Re: RFR 8177334: Update xmldsig implementation to Apache Santuario 2.1.1

Thu, 14 Jun 2018 11:20:47 -0700

Here are some comments so far. I should be able to finish reviewing this by tomorrow.
- src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java - src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java 

Can we remove these 2 files since it looks like they are for XML Encryption?

- src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/DigestMethod.java

- 
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java


Add @since 11 to the new constants.


- 
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/stax/ext/XMLSecurityConstants.java


Can we remove this since it is for the stax impl?

--Sean


On 6/13/18 8:32 AM, Weijun Wang wrote:

I've created my own Logger.java and LoggerFactory.java in 
com.sun.org.slf4j.internal. They has a slf4j-style interface but use 
java.util.logging.Logger inside.

--Max

[1] 
http://cr.openjdk.java.net/~weijun/8177334/webrev.01/src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java.html
[2] 
http://cr.openjdk.java.net/~weijun/8177334/webrev.01/src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/Logger.java.html


On Jun 13, 2018, at 8:17 PM, Sean Mullan <sean.mul...@oracle.com> wrote:

In StorageResolver.java:

  41     private static final com.sun.org.slf4j.internal.Logger LOG =
  42 com.sun.org.slf4j.internal.LoggerFactory.getLogger(StorageResolver.class);

Shouldn't the previous code using java.util.logging.Logger be retained? There 
is no com.sun.org.slf4j package in the JDK.

--Sean

On 5/24/18 1:50 AM, Weijun Wang wrote:

Please review the change at
   webrev: http://cr.openjdk.java.net/~weijun/8177334/webrev.00/
      CSR: https://bugs.openjdk.java.net/browse/JDK-8203460
New features include the support of SHA-224 and SHA-3 MessageMethod, and 
RSASSA-PSS SignatureMethods.
The change is done in 2 steps:
1. Copying files from Apache Santuario Release 2.1.1 [1]. Making cosmetic 
changes like changing package names.
2. More changes, including
    a. Applying patches in OpenJDK that were not pushed to Apache Santuario 
(yet)
    b. Using the RSASSA-PSS Signature algorithm in OpenJDK, because we don't 
have names like SHA256withRSAandMGF1
    c. Copying standard digest method and signature method names into public 
API (see the CSR)
For your convenience, there is a separate webrev for step 2 above at
    http://cr.openjdk.java.net/~weijun/8177334/changes/
Thanks
Max
[1] 
http://www.apache.org/dyn/closer.lua/santuario/java-library/2_1_1/xmlsec-2.1.1-source-release.zip
























					Reply via email to