[8u-dev] Request for approval for CR 8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
Sean Mullan
sean.mullan at oracle.com
Wed Feb 10 15:48:32 UTC 2016
The fix looks fine to me.
--Sean
On 02/10/2016 06:21 AM, Bhanu Gopularam wrote:
> Hi All,
>
> Please review fix for following bug :
>
> Bug - https://bugs.openjdk.java.net/browse/JDK-8149029
>
> Issue – Secure validation is always enabled for XML based signature
> while checking wrapping attacks. The value of DOMValidateContext
> property org.jcp.xml.dsig.secureValidation is ignored during processing
> of XML based signature.
>
> Solution - We need to pass the value of secureValidation flag In
> dereference(URIreference, XMLCryptoContext) method of
> org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java during call
> apacheResolver.resolve method.
>
> Webrev - http://cr.openjdk.java.net/~csahu/8149029/
>
> Thanks,
>
> Bhanu
>
More information about the jdk8u-dev
mailing list