Skip to content

8359395: XML signature generation does not support user provided SecureRandom #25802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

8359395: XML signature generation does not support user provided SecureRandom #25802

wants to merge 3 commits into from

Conversation

wangweij
Copy link
Contributor

@wangweij wangweij commented Jun 13, 2025
edited by openjdk bot
Loading

New XMLSignContext property to allow user-specific SecureRandom for XML signature generation.

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change requires CSR request JDK-8359442 to be approved

Issues

  • JDK-8359395: XML signature generation does not support user provided SecureRandom (Enhancement - P4)
  • JDK-8359442: XML signature generation does not support user provided SecureRandom (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/25802/head:pull/25802
$ git checkout pull/25802

Update a local copy of the PR:
$ git checkout pull/25802
$ git pull https://git.openjdk.org/jdk.git pull/25802/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 25802

View PR using the GUI difftool:
$ git pr show -t 25802

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/25802.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Jun 13, 2025

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Jun 13, 2025

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

@openjdk openjdk bot added csr Pull request needs approved CSR before integration rfr Pull request is ready for review labels Jun 13, 2025
@openjdk
Copy link

openjdk bot commented Jun 13, 2025

@wangweij The following label will be automatically applied to this pull request:

  • security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@mlbridge
Copy link

mlbridge bot commented Jun 13, 2025
edited
Loading

Webrevs

myankelev
myankelev reviewed Jun 16, 2025
View reviewed changes
test/jdk/javax/xml/crypto/dsig/Properties.java
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.Base64;
import java.util.logging.*;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: this is not needed

src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod.java
@@ -33,6 +33,7 @@
import java.security.PrivateKey;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a copyright update here and in DOMSignatureMethod.java?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@myankelev myankelev myankelev left review comments

Assignees
No one assigned
Labels
csr Pull request needs approved CSR before integration rfr Pull request is ready for review security [email protected]
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wangweij @myankelev