RFR CSR 8203460: Update xmldsig implementation to latest version of Apache Santuario

Sean Mullan sean.mullan at oracle.com
Thu May 24 15:39:52 UTC 2018


I think the MGF1 based SignatureMethod algs should be named 
SHA256_RSA_MGF1, etc to be consistent with the URI names in the RFC.

Otherwise the update looks good.

I think we should also file an RFE to add a new RSAPSSParams class 
(which would be a subclass of SignatureMethodParameterSpec), and would 
contain the parameters for the RSASSA-PSS algorithm defined in 
https://tools.ietf.org/html/rfc6931#2.3.9.

--Sean

On 5/23/18 8:19 PM, Weijun Wang wrote:
> Updated. I'm now using uri.substr(uri.indexOf("#") + 1).toUpperCase() as the names.
> 
> Thanks
> Max
> 
>> On May 24, 2018, at 4:47 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> I don't think you should change the names of the algorithms to the JCE style (eg: SHA1withDSA). You should keep the names as defined by the W3C Recommendation and related RFCs. Even if the naming convention is different than JCE, these are the names that were chosen by the standards bodies and these are XML DSig specific algorithm names.
>>
>> Otherwise looks good.
>>
>> Thanks,
>> Sean
>>
>> On 5/21/18 10:57 PM, Weijun Wang wrote:
>>> Please take a review at
>>>     https://bugs.openjdk.java.net/browse/JDK-8203460
>>> The current XMLDSig provider implementation is based on Apache Santuario 1.5.4. We'll update it to be 2.1.1. New algorithms are added.
>>> Thanks
>>> Max
> 



More information about the security-dev mailing list