-
CSR
-
Resolution: Unresolved
-
P4
-
None
-
behavioral
-
minimal
-
New property.
-
Other
-
JDK
Summary
Add a new XMLSignContext
property named "jdk.xmldsig.SecureRandom" so that users can provide their own SecureRandom
object when generating an XML signature.
Problem
A lot of signature algorithms rely on randomness, and the java.security.Signature
class actually lets you pass in your own SecureRandom
object when you use the initSign(PrivateKey key, SecureRandom sr)
method. This can be handy if you need a predictable signature for testing, or if you have to use a specific random source for compliance reasons.
However, when generating XML signatures, the process uses the Signature
API behind the scenes, but there is currently no option for users to provide their own SecureRandom
object.
Solution
Add a new XMLSignContext
property named "jdk.xmldsig.SecureRandom". Users can specify their own SecureRandom
object before signing a document. For example:
var sc = new DOMSignContext(privateKey, doc);
sc.setProperty("jdk.xmldsig.SecureRandom", myRandom);
var sig = XMLSignatureFactory.getInstance("DOM").newXMLSignature(si, ki);
sig.sign(sc);
Specification
The new property is described in an @implNote
in src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/DOMSignContext.java
:
* @implNote
* The JDK implementation supports the following property that can be set
* using the {@link #setProperty setProperty} method.
* <ul>
* <li><code>jdk.xmldsig.SecureRandom</code>: value must be a
* {@link SecureRandom}. If specified, this object will be
* used to initialize the underlying {@code Signature} during signing
* using the {@link Signature#initSign(PrivateKey, SecureRandom)}
* method.
* </ul>
- csr of
-
JDK-8359395 XML signature generation does not support user provided SecureRandom
-
- Open
-
- relates to
-
JDK-8364039 Adding implNote to XMLSignContext and XMLValidateContext on JDK-specific properties
-
- Open
-