[8u] RFC 8177334: Update xmldsig implementation to Apache Santuario 2.1.1

Martin Balao mbalao at redhat.com
Wed Aug 28 20:32:03 UTC 2019


Hello,

This is a rough list* of dependencies for a clean jdk8u backport of
JDK-8177334 [1]:

 * 6850612: Deprecate Class.newInstance since it violates the checked
exception language contract
     * https://bugs.openjdk.java.net/browse/JDK-6850612
     * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/03453120a011
     * Affected files
      *
src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
      *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
      *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
      *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java

 * 8134984: Text files should end in exactly one newline
  * https://bugs.openjdk.java.net/browse/JDK-8134984
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/a4299d47bd00
  * Affected files (all this files will be deleted anyways)
   *
src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/package.html
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/package.html

 * 8055723: Replace concat String to append in StringBuilder parameters
  * https://bugs.openjdk.java.net/browse/JDK-8055723
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/4d6c9954ac70
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java
    * This file will be deleted anyways
   *
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java

 * 8156661: Handful of typos in javadoc
  * https://bugs.openjdk.java.net/browse/JDK-8156661
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/1049321b86cb
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java
    * This file will be deleted anyways

 * 8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
  * https://bugs.openjdk.java.net/browse/JDK-8133802
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/bd9629077386
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java
    * This file will be deleted anyways
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java
    * This file will be deleted anyways
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java
    * This file will be deleted anyways
  * @gnu_andrew already requested a jdk8u backport of this bug

 * 8067377: My hobby: caning, then then canning, the the can-can
  * https://bugs.openjdk.java.net/browse/JDK-8067377
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/678faa7d1a6a
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java
    * This file will be deleted anyways
   *
src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java

 * 8031191: Warning exception when XMLSignature logging is enabled
  * https://bugs.openjdk.java.net/browse/JDK-8031191
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/1edcb81fb7cc
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java

 * 8181150: Fix lint warnings in JAXP repo: rawtypes and unchecked
  * https://bugs.openjdk.java.net/browse/JDK-8181150
  * http://hg.openjdk.java.net/jdk10/master/rev/e1a6c0168741
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java

 * 8162723: Array index overflow in Base64 utility class
  * https://bugs.openjdk.java.net/browse/JDK-8162723
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/138876450c3a
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java

 * 8079140: IgnoreAllErrorHandler should use doPrivileged when it reads
system properties
  * https://bugs.openjdk.java.net/browse/JDK-8079140
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/f717a1d287b0
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java

 * 8038913: Bolster XML support
  * https://bugs.openjdk.java.net/browse/JDK-8038913
  * http://hg.openjdk.java.net/jdk/jdk/rev/1ceee8d3844d
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java

 * 8087283: Add support for the XML Signature here() function to the JDK
XPath implementation
  * https://bugs.openjdk.java.net/browse/JDK-8087283
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/23de469e194d
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java

 * 8038431: Close InputStream when finished retrieving XML Signature
HTTP References
  * https://bugs.openjdk.java.net/browse/JDK-8038431
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/cacad86dccd0
  * Affected files
   *
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java

 * 8046949: Generify the javax.xml.crypto API
  * https://bugs.openjdk.java.net/browse/JDK-8046949
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/3e276a212a96
  * Affected files
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
   * test/jdk/javax/xml/crypto/dsig/GenerationTests.java

 * 8132130: Some docs cleanup
  * https://bugs.openjdk.java.net/browse/JDK-8132130
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/339e2b4a5241
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java
    * Deleted anyways
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java

 * 8041679: Replace uses of StringBuffer with StringBuilder within core
library classes
  * https://bugs.openjdk.java.net/browse/JDK-8041679
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/319f26fadef4
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java

 * 8046044: Fix raw and unchecked lint warnings in XML Signature Impl
  * https://bugs.openjdk.java.net/browse/JDK-8046044
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/7d6154df328c
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
   *
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java

 * 8046724: XML Signature ECKeyValue elements cannot be marshalled or
unmarshalled
  * https://bugs.openjdk.java.net/browse/JDK-8046724
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/eed55a6ebaa3
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
   * test/jdk/javax/xml/crypto/dsig/KeySelectors.java
   * test/jdk/javax/xml/crypto/dsig/GenerationTests.java

 * 8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
  * https://bugs.openjdk.java.net/browse/JDK-8079693
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/5ad36a27ddf3
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
   * test/jdk/javax/xml/crypto/dsig/GenerationTests.java

 * 8032733: Fix cast lint warnings in client libraries
  * https://bugs.openjdk.java.net/browse/JDK-8032733
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/4e2cd8998f3d
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java

 * 8042967: Add variant of DSA Signature algorithms that do not ASN.1
encode the signature bytes
  * https://bugs.openjdk.java.net/browse/JDK-8042967
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/4d86414d3d1d
  * Affected files
   * src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java

 * 8169925: Organize licenses by module in source, JMOD file, and
run-time image
  * https://bugs.openjdk.java.net/browse/JDK-8169925
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/c6b2de8d1f29
  * Affected files
   * src/share/legal/santuario.md

 * 8081347: Add @modules to jdk_core tests
  * https://bugs.openjdk.java.net/browse/JDK-8081347
  * http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/5d60882157c9
  * Affected files
   * test/jdk/javax/xml/crypto/dsig/GenerationTests.java

 * Multiple copyright date conflicts
  * I.e.:
   * src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
   * src/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
  * May be (in part) due to:
   * 8029235: Update copyright year to match last edit in jdk8 jdk
repository for 2013
    * https://bugs.openjdk.java.net/browse/JDK-8029235
    * http://hg.openjdk.java.net/jdk/jdk/rev/6dadb192ad81

Some of these changesets look "reverted" by 8177334 patch, but we need
them if we want a clean backport.

The question is: which of those do we want or makes sense to backport to
jdk8u? For the rest, we will need to fix conflicts manually.

(*) I might be mising dependencies of dependencies here. Unless we do
the actual work, there won't be a final list. That said, this should be
a good approximation base on what I've seen from each file history.

Thanks,
Martin.-

--
[1] - https://bugs.openjdk.java.net/browse/JDK-8177334
[2] - http://hg.openjdk.java.net/jdk/jdk/rev/3810c9a2efa1


More information about the jdk8u-dev mailing list