[jdk11u-dev] Integrated: 8305972: Update XML Security for Java to 3.0.2

Goetz Lindenmaier goetz at openjdk.org
Fri Jan 19 15:50:44 UTC 2024 

On Thu, 11 Jan 2024 19:19:19 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

> This backport is based on https://github.com/openjdk/jdk17u-dev/pull/2116 , the minimal version.
> It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.
> 
> I needed the following adaptions you find in seperate commits:
> 
> **Resolves**:
> 
> The implementation in the jdk patched clean. 
> There were some conflicts in the tests:
> 
> test/jdk/TEST.groups
>   trivial resolve due to context.
> 
> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>   trivial resolve due to context.  8241306 is missing in the context.
> 
> test/jdk/javax/xml/crypto/dsig/SecureValidation.java
>  This file is not in 11.
>   It came with "8241306: Add SignatureMethodParameterSpec subclass
>   for RSASSA-PSS params" which was not backported. Changes omitted.
> 
> test/lib/jdk/test/lib/security/XMLUtils.java
>   One chunk does not apply because the removed code differs.
>   In 17, a switch statement is used that was adapted to Java 11.
>   Moved the comment and exception thrown in 11 to the new place.
> 
> 
> **Make it compile and make the tests work**:
> 
> The changes to the libraries compile out of the box.
> 
> The tests needed several adaptions. I did not remove the
> bad code yet, but just commented it out to highlight the 
> differences better for now.
> 
> test/jdk/javax/xml/crypto/dsig/Basic.java
>   I had to remove test cases because
>     8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
>     8166597: Crypto support for the EdDSA Signature Algorithm
>   are not in 11.
> 
> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>   To make it compile, I
>   replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
>   Further, I commented a row of test coding that does not compile.
>   "8166597: Crypto support for the EdDSA Signature Algorithm" would
>   be needed to get these test cases working.
>   This effectively removes the test cases for the new functionality.
> 
> test/jdk/javax/xml/crypto/dsig/HereFunction.java
>   A simple tweak to enable testing of sha1 is not needed in 11.
>   In 11, sha1 is still available per default as
>   "8259709: Disable SHA-1 XML Signatures" was not backported.
> 
> test/lib/jdk/test/lib/security/XMLUtils.java
>   More complex resolve because a previous backport was already adapted to 11.
>   The code in 17 uses incompatible switch and instanceof
>   in several places.
>   It also needed adaptions because it does not compile as
>     8166597: Crypto support for the EdDSA Signature Algorithm
>   is not in 11.

This pull request has now been integrated.

Changeset: ef246341
Author:    Goetz Lindenmaier <goetz at openjdk.org>
URL:       https://git.openjdk.org/jdk11u-dev/commit/ef2463415113e0025357824b75e68583e1e90a18
Stats:     1176 lines in 37 files changed: 918 ins; 144 del; 114 mod

8305972: Update XML Security for Java to 3.0.2

Reviewed-by: mbaesken
Backport-of: f0aebc8141de5a50c88658a40caa01967a9afc53

-------------

PR: https://git.openjdk.org/jdk11u-dev/pull/2455

More information about the jdk-updates-dev mailing list