[8u-dev] Request for approval for CR 8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
Bhanu Gopularam
bhanu.prakash.gopularam at oracle.com
Wed Feb 10 11:21:17 UTC 2016
Hi All,
Please review fix for following bug :
Bug - https://bugs.openjdk.java.net/browse/JDK-8149029
Issue - Secure validation is always enabled for XML based signature while checking wrapping attacks. The value of DOMValidateContext property org.jcp.xml.dsig.secureValidation is ignored during processing of XML based signature.
Solution - We need to pass the value of secureValidation flag In dereference(URIreference, XMLCryptoContext) method of org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java during call apacheResolver.resolve method.
Webrev - http://cr.openjdk.java.net/~csahu/8149029/
Thanks,
Bhanu
More information about the jdk8u-dev
mailing list