Looks fine to me. It's a huge update. I mainly focus on the new features introduced in this update.
In the update of GCM cipher operations, I did not find Cipher.updateAAD() and GCMParameterSpec get called in XMLCipher. It's OK because the default value in Oracle provider just meet the requirement of XML Encryption specification (a 128 bit Authentication Tag (T)), and the XML Encryption specification does not specify the Additional Authentication Data (AAD). However, I would suggest to use explicit Tag length (128 bits, with GCMParameterSpec) so that it won't depend on the behaviors of a particular provider. As this is a sync up with Apache, I would suggest to push the changeset. We can submit a new bug to use GCMParameterSpec and add new GCM based test cases later if necessary. Thanks, Xuelei On 6/29/2013 12:00 AM, Sean Mullan wrote: > Hi Xuelei, > > Please review my JDK 8 code changes to bring our XML Signature > implementation up-to-date with Apache Santuario version 1.5.4. > > The changes are extensive, but many of them are simple formatting or > refactoring changes. Any questions, let me know. > > http://cr.openjdk.java.net/~mullan/webrevs/8011547/webrev.00/ > > Thanks, > Sean
