RFR: 8259709: Disable SHA-1 XML Signatures
Sean Mullan
mullan at openjdk.java.net
Wed Feb 24 22:05:40 UTC 2021
On Fri, 19 Feb 2021 22:36:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> All test changes are about re-enabling disabled algorithms. Do we have a test on ensuring disabled algorithms are indeed disabled? How about we set "org.jcp.xml.dsig.secureValidation" to false everywhere in the existing tests and add a new dedicated test to check for disabled algorithms/key sizes etc.
That is what test/jdk/javax/xml/crypto/dsig/SecureValidationPolicy.java does, see this code block on lines 65-69:
for (String alg : restrictedAlgs) {
if (!Policy.restrictAlg(alg)) {
throw new Exception(alg + " alg not restricted");
}
}
-------------
PR: https://git.openjdk.java.net/jdk/pull/2463
More information about the security-dev
mailing list