-
Bug
-
Resolution: Fixed
-
P3
-
8
-
b100
-
b01
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8156312 | 8u111 | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | b01 |
| JDK-8162150 | emb-8u111 | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | b01 |
| JDK-8175441 | openjdk7u | Bhanu Prakash Gopularam | P3 | Resolved | Fixed | master |
One should be able to enable or disable the XML secure validation of digital signature using the DOMValidateContext property "org.jcp.xml.dsig.secureValidation" . In 8u, even when property value is Boolean.FALSE or unset the validation is triggered.
Below code sets the org.jcp.xml.dsig.secureValidation to false
DOMValidateContext vc = new DOMValidateContext(keyValueKS, element);
vc.setBaseURI(base.toURI().toString());
vc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
Immediate call to vc.getProperty() gives correct value but the value is not being considered while XML processing.
Below code sets the org.jcp.xml.dsig.secureValidation to false
DOMValidateContext vc = new DOMValidateContext(keyValueKS, element);
vc.setBaseURI(base.toURI().toString());
vc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
Immediate call to vc.getProperty() gives correct value but the value is not being considered while XML processing.
- backported by
-
JDK-8156312 Secure validation of XML based digital signature always enabled when checking wrapping attacks
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
JDK-8011547 Update XML Signature implementation to Apache Santuario 1.5.4
-
- Closed
-