Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 8
-
Fix Version/s: 8u102
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Introduced In Build:b100
-
Introduced In Version:
-
Resolved In Build:b01
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8156312 | 8u111 | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | b01 |
JDK-8162150 | emb-8u111 | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | b01 |
JDK-8175441 | openjdk7u | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | master |
Description
One should be able to enable or disable the XML secure validation of digital signature using the DOMValidateContext property "org.jcp.xml.dsig.secureValidation" . In 8u, even when property value is Boolean.FALSE or unset the validation is triggered.
Below code sets the org.jcp.xml.dsig.secureValidation to false
DOMValidateContext vc = new DOMValidateContext(keyValueKS, element);
vc.setBaseURI(base.toURI().toString());
vc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
Immediate call to vc.getProperty() gives correct value but the value is not being considered while XML processing.
Below code sets the org.jcp.xml.dsig.secureValidation to false
DOMValidateContext vc = new DOMValidateContext(keyValueKS, element);
vc.setBaseURI(base.toURI().toString());
vc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
Immediate call to vc.getProperty() gives correct value but the value is not being considered while XML processing.
Attachments
Issue Links
- backported by
-
JDK-8156312 Secure validation of XML based digital signature always enabled when checking wrapping attacks
-
- Resolved
-
-
JDK-8162150 Secure validation of XML based digital signature always enabled when checking wrapping attacks
-
- Resolved
-
-
JDK-8175441 Secure validation of XML based digital signature always enabled when checking wrapping attacks
-
- Resolved
-
- relates to
-
JDK-8046044 Fix raw and unchecked lint warnings in XML Signature Impl
-
- Resolved
-
-
JDK-8011547 Update XML Signature implementation to Apache Santuario 1.5.4
-
- Closed
-