Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151893

Add security property to configure XML Signature secure validation mode

    XMLWordPrintable

Details

    Backports

      Description

        The XML Signature secure validation mode is all or nothing, there is no way to selectively control each of the restrictions. The mode is enabled either by setting the property "org.jcp.xml.dsig.secureValidation" to true with the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by running the code with a SecurityManager.

        It would be useful to define a new security property that allows you to configure the individual restrictions that are enabled. For example:

        jdk.xmldsig.secureValidation=xslt, md5, refs > 29, \
            trans > 4, uniqueIds, uri = file | http, \
            retMethodLoop, DSA keySize < 1024, \
            RSA keySize < 1024

        An administrator could selectively control each restriction, and could remove/disable a single restriction without having to completely turn off everything.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167887 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8169151 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8175442 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167390 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167391 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167392 Add security property to configure XML Signature secure validation mode

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Enhancement - null JDK-8151897 Document the XML Signature secure validation mode

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: