RFR: 8151893: Add security property to configure XML Signature secure validation mode
Sean Mullan
sean.mullan at oracle.com
Thu Aug 25 12:26:15 UTC 2016
On 08/24/2016 10:25 PM, Xuelei Fan wrote:
> On 8/25/2016 7:57 AM, Sean Mullan wrote:
>> I posted an updated webrev:
>> http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.0
>>
> I guess the link should be:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.01/
Yes, thanks.
--Sean
>
> Xuelei
>
>> I found an existing bug in the dsig implementation and wanted to fix it
>> with this change. There are 2 ways to register an element's ID
>> attributes:
>>
>> 1. Using javax.xml.crypto.dom.DOMCryptoContext.setIdAttributeNS()
>> 2. Using one of the org.w3c.dom.Element.setIdAttribute*() methods
>>
>> The DOMURIDereferencer needs to check both mechanisms when searching for
>> Id attributes (it was only checking the first). Fix has been applied to
>> lines 91-96 of DOMURIDereferencer in the updated webrev.
>>
>> --Sean
>>
>> On 08/24/2016 03:17 PM, Sean Mullan wrote:
>>> Please review this fix to add a new security property that allows you to
>>> configure the individual restrictions that are enabled by the XML
>>> Signature secure validation mode.
>>>
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8151893
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.00/
>>>
>>> Thanks,
>>> Sean
More information about the security-dev
mailing list