RFR: 8255255: Update Apache Santuario (XML Signature) to version 2.2.1 [v8]
Weijun Wang
weijun at openjdk.java.net
Thu Mar 18 22:06:42 UTC 2021
On Thu, 18 Mar 2021 20:10:20 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision:
>>
>> - Merge branch 'master' into 8255255
>> - reapply 8259535: ECDSA SignatureValue do not always have the specified length
>> - No more newInstance calls
>> - Reapply 8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
>> - Fix test failures
>> - Supporting named RSASSA-PSS without parameters
>> - Reapply 8008744: Rework part of fix for JDK-6741606
>> - Reapply 8151893: Add security property to configure XML Signature secure validation mode
>>
>> Reapply 8140353: Improve signature checking
>> - Reapply Reapply 8042967: Add variant of DSA Signature algorithms that do not ASN.1 encode the signature bytes
>> - Reapply 8038913: Bolster XML support (Init.java part)
>> - ... and 5 more: https://git.openjdk.java.net/jdk/compare/e52863e8...60496847
>
> Marked as reviewed by mullan (Reviewer).
Below is the script to import Santuario 2.2.1 at the beginning. Recorded here so we can reuse it next time.
$ cat ~/work/xmlsec/import
#! /bin/bash
realpath() {
[[ $1 = /* ]] && echo "$1" || echo "$PWD/${1#./}"
}
HERE=$(dirname $(realpath $0))
V=2.2.1
BUNDLE=/Users/weijun/work/xmlsec/xmlsec-$V-source-release.zip
# WORK=$(hg root)/src/java.xml.crypto
WORK=/Users/weijun/repos/openjdk/x/open/src/java.xml.crypto
mkdir -p $WORK/share/classes
cd $WORK/share/classes
unzip $BUNDLE \
'xmlsec-'$V'/src/main/java/org/apache/xml/security/*' \
'xmlsec-'$V'/src/main/java/org/apache/jcp/xml/dsig/internal/*'
echo Patching impl...
rm -rf com
mkdir -p com/sun/org/apache/xml/internal
mv xmlsec-$V/src/main/java/org/apache/xml/security com/sun/org/apache/xml/internal/
rm -rf com/sun/org/apache/xml/internal/security/stax/
rm -rf com/sun/org/apache/xml/internal/security/encryption
rm -rf com/sun/org/apache/xml/internal/security/binding/
rm -rf com/sun/org/apache/xml/internal/security/configuration/
rm -rf com/sun/org/apache/xml/internal/security/resource/schema/
rm com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayInputStream.java
rm com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
echo Patching provider...
rm -rf org
mkdir -p org/jcp/xml/dsig
mv xmlsec-$V/src/main/java/org/apache/jcp/xml/dsig/internal org/jcp/xml/dsig/
rm -rf xmlsec-$V
echo Updating package names...
for a in `find com org -type f`; do
perl -i -p $HERE/trans.pl $a
head -2 $a | grep -q "Licensed to the Apache Software Foundation" &&
cat <<EOF | cat - $a > tmptmp && mv tmptmp $a
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
EOF
done
cat <<EOF > /dev/null
make clean-java.xml.crypto
make JAVAC_WARNINGS=-Xlint:none java.xml.crypto-java-only
sh src/java.xml.crypto/import
hg addremove
hg diff > .hg/patches/santuario-copy
hg revert -a && hg purge
EOF
x $ cat ~/work/xmlsec/trans.pl
#! /usr/bin/perl
# Styles
s/\t/ /g;
s/ +$//;
s/bugs.sun.com/bugs.java.com/;
s/<code>(.*?)<.code>/{@code $1}/gi;
s/<xmp>/<pre>{@code/;
s/</xmp>/}</pre>/;
s/(20\d\d) Sun Microsystems, Inc/(c) $1, Oracle and/or its affiliates/;
s/Portions copyright/Copyright/;
# Source
s/org.apache.xml.security/com.sun.org.apache.xml.internal.security/g;
s/org.apache.jcp/org.jcp/g;
# Dependencies reimplemented
s/org.slf4j/com.sun.org.slf4j.internal/g;
# Dependencies elsewhere
s/org.apache.xml.dtm/com.sun.org.apache.xml.internal.dtm/;
s/([ "])org.apache.xpath/$1com.sun.org.apache.xpath.internal/;
s/org.apache.xml.utils/com.sun.org.apache.xml.internal.utils/;
-------------
PR: https://git.openjdk.java.net/jdk/pull/1206
More information about the security-dev
mailing list