Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8323287

Enable XML Signature secure validation mode by default

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 11-pool
    • security-libs
    • None
    • behavioral
    • medium
    • Hide
      XML Signatures containing content that violate the constraints specified by the jdk.xml.dsig.secureValidationPolicy will now be invalid by default. If necessary, and at their own risk, applications can workaround this by disabling the secure validation mode or adjusting the validation policy to be less strict.
      Show
      XML Signatures containing content that violate the constraints specified by the jdk.xml.dsig.secureValidationPolicy will now be invalid by default. If necessary, and at their own risk, applications can workaround this by disabling the secure validation mode or adjusting the validation policy to be less strict.
    • Java API, System or security property
    • JDK

      Summary

      Enable the XML Signature secure validation mode by default. This will improve out of the box security by restricting signatures that contain potentially unsafe content.

      Problem

      The XML Signature secure validation mode is enabled by setting the property org.jcp.xml.dsig.secureValidation to Boolean.TRUE with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a security manager.

      Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.

      Solution

      Change javax.xml.crypto.dsig.dom.DOMValidateContext to set the property org.jcp.xml.dsig.secureValidation to Boolean.TRUE by default.

      Specification

      Add the following to the class summary of javax.xml.crypto.dsig.dom.DOMValidateContext:

      * @implNote
      * By default, the JDK implementation enables a secure validation mode by
      * setting the <code>org.jcp.xml.dsig.secureValidation</code> property to
      * <code>Boolean.TRUE</code> (see the {@link #setProperty setProperty}
      * method). When enabled, validation of XML signatures are subject to 
      * stricter checking of algorithms and other constraints as specified by the
      * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.

      Change the text for the jdk.xml.dsig.secureValidationPolicy in the java.security file as follows:

        #
      - # The policy for the XML Signature secure validation mode. The mode is
      - # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
      - # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
      - # or by running the code with a SecurityManager.
      + # The policy for the XML Signature secure validation mode. Validation of
      + # XML Signatures that violate any of these constraints will fail. The
      + # mode is enforced by default. The mode can be disabled by setting the
      + # property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
      + # javax.xml.crypto.XMLCryptoContext.setProperty() method.
        #

            jnibedita Nibedita Jena
            mullan Sean Mullan
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: