JDK 9 Review Request for 8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits

Sean Mullan sean.mullan at oracle.com
Wed Apr 30 12:39:31 UTC 2014

On 04/29/2014 10:26 PM, Xuelei Fan wrote:
> Minor comments.
> algorithms/implementations/SignatureDSA.java
> ============================================
> 51     public static final String URI = XMLSignature.ALGO_ID_SIGNATURE_DSA;
> With this update, this variable can be declared as private, I think.
> Is it still necessary to define this variable?  I think we may want to
> use the uniform XMLSignature definition instead.

I will remove it. I was a little concerned there may be someone 
depending on it (and didn't want to diverge from the Apache code), but 
most likely not.

> security/utils/JavaUtils.java
> =============================
> 162   public static byte[] convertASN1toXMLDSIG ...
> 201   public static byte[] convertXMLDSIGtoASN1 ...
> As the methods above only apply to DSA, and the class now is in utils
> package, we might want to use a little bit more instinctive method name
> to indicate the DSA algorithm, for example, convertDsaASN1toXMLDSIG.

Yes, sounds like a good suggestion.

> Need more time to read the update in JavaUtils.java

Ok, thanks.


> Xuelei
> On 4/30/2014 4:48 AM, Sean Mullan wrote:
>> Please review the following change which adds support for 2048-bit DSA
>> keys and the DSA-SHA256 algorithm to the XML Signature implementation:
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8038349/webrev.00/
>> JDK 8 already includes the underlying support for both of these in the
>> Sun provider. For 2048 bit keys, the ASN.1 parsing code in the XML
>> Signature layer needed to be adapted to handle 2048 bit keys, and for
>> SHA-256 it was just a matter of registering the algorithm URI and
>> instantiating a Signature object with the SHA256WithDSA algorithm.
>> Thanks,
>> Sean

More information about the security-dev mailing list