Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8255255: Update Apache Santuario (XML Signature) to version 2.2.1 #1206

Closed
wants to merge 16 commits into from

Conversation

wangweij
Copy link
Contributor

@wangweij wangweij commented Nov 13, 2020

This is a multi-commits PR that upgrades xmldsig to be equivalent to Santuario 2.2.0.

The first step is an auto-import. The JDK implementation is removed first and Santuario code are imported. Some unrelated files (Ex: encryption) are removed, and package names are renamed to be internal. There are also some bulk changes on company name, comment style, and white spaces.

Next steps are patches applied by JDK. Some are old patches before the last import. Some are new.

Several tests need to be updated because of internal method signature changes.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1

Reviewers

Download

To checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/1206/head:pull/1206
$ git checkout pull/1206

To update a local copy of the PR:
$ git checkout pull/1206
$ git pull https://git.openjdk.java.net/jdk pull/1206/head

@bridgekeeper
Copy link

bridgekeeper bot commented Nov 13, 2020

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Nov 13, 2020
@openjdk
Copy link

openjdk bot commented Nov 13, 2020

@wangweij The following label will be automatically applied to this pull request:

  • security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the security security-dev@openjdk.org label Nov 13, 2020
@mlbridge
Copy link

mlbridge bot commented Nov 13, 2020

Webrevs

@wangweij wangweij force-pushed the 8255255 branch 2 times, most recently from 3c07544 to 73c7338 Compare November 13, 2020 21:56
@wangweij wangweij closed this Nov 16, 2020
@wangweij wangweij reopened this Dec 7, 2020
@bridgekeeper
Copy link

bridgekeeper bot commented Dec 11, 2020

@wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

1 similar comment
@bridgekeeper
Copy link

bridgekeeper bot commented Jan 9, 2021

@wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@openjdk
Copy link

openjdk bot commented Jan 10, 2021

@wangweij This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8255255: Update Apache Santuario (XML Signature) to version 2.2.1

Reviewed-by: xuelei, mullan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 16 new commits pushed to the master branch:

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Jan 10, 2021
@openjdk
Copy link

openjdk bot commented Jan 11, 2021

@wangweij
Adding additional issue to issue list: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params.

@openjdk openjdk bot added the csr Pull request needs approved CSR before integration label Jan 11, 2021
@openjdk
Copy link

openjdk bot commented Jan 11, 2021

@wangweij has indicated that a compatibility and specification (CSR) request is needed for this pull request.
@wangweij please create a CSR request and add link to it in JDK-8255255. This pull request cannot be integrated until the CSR request is approved.

@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Jan 11, 2021
@bridgekeeper
Copy link

bridgekeeper bot commented Feb 8, 2021

@wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@wangweij wangweij changed the title 8255255: Update Apache Santuario (XML Signature) to version 2.2.0 8255255: Update Apache Santuario (XML Signature) to version 2.2.1 Mar 6, 2021
@wangweij
Copy link
Contributor Author

wangweij commented Mar 7, 2021

Refresh all commits based on current master HEAD.

  • Now synced with Apache Santuario 2.2.1
  • More recent commits re-applied
  • JDK-8259575 (SignatureMethodParameterSpec for RSASSA-PSS) excluded
  • Copyright year changes for Oracle updated codes

@wangweij
Copy link
Contributor Author

wangweij commented Mar 7, 2021

/issue remove JDK-8241306
/csr unneeded

@openjdk
Copy link

openjdk bot commented Mar 7, 2021

@wangweij
Removing additional issue from issue list: 8241306.

@openjdk openjdk bot removed the csr Pull request needs approved CSR before integration label Mar 7, 2021
@openjdk
Copy link

openjdk bot commented Mar 7, 2021

@wangweij determined that a CSR request is not needed for this pull request.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Mar 7, 2021
@@ -67,10 +67,10 @@ private Utils() {}
* @param i the Iterator
* @return the Set of Nodes
*/
static Set<Node> toNodeSet(Iterator<Node> i) {
static Set<Node> toNodeSet(Iterator<?> i) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does Iterator<Node> cause a warning?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wangweij
Copy link
Contributor Author

wangweij commented Mar 18, 2021

Below is the script to import Santuario 2.2.1 at the beginning. Recorded here so we can reuse it next time.

