RFR CSR 8203460: Update xmldsig implementation to latest version of Apache Santuario

Weijun Wang weijun.wang at oracle.com
Fri May 25 00:16:00 UTC 2018

> On May 24, 2018, at 11:39 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> I think the MGF1 based SignatureMethod algs should be named SHA256_RSA_MGF1, etc to be consistent with the URI names in the RFC.


I've also updated my local code, no new webrev.

> Otherwise the update looks good.
> I think we should also file an RFE to add a new RSAPSSParams class (which would be a subclass of SignatureMethodParameterSpec), and would contain the parameters for the RSASSA-PSS algorithm defined in https://tools.ietf.org/html/rfc6931#2.3.9.



> --Sean
> On 5/23/18 8:19 PM, Weijun Wang wrote:
>> Updated. I'm now using uri.substr(uri.indexOf("#") + 1).toUpperCase() as the names.
>> Thanks
>> Max
>>> On May 24, 2018, at 4:47 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>> I don't think you should change the names of the algorithms to the JCE style (eg: SHA1withDSA). You should keep the names as defined by the W3C Recommendation and related RFCs. Even if the naming convention is different than JCE, these are the names that were chosen by the standards bodies and these are XML DSig specific algorithm names.
>>> Otherwise looks good.
>>> Thanks,
>>> Sean
>>> On 5/21/18 10:57 PM, Weijun Wang wrote:
>>>> Please take a review at
>>>>    https://bugs.openjdk.java.net/browse/JDK-8203460
>>>> The current XMLDSig provider implementation is based on Apache Santuario 1.5.4. We'll update it to be 2.1.1. New algorithms are added.
>>>> Thanks
>>>> Max

More information about the security-dev mailing list