Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8260154

Enable XML Signature secure validation mode by default

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 17
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      medium
    • Compatibility Risk Description:
      Hide
      XML Signatures containing content that violate the constraints specified by the jdk.xml.dsig.secureValidationPolicy will now be invalid by default. If necessary, and at their own risk, applications can workaround this by disabling the secure validation mode or adjusting the validation policy to be less strict.
      Show
      XML Signatures containing content that violate the constraints specified by the jdk.xml.dsig.secureValidationPolicy will now be invalid by default. If necessary, and at their own risk, applications can workaround this by disabling the secure validation mode or adjusting the validation policy to be less strict.
    • Interface Kind:
      Java API, System or security property
    • Scope:
      JDK

      Description

      Summary

      Enable the XML Signature secure validation mode by default. This will improve out of the box security by restricting signatures that contain potentially unsafe content.

      Problem

      The XML Signature secure validation mode is enabled by setting the property org.jcp.xml.dsig.secureValidation to Boolean.TRUE with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a security manager.

      Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.

      Solution

      Change javax.xml.crypto.dsig.dom.DOMValidateContext to set the property org.jcp.xml.dsig.secureValidation to Boolean.TRUE by default.

      Specification

      Add the following to the class summary of javax.xml.crypto.dsig.dom.DOMValidateContext:

      * @implNote
      * By default, the JDK implementation enables a secure validation mode by
      * setting the <code>org.jcp.xml.dsig.secureValidation</code> property to
      * <code>Boolean.TRUE</code> (see the {@link #setProperty setProperty}
      * method). When enabled, validation of XML signatures are subject to 
      * stricter checking of algorithms and other constraints as specified by the
      * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.

      Change the text for the jdk.xml.dsig.secureValidationPolicy in the java.security file as follows:

        #
      - # The policy for the XML Signature secure validation mode. The mode is
      - # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
      - # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
      - # or by running the code with a SecurityManager.
      + # The policy for the XML Signature secure validation mode. Validation of
      + # XML Signatures that violate any of these constraints will fail. The
      + # mode is enforced by default. The mode can be disabled by setting the
      + # property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
      + # javax.xml.crypto.XMLCryptoContext.setProperty() method.
        #

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mullan Sean Mullan
              Reporter:
              mullan Sean Mullan
              Reviewed By:
              Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: