Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8359442

XML signature generation does not support user provided SecureRandom

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Unresolved
    • Icon: P4 P4
    • 26
    • security-libs
    • None
    • behavioral
    • minimal
    • New property.
    • Other
    • JDK

      Summary

      Add a new XMLSignContext property named "jdk.xmldsig.SecureRandom" so that users can provide their own SecureRandom object when generating an XML signature.

      Problem

      A lot of signature algorithms rely on randomness, and the java.security.Signature class actually lets you pass in your own SecureRandom object when you use the initSign(PrivateKey key, SecureRandom sr) method. This can be handy if you need a predictable signature for testing, or if you have to use a specific random source for compliance reasons.

      However, when generating XML signatures, the process uses the Signature API behind the scenes, but there is currently no option for users to provide their own SecureRandom object.

      Solution

      Add a new XMLSignContext property named "jdk.xmldsig.SecureRandom". Users can specify their own SecureRandom object before signing a document. For example:

      var sc = new DOMSignContext(privateKey, doc);
sc.setProperty("jdk.xmldsig.SecureRandom", myRandom);
var sig = XMLSignatureFactory.getInstance("DOM").newXMLSignature(si, ki);
sig.sign(sc);

      Specification

      No specification.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: