JDK 9 Review Request for 8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits

Xuelei Fan xuelei.fan at oracle.com
Wed Apr 30 02:26:43 UTC 2014


Minor comments.

algorithms/implementations/SignatureDSA.java
============================================
51     public static final String URI = XMLSignature.ALGO_ID_SIGNATURE_DSA;

With this update, this variable can be declared as private, I think.

Is it still necessary to define this variable?  I think we may want to
use the uniform XMLSignature definition instead.

security/utils/JavaUtils.java
=============================
162   public static byte[] convertASN1toXMLDSIG ...
201   public static byte[] convertXMLDSIGtoASN1 ...

As the methods above only apply to DSA, and the class now is in utils
package, we might want to use a little bit more instinctive method name
to indicate the DSA algorithm, for example, convertDsaASN1toXMLDSIG.

Need more time to read the update in JavaUtils.java

Xuelei

On 4/30/2014 4:48 AM, Sean Mullan wrote:
> Please review the following change which adds support for 2048-bit DSA
> keys and the DSA-SHA256 algorithm to the XML Signature implementation:
> 
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8038349/webrev.00/
> 
> JDK 8 already includes the underlying support for both of these in the
> Sun provider. For 2048 bit keys, the ASN.1 parsing code in the XML
> Signature layer needed to be adapted to handle 2048 bit keys, and for
> SHA-256 it was just a matter of registering the algorithm URI and
> instantiating a Signature object with the SHA256WithDSA algorithm.
> 
> Thanks,
> Sean




More information about the security-dev mailing list