve due to context.
>> 
>> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>>   trivial resolve due to context.  8241306 is missing in the context.
>> 
>> test/jdk/javax/xml/crypto/dsig/SecureValidation.java
>>  This file is not in 11.
>>   It came with "8241306: Add SignatureMethodParameterSpec subclass
>>   for RSASSA-PSS params" which was not backported. Changes omitted.
>> 
>> test/lib/jdk/test/lib/security/XMLUtils.java
>>   One chunk does not apply because the removed code differs.
>>   In 17, a switch statement is used that was adapted to Java 11.
>>   Moved the comment and exception thrown in 11 to the new place.
>> 
>> 
>> **Make it compile and make the tests work**:
>> 
>> The changes to the libraries compile out of the box.
>> 
>> The tests needed several adaptions. I did not remove the
>> bad code yet, but just commented it out to highlight the 
>> differences better for now.
>> 
>> test/jdk/javax/xml/crypto/dsig/Basic.java
>>   I had to remove test cases because
>>     8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
>>     8166597: Crypto support for the EdDSA Signature Algorithm
>>   are not in 11.
>> 
>> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>>   To make it compile, I
>>   replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
>>   Further, I commented a row of test coding that does not compile.
>>   "8166597: Crypto support for the EdDSA Signature Algorithm" would
>>   be needed to get these test cases working.
>>   This effectively removes the test cases for the new functionality.
>> 
>> test/jdk/javax/xml/crypto/dsig/HereFunction.java
>>   A simple tweak to enable testing of sha1 is not needed in 11.
>>   In 11, sha1 is still available per default as
>>   "8259709: Disable SHA-1 XML Signatures" was not backported.
>> 
>> test/lib/jdk/test/lib/security/XMLUtils.java
>>   More complex resolve because a previous backport was already adapted to 11.
>>   The code in 17 uses incompatible switch and instanceof
>>   in several places.
>>   It also needed adaptions because it does not comp...
>
> Goetz Lindenmaier has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix whitespace issue

GHA failure: infra issue: rror: C++11 was disabled in PCH file but is currently enabled
Adressed by backport JDK-8323008.
Passed before pushing change adding empty line

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2455#issuecomment-1898579406

More information about the jdk-updates-dev mailing list