RFR: 8151893: Add security property to configure XML Signature secure validation mode
Xuelei Fan
xuelei.fan at oracle.com
Thu Aug 25 02:25:00 UTC 2016
On 8/25/2016 7:57 AM, Sean Mullan wrote:
> I posted an updated webrev:
> http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.0
>
I guess the link should be:
http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.01/
Xuelei
> I found an existing bug in the dsig implementation and wanted to fix it
> with this change. There are 2 ways to register an element's ID attributes:
>
> 1. Using javax.xml.crypto.dom.DOMCryptoContext.setIdAttributeNS()
> 2. Using one of the org.w3c.dom.Element.setIdAttribute*() methods
>
> The DOMURIDereferencer needs to check both mechanisms when searching for
> Id attributes (it was only checking the first). Fix has been applied to
> lines 91-96 of DOMURIDereferencer in the updated webrev.
>
> --Sean
>
> On 08/24/2016 03:17 PM, Sean Mullan wrote:
>> Please review this fix to add a new security property that allows you to
>> configure the individual restrictions that are enabled by the XML
>> Signature secure validation mode.
>>
>> bug: https://bugs.openjdk.java.net/browse/JDK-8151893
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.00/
>>
>> Thanks,
>> Sean
More information about the security-dev
mailing list