RFR 8177334: Update xmldsig implementation to Apache Santuario 2.1.1

Sean Mullan sean.mullan at oracle.com
Wed Jun 13 12:17:35 UTC 2018


In StorageResolver.java:

   41     private static final com.sun.org.slf4j.internal.Logger LOG =
   42 
com.sun.org.slf4j.internal.LoggerFactory.getLogger(StorageResolver.class);

Shouldn't the previous code using java.util.logging.Logger be retained? 
There is no com.sun.org.slf4j package in the JDK.

--Sean

On 5/24/18 1:50 AM, Weijun Wang wrote:
> Please review the change at
> 
>    webrev: http://cr.openjdk.java.net/~weijun/8177334/webrev.00/
>       CSR: https://bugs.openjdk.java.net/browse/JDK-8203460
> 
> New features include the support of SHA-224 and SHA-3 MessageMethod, and RSASSA-PSS SignatureMethods.
> 
> The change is done in 2 steps:
> 
> 1. Copying files from Apache Santuario Release 2.1.1 [1]. Making cosmetic changes like changing package names.
> 
> 2. More changes, including
> 
>     a. Applying patches in OpenJDK that were not pushed to Apache Santuario (yet)
>     b. Using the RSASSA-PSS Signature algorithm in OpenJDK, because we don't have names like SHA256withRSAandMGF1
>     c. Copying standard digest method and signature method names into public API (see the CSR)
> 
> For your convenience, there is a separate webrev for step 2 above at
> 
>     http://cr.openjdk.java.net/~weijun/8177334/changes/
> 
> Thanks
> Max
> 
> [1] http://www.apache.org/dyn/closer.lua/santuario/java-library/2_1_1/xmlsec-2.1.1-source-release.zip
> 


More information about the security-dev mailing list