Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8200309

Document XML Signature secure mode

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 11
    • Component/s: docs
    • Labels:

      Description

      Add a section to the XML Signature tutorial that describes how to enable the secure mode of XML Signatures which allows you to block weak algorithms and other potentially insecure constructs.

      New section:

      XML Signature Secure Validation Mode

      The secure validation mode for XML Signatures is a feature designed to protect you from XML Signatures that may contain potentially hostile constructs that can cause denial-of-service or other types of security issues.

      Secure validation mode is enabled by default when you run your application with a Security Manager.

      Secure validation mode can also be enabled by setting the org.jcp.xml.dsig.secureValidation property to TRUE. The property must be enabled before you validate the XML Signature.

      To set the property in an application, call the setProperty method of the javax.xml.crypto.dsig.dom.DOMValidateContext class:

      DOMValidateContext context = new DOMValidateContext(key, element);
      context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);

      When secure validation mode is enabled, XML signatures are processed more securely. Limits are set on various XML signature constructs to avoid conditions such as denial-of-service attacks. By default, it enforces the following restrictions:

          Forbids use of the XSLT Transform
          Restricts the number of SignedInfo or Manifest References to 30 or less
          Restricts the number of Reference Transforms to 5 or less
          Forbids the use of MD5 related signature or mac algorithms
          Ensures that Reference Ids are unique to help prevent signature wrapping attacks
          Forbids Reference URIs of type http, https or file
          Does not allow a RetrievalMethod to reference another RetrievalMethod
          Forbids RSA or DSA keys less than 1024 bits

      In addition, the jdk.xml.dsig.secureValidationPolicy security property can be used to control and fine-tune the restrictions above or add additional restrictions. See the definition of the property in the java.security file for more information.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rgallard Raymond Gallardo
                Reporter:
                mullan Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: