Hi Weijun, I am glad to be helpful for community. Thanks a lot for your notes.
In addition to all mentioned above and due to (8151893: Add security property to configure XML Signature secure validation mode) it seems the checking of Policy.restrictRetrievalMethodLoops also should be reverted? Please correct me if I'm wrong and it should not. Andrew Brygin volunteered to be sponsor for this code change. New webrev: http://cr.openjdk.java.net/~fijiol/8231507/webrev.01/ Tests: test/jdk/javax/xml/crypto/dsig/ Best regards, Fedor ________________________________ От: Weijun Wang <[email protected]> Отправлено: 10 октября 2019 г. 13:08 Кому: Fedor Burdun Копия: [email protected] Тема: Re: RFR: 8231507: Update Apache Santuario (XML Signature) to version 2.1.4 Hi Fedor, First, thanks a lot for the contribution. Overall the code change looks fine, but I have several comments: 1. The change in EncryptionConstants.java is not necessary. In this module we only do the signature part, but not encryption. 2. For the same reason, 5 new methods in XMLUtils.java about encryption. 3. In DOMRetrievalMethod.java, please revert to the use of "Policy.restrictNumTransforms(newTransforms.size())". The java.xml.crypto module inside OpenJDK is a little different from Santuario here and it uses a java.security property named "jdk.xml.dsig.secureValidationPolicy". 4. XMLDSigRI.java contains no actual change and can be kept unchanged. Have you found a committer to sponsor your code change? If not, I'll be happy to do it. Thanks, Max > On Oct 8, 2019, at 12:35 AM, Fedor Burdun <[email protected]> wrote: > > Dear all, > > Would you please review the following change? > Bug: https://bugs.openjdk.java.net/browse/JDK-8231507 > Webrev: http://cr.openjdk.java.net/~fijiol/8231507/webrev.00/ > > This change upgrades Apache Santuario library to version 2.1.4 > > Best regards, > Fedor
