On Wed, 24 Feb 2021 22:02:45 GMT, Sean Mullan <[email protected]> wrote:
> > All test changes are about re-enabling disabled algorithms. Do we have a
> > test on ensuring disabled algorithms are indeed disabled? How about we set
> > "org.jcp.xml.dsig.secureValidation" to false everywhere in the existing
> > tests and add a new dedicated test to check for disabled algorithms/key
> > sizes etc.
>
> That is what test/jdk/javax/xml/crypto/dsig/SecureValidationPolicy.java does,
> see this code block on lines 65-69:
>
> ```
> for (String alg : restrictedAlgs) {
> if (!Policy.restrictAlg(alg)) {
> throw new Exception(alg + " alg not restricted");
> }
> }
> ```
This is only about checking the parsing function of the Policy class. I would
be more confident if an actual validation call is made.
I have a test on PSS at
https://github.com/openjdk/jdk/blob/a79df58e0ad0b19aa8e0611cc55f5628383c2950/test/jdk/javax/xml/crypto/dsig/SecureValidation.java.
Maybe I can enhance it to contain more algorithms.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2463
