RFR 8177334: Update xmldsig implementation to Apache Santuario 2.1.1

Sean Mullan sean.mullan at oracle.com
Thu Jun 14 18:19:47 UTC 2018 

Here are some comments so far. I should be able to finish reviewing this 
by tomorrow.

- 
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java
- 
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java

Can we remove these 2 files since it looks like they are for XML Encryption?

- src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/DigestMethod.java
- 
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java

Add @since 11 to the new constants.

- 
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/stax/ext/XMLSecurityConstants.java

Can we remove this since it is for the stax impl?

--Sean


On 6/13/18 8:32 AM, Weijun Wang wrote:
> I've created my own Logger.java and LoggerFactory.java in com.sun.org.slf4j.internal. They has a slf4j-style interface but use java.util.logging.Logger inside.
> 
> --Max
> 
> [1] http://cr.openjdk.java.net/~weijun/8177334/webrev.01/src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java.html
> [2] http://cr.openjdk.java.net/~weijun/8177334/webrev.01/src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/Logger.java.html
> 
>> On Jun 13, 2018, at 8:17 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> In StorageResolver.java:
>>
>>   41     private static final com.sun.org.slf4j.internal.Logger LOG =
>>   42 com.sun.org.slf4j.internal.LoggerFactory.getLogger(StorageResolver.class);
>>
>> Shouldn't the previous code using java.util.logging.Logger be retained? There is no com.sun.org.slf4j package in the JDK.
>>
>> --Sean
>>
>> On 5/24/18 1:50 AM, Weijun Wang wrote:
>>> Please review the change at
>>>    webrev: http://cr.openjdk.java.net/~weijun/8177334/webrev.00/
>>>       CSR: https://bugs.openjdk.java.net/browse/JDK-8203460
>>> New features include the support of SHA-224 and SHA-3 MessageMethod, and RSASSA-PSS SignatureMethods.
>>> The change is done in 2 steps:
>>> 1. Copying files from Apache Santuario Release 2.1.1 [1]. Making cosmetic changes like changing package names.
>>> 2. More changes, including
>>>     a. Applying patches in OpenJDK that were not pushed to Apache Santuario (yet)
>>>     b. Using the RSASSA-PSS Signature algorithm in OpenJDK, because we don't have names like SHA256withRSAandMGF1
>>>     c. Copying standard digest method and signature method names into public API (see the CSR)
>>> For your convenience, there is a separate webrev for step 2 above at
>>>     http://cr.openjdk.java.net/~weijun/8177334/changes/
>>> Thanks
>>> Max
>>> [1] http://www.apache.org/dyn/closer.lua/santuario/java-library/2_1_1/xmlsec-2.1.1-source-release.zip
>

More information about the security-dev mailing list