Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151893

Add security property to configure XML Signature secure validation mode

    Details

      Backports

        Description

        The XML Signature secure validation mode is all or nothing, there is no way to selectively control each of the restrictions. The mode is enabled either by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

        It would be useful to define a new security property that allows you to configure the individual restrictions that are enabled. For example:

        jdk.xmldsig.secureValidation=xslt, md5, refs > 29, \
            trans > 4, uniqueIds, uri = file | http, \
            retMethodLoop, DSA keySize < 1024, \
            RSA keySize < 1024

        An administrator could selectively control each restriction, and could remove/disable a single restriction without having to completely turn off everything.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mullan Sean Mullan
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Due:
                    Created:
                    Updated:
                    Resolved: