[8u-dev] Request for approval for CR 8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks

Bhanu Gopularam bhanu.prakash.gopularam at oracle.com
Wed Feb 10 11:21:17 UTC 2016


Hi All,

 

Please review fix for following bug :

 

Bug - https://bugs.openjdk.java.net/browse/JDK-8149029

 

Issue - Secure validation is always enabled for XML based signature while checking wrapping attacks. The value of DOMValidateContext property org.jcp.xml.dsig.secureValidation is ignored during processing of XML based signature.

 

Solution -  We need to pass the value of secureValidation flag In dereference(URIreference, XMLCryptoContext) method of org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java during call apacheResolver.resolve method.

 

Webrev - http://cr.openjdk.java.net/~csahu/8149029/

 

Thanks,

Bhanu


More information about the jdk8u-dev mailing list