Code Review Request: 8011547 : Update XML Signature implementation to Apache Santuario 1.5.4
Xuelei Fan
xuelei.fan at oracle.com
Wed Jul 3 02:44:54 UTC 2013
Looks fine to me.
It's a huge update. I mainly focus on the new features introduced in
this update.
In the update of GCM cipher operations, I did not find
Cipher.updateAAD() and GCMParameterSpec get called in XMLCipher. It's
OK because the default value in Oracle provider just meet the
requirement of XML Encryption specification (a 128 bit Authentication
Tag (T)), and the XML Encryption specification does not specify the
Additional Authentication Data (AAD). However, I would suggest to use
explicit Tag length (128 bits, with GCMParameterSpec) so that it won't
depend on the behaviors of a particular provider.
As this is a sync up with Apache, I would suggest to push the changeset.
We can submit a new bug to use GCMParameterSpec and add new GCM based
test cases later if necessary.
Thanks,
Xuelei
On 6/29/2013 12:00 AM, Sean Mullan wrote:
> Hi Xuelei,
>
> Please review my JDK 8 code changes to bring our XML Signature
> implementation up-to-date with Apache Santuario version 1.5.4.
>
> The changes are extensive, but many of them are simple formatting or
> refactoring changes. Any questions, let me know.
>
> http://cr.openjdk.java.net/~mullan/webrevs/8011547/webrev.00/
>
> Thanks,
> Sean
More information about the security-dev
mailing list