RFR: 8151893: Add security property to configure XML Signature secure validation mode
Sean Mullan
sean.mullan at oracle.com
Wed Aug 24 23:57:04 UTC 2016
I posted an updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.0
I found an existing bug in the dsig implementation and wanted to fix it
with this change. There are 2 ways to register an element's ID attributes:
1. Using javax.xml.crypto.dom.DOMCryptoContext.setIdAttributeNS()
2. Using one of the org.w3c.dom.Element.setIdAttribute*() methods
The DOMURIDereferencer needs to check both mechanisms when searching for
Id attributes (it was only checking the first). Fix has been applied to
lines 91-96 of DOMURIDereferencer in the updated webrev.
--Sean
On 08/24/2016 03:17 PM, Sean Mullan wrote:
> Please review this fix to add a new security property that allows you to
> configure the individual restrictions that are enabled by the XML
> Signature secure validation mode.
>
> bug: https://bugs.openjdk.java.net/browse/JDK-8151893
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.00/
>
> Thanks,
> Sean
More information about the security-dev
mailing list