I posted an updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.0
I found an existing bug in the dsig implementation and wanted to fix it
with this change. There are 2 ways to register an element's ID attributes:
1. Using javax.xml.crypto.dom.DOMCryptoContext.setIdAttributeNS()
2. Using one of the org.w3c.dom.Element.setIdAttribute*() methods
The DOMURIDereferencer needs to check both mechanisms when searching for
Id attributes (it was only checking the first). Fix has been applied to
lines 91-96 of DOMURIDereferencer in the updated webrev.
--Sean
On 08/24/2016 03:17 PM, Sean Mullan wrote:
Please review this fix to add a new security property that allows you to
configure the individual restrictions that are enabled by the XML
Signature secure validation mode.
bug: https://bugs.openjdk.java.net/browse/JDK-8151893
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.00/
Thanks,
Sean