#! /bin/bash

realpath() {
    [[ $1 = /* ]] && echo "$1" || echo "$PWD/${1#./}"
}

HERE=$(dirname $(realpath $0))

V=2.2.1
BUNDLE=/Users/weijun/work/xmlsec/xmlsec-$V-source-release.zip
# WORK=$(hg root)/src/java.xml.crypto
WORK=/Users/weijun/repos/openjdk/x/open/src/java.xml.crypto

mkdir -p $WORK/share/classes
cd $WORK/share/classes

unzip $BUNDLE \
	'xmlsec-'$V'/src/main/java/org/apache/xml/security/*' \
	'xmlsec-'$V'/src/main/java/org/apache/jcp/xml/dsig/internal/*'

echo Patching impl...
rm -rf com
mkdir -p com/sun/org/apache/xml/internal
mv xmlsec-$V/src/main/java/org/apache/xml/security com/sun/org/apache/xml/internal/

rm -rf com/sun/org/apache/xml/internal/security/stax/
rm -rf com/sun/org/apache/xml/internal/security/encryption
rm -rf com/sun/org/apache/xml/internal/security/binding/
rm -rf com/sun/org/apache/xml/internal/security/configuration/
rm -rf com/sun/org/apache/xml/internal/security/resource/schema/
rm com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayInputStream.java
rm com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java

echo Patching provider...
rm -rf org
mkdir -p org/jcp/xml/dsig
mv xmlsec-$V/src/main/java/org/apache/jcp/xml/dsig/internal org/jcp/xml/dsig/

rm -rf xmlsec-$V

echo Updating package names...
for a in `find com org -type f`; do
	perl -i -p $HERE/trans.pl $a
	head -2 $a | grep -q "Licensed to the Apache Software Foundation" &&
		cat <<EOF | cat - $a > tmptmp && mv tmptmp $a
/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
EOF

done

cat <<EOF > /dev/null
make clean-java.xml.crypto
make JAVAC_WARNINGS=-Xlint:none java.xml.crypto-java-only

sh src/java.xml.crypto/import
hg addremove
hg diff > .hg/patches/santuario-copy
hg revert -a && hg purge

EOF

x $ cat ~/work/xmlsec/trans.pl
#! /usr/bin/perl

# Styles
s/\t/    /g;
s/ +$//;
s/bugs.sun.com/bugs.java.com/;
s/<code>(.*?)<.code>/{\@code $1}/gi;
s/<xmp>/<pre>\{\@code/;
s/<\/xmp>/\}<\/pre>/;
s/(20\d\d) Sun Microsystems, Inc/\(c\) $1, Oracle and\/or its affiliates/;
s/Portions copyright/Copyright/;

# Source
s/org.apache.xml.security/com.sun.org.apache.xml.internal.security/g;
s/org.apache.jcp/org.jcp/g;

# Dependencies reimplemented
s/org.slf4j/com.sun.org.slf4j.internal/g;

# Dependencies elsewhere
s/org.apache.xml.dtm/com.sun.org.apache.xml.internal.dtm/;
s/([ "])org.apache.xpath/$1com.sun.org.apache.xpath.internal/;
s/org.apache.xml.utils/com.sun.org.apache.xml.internal.utils/;

@wangweij
Copy link
Contributor Author

/integrate

@openjdk openjdk bot closed this Mar 20, 2021
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Mar 20, 2021
@openjdk
Copy link

openjdk bot commented Mar 20, 2021

@wangweij Since your change was applied there have been 26 commits pushed to the master branch:

  • d2c137d: 8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true
  • ab66d69: 8263138: Initialization of sun.font.SunFontManager.platformFontMap is not thread safe
  • 5b8233b: 8263871: On sem_destroy() failing we should assert
  • 96e5c3f: 8263890: Broken links to Unicode.org
  • 4d9517d: 8263834: Work around gdb for HashtableEntry
  • 6fa6557: 8263825: Remove unused and commented out member from NTLMException
  • 77ebc11: 8263892: More modifier order fixes in java.base
  • 80d3ea0: 8263885: Use the blessed modifier order in java.sql/rowset/transation.xa
  • 6737135: 8262083: vmTestbase/nsk/jvmti/SetEventNotificationMode/setnotif001/TestDescription.java failed with "No notification: event JVMTI_EVENT_FRAME_POP (61)"
  • 57fc8e9: 8262080: vmTestbase/nsk/jdi/Event/request/request001/TestDescription.java failed with "ERROR: new event is not ThreadStartEvent"
  • ... and 16 more: https://git.openjdk.java.net/jdk/compare/788e30c1541e5705b219dfef53c1e40096e7b8a2...master

Your commit was automatically rebased without conflicts.

Pushed as commit cb742f9.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@wangweij wangweij deleted the 8255255 branch April 2, 2021 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org
3 participants