[8u-dev] Request for approval for CR 8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
david buck
david.buck at oracle.com
Wed Feb 10 13:27:55 UTC 2016
approved pending successful code review
If code review takes place on another OpenJDK alias, please post a link
to the review thread on this alias before pushing.
Cheers,
-Buck
On 2016/02/10 20:21, Bhanu Gopularam wrote:
> Hi All,
>
>
>
> Please review fix for following bug :
>
>
>
> Bug - https://bugs.openjdk.java.net/browse/JDK-8149029
>
>
>
> Issue - Secure validation is always enabled for XML based signature while checking wrapping attacks. The value of DOMValidateContext property org.jcp.xml.dsig.secureValidation is ignored during processing of XML based signature.
>
>
>
> Solution - We need to pass the value of secureValidation flag In dereference(URIreference, XMLCryptoContext) method of org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java during call apacheResolver.resolve method.
>
>
>
> Webrev - http://cr.openjdk.java.net/~csahu/8149029/
>
>
>
> Thanks,
>
> Bhanu
>
More information about the jdk8u-dev
mailing list