Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151893

Add security property to configure XML Signature secure validation mode

    Details

      Backports

        Description

        The XML Signature secure validation mode is all or nothing, there is no way to selectively control each of the restrictions. The mode is enabled either by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

        It would be useful to define a new security property that allows you to configure the individual restrictions that are enabled. For example:

        jdk.xmldsig.secureValidation=xslt, md5, refs > 29, \
            trans > 4, uniqueIds, uri = file | http, \
            retMethodLoop, DSA keySize < 1024, \
            RSA keySize < 1024

        An administrator could selectively control each restriction, and could remove/disable a single restriction without having to completely turn off everything.

          Issue Links

            Activity

            Hide
            mullan Sean Mullan added a comment -
            FC Extension Request

            Remaining work: The fix is understood, but the code, CCC, and tests still need to be implemented. The code will be started soon.
            Risk: medium risk that the fix may not be integrated into master by 9/1
            Justification: this feature is blocking another critical issue
            Estimated completion date: 8/26
            Show
            mullan Sean Mullan added a comment - FC Extension Request Remaining work: The fix is understood, but the code, CCC, and tests still need to be implemented. The code will be started soon. Risk: medium risk that the fix may not be integrated into master by 9/1 Justification: this feature is blocking another critical issue Estimated completion date: 8/26
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/9c7eb3e1799f
            User: mullan
            Date: 2016-08-25 19:06:17 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/9c7eb3e1799f User: mullan Date: 2016-08-25 19:06:17 +0000
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/9c7eb3e1799f
            User: lana
            Date: 2016-08-31 20:17:52 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/9c7eb3e1799f User: lana Date: 2016-08-31 20:17:52 +0000

              People

              • Assignee:
                mullan Sean Mullan
                Reporter:
                mullan Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: