RFR: 8259709: Disable SHA-1 XML Signatures

Sean Mullan mullan at openjdk.java.net
Wed Feb 24 22:05:40 UTC 2021


On Fri, 19 Feb 2021 22:36:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> All test changes are about re-enabling disabled algorithms. Do we have a test on ensuring disabled algorithms are indeed disabled? How about we set "org.jcp.xml.dsig.secureValidation" to false everywhere in the existing tests and add a new dedicated test to check for disabled algorithms/key sizes etc.

That is what test/jdk/javax/xml/crypto/dsig/SecureValidationPolicy.java does, see this code block on lines 65-69:

        for (String alg : restrictedAlgs) {
            if (!Policy.restrictAlg(alg)) {
                throw new Exception(alg + " alg not restricted");
            }
        }

-------------

PR: https://git.openjdk.java.net/jdk/pull/2463



More information about the security-dev mailing list