Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8305972: Update XML Security for Java to 3.0.2 #2455

Closed
wants to merge 6 commits into from

Conversation

GoeLin
Copy link
Member

@GoeLin GoeLin commented Jan 11, 2024

This backport is based on openjdk/jdk17u-dev#2116 , the minimal version.
It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.

I needed the following adaptions you find in seperate commits:

Resolves:

The implementation in the jdk patched clean.
There were some conflicts in the tests:

test/jdk/TEST.groups
trivial resolve due to context.

test/jdk/javax/xml/crypto/dsig/GenerationTests.java
trivial resolve due to context. 8241306 is missing in the context.

test/jdk/javax/xml/crypto/dsig/SecureValidation.java
This file is not in 11.
It came with "8241306: Add SignatureMethodParameterSpec subclass
for RSASSA-PSS params" which was not backported. Changes omitted.

test/lib/jdk/test/lib/security/XMLUtils.java
One chunk does not apply because the removed code differs.
In 17, a switch statement is used that was adapted to Java 11.
Moved the comment and exception thrown in 11 to the new place.

Make it compile and make the tests work:

The changes to the libraries compile out of the box.

The tests needed several adaptions. I did not remove the
bad code yet, but just commented it out to highlight the
differences better for now.

test/jdk/javax/xml/crypto/dsig/Basic.java
I had to remove test cases because
8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
8166597: Crypto support for the EdDSA Signature Algorithm
are not in 11.

test/jdk/javax/xml/crypto/dsig/GenerationTests.java
To make it compile, I
replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
Further, I commented a row of test coding that does not compile.
"8166597: Crypto support for the EdDSA Signature Algorithm" would
be needed to get these test cases working.
This effectively removes the test cases for the new functionality.

test/jdk/javax/xml/crypto/dsig/HereFunction.java
A simple tweak to enable testing of sha1 is not needed in 11.
In 11, sha1 is still available per default as
"8259709: Disable SHA-1 XML Signatures" was not backported.

test/lib/jdk/test/lib/security/XMLUtils.java
More complex resolve because a previous backport was already adapted to 11.
The code in 17 uses incompatible switch and instanceof
in several places.
It also needed adaptions because it does not compile as
8166597: Crypto support for the EdDSA Signature Algorithm
is not in 11.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • JDK-8305972 needs maintainer approval
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8305972: Update XML Security for Java to 3.0.2 (Enhancement - P3 - Approved)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/2455/head:pull/2455
$ git checkout pull/2455

Update a local copy of the PR:
$ git checkout pull/2455
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/2455/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 2455

View PR using the GUI difftool:
$ git pr show -t 2455

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/2455.diff

Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Jan 11, 2024

👋 Welcome back goetz! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@GoeLin GoeLin force-pushed the goetz_backport_8305972-minimal branch from 64de70f to af1cee7 Compare January 11, 2024 19:23
@GoeLin GoeLin changed the title Backport based on minimla PR for 17 Backport of "8305972: Update XML Security for Java to 3.0.2" based on minimla PR for 17 Jan 11, 2024
@openjdk
Copy link

openjdk bot commented Jan 11, 2024

@GoeLin Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

@GoeLin GoeLin changed the title Backport of "8305972: Update XML Security for Java to 3.0.2" based on minimla PR for 17 Backport f0aebc8141de5a50c88658a40caa01967a9afc53 Jan 12, 2024
@GoeLin
Copy link
Member Author

GoeLin commented Jan 12, 2024

GHA actions: jtharness download failed. Needs rerun.

@openjdk openjdk bot changed the title Backport f0aebc8141de5a50c88658a40caa01967a9afc53 8305972: Update XML Security for Java to 3.0.2 Jan 12, 2024
@openjdk
Copy link

openjdk bot commented Jan 12, 2024

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Jan 12, 2024
@mlbridge
Copy link

mlbridge bot commented Jan 12, 2024

Webrevs

@openjdk
Copy link

openjdk bot commented Jan 18, 2024

⚠️ @GoeLin This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

@GoeLin
Copy link
Member Author

GoeLin commented Jan 18, 2024

GHA failure: infra issue: rror: C++11 was disabled in PCH file but is currently enabled
Adressed by backport JDK-8323008.
Passed before pushing change adding empty line

@openjdk openjdk bot added the approval label Jan 18, 2024
@openjdk
Copy link

openjdk bot commented Jan 19, 2024

@GoeLin This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8305972: Update XML Security for Java to 3.0.2

Reviewed-by: mbaesken

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 20 new commits pushed to the master branch:

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added ready Pull request is ready to be integrated and removed approval labels Jan 19, 2024
@GoeLin
Copy link
Member Author

GoeLin commented Jan 19, 2024

/integrate

@openjdk
Copy link

openjdk bot commented Jan 19, 2024

Going to push as commit ef24634.
Since your change was applied there have been 20 commits pushed to the master branch:

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Jan 19, 2024
@openjdk openjdk bot closed this Jan 19, 2024
@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Jan 19, 2024
@openjdk openjdk bot removed the rfr Pull request is ready for review label Jan 19, 2024
@openjdk
Copy link

openjdk bot commented Jan 19, 2024

@GoeLin Pushed as commit ef24634.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@GoeLin GoeLin deleted the goetz_backport_8305972-minimal branch January 19, 2024 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport integrated Pull request has been integrated
Development

Successfully merging this pull request may close these issues.

2 participants