Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8301544

Add system property to toggle XML Signature secure validation mode

XMLWordPrintable

    • behavioral
    • minimal
    • System or security property
    • JDK

      Summary

      Add a system property that can be used to enable/disable the XML Signature secure validation mode.

      Problem

      The XML Signature secure validation mode can be enabled or disabled by setting the property "org.jcp.xml.dsig.secureValidation" with the javax.xml.crypto.XMLCryptoContext.setProperty() method. This requires a code change. It would be useful, especially for testing purposes, if there was an equivalent way of enabling or disabling the mode at runtime w/o having to change the application's code.

      Solution

      Add a system property named "org.jcp.xml.dsig.secureValidation" that can be used to enable/disable the XML Signature secure validation mode. This property supersedes the XMLCryptoContext property value of the same name.

      Specification

      1. Make the following changes to the definition of the jdk.xml.dsig.secureValidationPolicy security property in the java.security file:
       #
 # The policy for the XML Signature secure validation mode. Validation of
-# XML Signatures that violate any of these constraints will fail. The
-# mode is enforced by default. The mode can be disabled by setting the
-# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
-# javax.xml.crypto.XMLCryptoContext.setProperty() method.
+# XML Signatures that violate any of these constraints will fail.
+# The mode can be enabled or disabled by setting the property
+# "org.jcp.xml.dsig.secureValidation" to Boolean.TRUE or Boolean.FALSE with
+# the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by setting
+# the system property "org.jcp.xml.dsig.secureValidation" to "true" or
+# "false". Any other value for the system property is also treated as "false".
+# If the system property is set, it supersedes the XMLCryptoContext property
+# value.
+#
+# The secure validation mode is enabled by default.
 #
 #   Policy:
 #       Constraint {"," Constraint }
      1. Document the system property in the @implNote of the javax.xml.crypto.dsig.dom.DOMValidateContext class description where it currently describes the secure validation property:
        * method). When enabled, validation of XML signatures are subject to
  * stricter checking of algorithms and other constraints as specified by the
  * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.
+ * The mode can be disabled by setting the property to {@code Boolean.FALSE}.
+ * The mode can also be enabled or disabled by setting the
+ * {@systemProperty org.jcp.xml.dsig.secureValidation} system property to
+ * "true" or "false". Any other value for the system property is also treated
+ * as "false". If the system property is set, it supersedes the
+ * {@code DOMValidateContext} property value.
  *

            mullan Sean Mullan
            mullan Sean Mullan
            Sean Coffey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: