[8u] RFR Backport 8177334: Update xmldsig implementation to Apache Santuario 2.1.1

Andrew Hughes gnu.andrew at redhat.com
Mon Aug 17 05:49:02 UTC 2020


On 17:22 Wed 17 Jun     , Elliott Baron wrote:

snip...

> > My main concern is that, although we don't add the new algorithms to
> > DigestMethod & SignatureMethod, or their tests, we do seem to be adding
> > support in e.g. JCEMapper for new algorithms like SHA3. I think we
> > should be consistent here and if we're not going to put new algorithms
> > in DigestMethod & SignatureMethod, and not include tests of them, they
> > shouldn't be being implemented.
> 
> Makes sense to me. I've removed the code related to SHA-3 algorithms, and
> also Whirlpool, which also seems to not be unimplemented.
> 
> Revised 8u Webrev:
> https://cr.openjdk.java.net/~ebaron/jdk8u/JDK-8177334/webrev.02/
> 
> I noticed that RIPEMD-160 is already present, but not provided by any
> default crypto provider. I suppose this is to allow the XML-DSig code to
> work with third-party providers. We could follow suit and include the new
> algorithms after all, but as you said, there's no good way to test them as
> part of the JDK.
>

Thanks. Changed version looks good.

> > 
> > I also wonder why getSignature was pulled into DOMSignatureMethod.java
> > from JDK-8042967. Why was this needed?
> > 
> 
> This allowed a cleaner backport for the new RSASSA-PSS DOMSignatureMethods.
> They worked in the original by overriding the getSignature method to insert
> special handling for the PSSParameterSpec. Maybe I could add an instanceof
> special case to the original 8u code instead to do this?
>

Ok, I'm fine with just including that one method and not trying to backport
a new feature for this. Just include something in the Summary line of the
commit along the lines of:

"Summary: Includes DOMSignatureMethod.getSignature from JDK-8042967"

which will cause it to be found for any keyword searches for 8042967.

> Thanks,
> Elliott
> 
> [1] https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-April/011571.html
> 

Let's get this in finally and kick the tyres on it. Please flag with
jdk8u-fix-request.
--
Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222


More information about the jdk8u-dev mailing list