Re: RFR: 8151893: Add security property to configure XML Signature secure validation mode

Sean Mullan Thu, 25 Aug 2016 05:26:22 -0700

On 08/24/2016 10:25 PM, Xuelei Fan wrote:

On 8/25/2016 7:57 AM, Sean Mullan wrote:

I posted an updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.0

I guess the link should be:

http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.01/


Yes, thanks.

--Sean


Xuelei

I found an existing bug in the dsig implementation and wanted to fix it
with this change. There are 2 ways to register an element's ID
attributes:

1. Using javax.xml.crypto.dom.DOMCryptoContext.setIdAttributeNS()
2. Using one of the org.w3c.dom.Element.setIdAttribute*() methods

The DOMURIDereferencer needs to check both mechanisms when searching for
Id attributes (it was only checking the first). Fix has been applied to
lines 91-96 of DOMURIDereferencer in the updated webrev.

--Sean

On 08/24/2016 03:17 PM, Sean Mullan wrote:

Please review this fix to add a new security property that allows you to
configure the individual restrictions that are enabled by the XML
Signature secure validation mode.

bug: https://bugs.openjdk.java.net/browse/JDK-8151893
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8151893/webrev.00/

Thanks,
Sean

Re: RFR: 8151893: Add security property to configure XML Signature secure validation mode

Reply via email to