Summary

Add a new XMLSignContext property named "jdk.xmldsig.SecureRandom" so that users can provide their own SecureRandom object when generating an XML signature.

Problem

A lot of signature algorithms rely on randomness, and the java.security.Signature class actually lets you pass in your own SecureRandom object when you use the initSign(PrivateKey key, SecureRandom sr) method. This can be handy if you need a predictable signature for testing, or if you have to use a specific random source for compliance reasons.

However, when generating XML signatures, the process uses the Signature API behind the scenes, but there is currently no option for users to provide their own SecureRandom object.

Solution

Add a new XMLSignContext property named "jdk.xmldsig.SecureRandom". Users can specify their own SecureRandom object before signing a document. For example:

var sc = new DOMSignContext(privateKey, doc);
sc.setProperty("jdk.xmldsig.SecureRandom", myRandom);
var sig = XMLSignatureFactory.getInstance("DOM").newXMLSignature(si, ki);
sig.sign(sc);

Specification

The new property is described in an @implNote in src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/DOMSignContext.java:

 * @implNote
 * The JDK implementation supports the following property that can be set
 * using the {@link #setProperty setProperty} method.
 * <ul>
 *   <li><code>jdk.xmldsig.SecureRandom</code>: value must be a
 *       {@link SecureRandom}. If specified, this object will be
 *       used to initialize the underlying {@code Signature} during signing
 *       using the {@link Signature#initSign(PrivateKey, SecureRandom)}
 *       method.
 * </ul>