-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8305972: Update XML Security for Java to 3.0.2 #2455
Conversation
👋 Welcome back goetz! A progress list of the required criteria for merging this PR into |
64de70f
to
af1cee7
Compare
@GoeLin Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information. |
GHA actions: jtharness download failed. Needs rerun. |
This backport pull request has now been updated with issue from the original commit. |
Webrevs
|
|
GHA failure: infra issue: rror: C++11 was disabled in PCH file but is currently enabled |
@GoeLin This change now passes all automated pre-integration checks. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 20 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
/integrate |
Going to push as commit ef24634.
Your commit was automatically rebased without conflicts. |
This backport is based on openjdk/jdk17u-dev#2116 , the minimal version.
It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.
I needed the following adaptions you find in seperate commits:
Resolves:
The implementation in the jdk patched clean.
There were some conflicts in the tests:
test/jdk/TEST.groups
trivial resolve due to context.
test/jdk/javax/xml/crypto/dsig/GenerationTests.java
trivial resolve due to context. 8241306 is missing in the context.
test/jdk/javax/xml/crypto/dsig/SecureValidation.java
This file is not in 11.
It came with "8241306: Add SignatureMethodParameterSpec subclass
for RSASSA-PSS params" which was not backported. Changes omitted.
test/lib/jdk/test/lib/security/XMLUtils.java
One chunk does not apply because the removed code differs.
In 17, a switch statement is used that was adapted to Java 11.
Moved the comment and exception thrown in 11 to the new place.
Make it compile and make the tests work:
The changes to the libraries compile out of the box.
The tests needed several adaptions. I did not remove the
bad code yet, but just commented it out to highlight the
differences better for now.
test/jdk/javax/xml/crypto/dsig/Basic.java
I had to remove test cases because
8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
8166597: Crypto support for the EdDSA Signature Algorithm
are not in 11.
test/jdk/javax/xml/crypto/dsig/GenerationTests.java
To make it compile, I
replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
Further, I commented a row of test coding that does not compile.
"8166597: Crypto support for the EdDSA Signature Algorithm" would
be needed to get these test cases working.
This effectively removes the test cases for the new functionality.
test/jdk/javax/xml/crypto/dsig/HereFunction.java
A simple tweak to enable testing of sha1 is not needed in 11.
In 11, sha1 is still available per default as
"8259709: Disable SHA-1 XML Signatures" was not backported.
test/lib/jdk/test/lib/security/XMLUtils.java
More complex resolve because a previous backport was already adapted to 11.
The code in 17 uses incompatible switch and instanceof
in several places.
It also needed adaptions because it does not compile as
8166597: Crypto support for the EdDSA Signature Algorithm
is not in 11.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/2455/head:pull/2455
$ git checkout pull/2455
Update a local copy of the PR:
$ git checkout pull/2455
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/2455/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 2455
View PR using the GUI difftool:
$ git pr show -t 2455
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/2455.diff
Webrev
Link to Webrev Comment