RFR [13] 8217878: ENVELOPING XML signature no longer works in JDK 11
Weijun Wang
weijun.wang at oracle.com
Tue Mar 5 03:23:22 UTC 2019
Everything is fine now.
Thanks,
Max
> On Mar 5, 2019, at 4:11 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Updated webrev: http://cr.openjdk.java.net/~mullan/webrevs/8217878/webrev.01/
>
> Changes:
>
> - Added DOMCryptoBinary.java
> - Changed Base64 calls to XMLUtils in DOMKeyValue, DOMPGPData, DOMReference, DOMSignedInfo, DOMX509Data, and DOMXMLSignature
>
> Thanks,
> Sean
>
> On 3/4/19 8:33 AM, Sean Mullan wrote:
>> On 3/3/19 10:32 PM, Weijun Wang wrote:
>>> Two questions:
>>>
>>> 1. There is no DOMCryptoBinary.java. Maybe you forgot "hg add"?
>> Yes, I did. I will add it.
>>> 2. The Base64 class is called directly in several places. Aren't the helper methods in XMLUtils enough?
>> Good catch, since that code is not using XMLUtils, it is not checking the linebreaks property to see if linebreaks should be inserted (com.sun.org.apache.xml.internal.security.ignoreLineBreaks). Let me fix that to use XMLUtils and I'll follow up with another webrev.
>> Thanks,
>> Sean
>>>
>>> Thanks,
>>> Max
>>>
>>>> On Feb 26, 2019, at 4:46 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>>
>>>> In JDK 11, we included an updated version of Apache Santuario (which the JDK XML Signature implementation is based on) [1]. This contained a newer XML marshalling implementation, which has caused a couple of serious regressions (this one and JDK-8218629 [2]).
>>>>
>>>> After unsuccessfully trying to patch the current implementation, we decided to back it out and restore the previous code, which had been very stable for many years. The newer implementation is different in subtle ways and doesn't really offer any advantages other than a bit of reduction in lines of code. The Apache Santuario Project also has backed out the implementation.
>>>>
>>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8217878/webrev.00/
>>>> bug: https://bugs.openjdk.java.net/browse/JDK-8217878
>>>>
>>>> New test cases have also been added for the regressions.
>>>>
>>>> Note that this also fixes JDK-8218629 [2]. Since technically they are different issues, I will probably include both bug-ids in this changeset.
>>>>
>>>> --Sean
>>>>
>>>> [1] https://bugs.openjdk.java.net/browse/JDK-8177334
>>>> [2] https://bugs.openjdk.java.net/browse/JDK-8218629
>>>
More information about the security-dev
mailing list