Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8302168

Document and test the secure validation mode for XML Signature generation

    XMLWordPrintable

Details

    • Enhancement
    • Status: Open
    • P4
    • Resolution: Unresolved
    • None
    • None
    • security-libs
    • None

    Description

      The secure validation mode can also be enabled when generating signatures, although it is not enabled by default like it is for validation. However, it has never been documented in the javadocs and it is not very well tested. This Enhancement is filed to improve that.

      The secure validation mode can be useful and beneficial when generating signatures, minimally as a way to ensure the signatures you generate can be validated when the mode is enabled. It also has security benefits as you typically don't want to be creating signatures containing weak algorithms, or with other constructs that are not considered safe.

      We should add an @implNote to the DOMSignContext API describing how to enable or disable the mode like the one in DOMValidateContext. We should also enhance our regression tests to test the different restrictions of the secure validation mode when generating signatures.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: