openjdk
diff --git a/‎src/java.base/share/conf/security/java.security
+17 b/‎src/java.base/share/conf/security/java.security
+17
diff --git a/‎src/java.base/share/lib/security/default.policy
+2 b/‎src/java.base/share/lib/security/default.policy
+2
diff --git a/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
+8 b/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
+8
diff --git a/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
+7-4 b/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
+7-4
diff --git a/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
+2-7 b/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
+2-7
diff --git a/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureEDDSA.java
+228 b/‎src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureEDDSA.java
+228
@@ -983,6 +983,23 @@ jdk.xml.dsig.secureValidationPolicy=\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
+#
+# Support for the here() function
+#
+# This security property determines whether the here() XPath function is
+# supported in XML Signature generation and verification.
+#
+# If this property is set to false, the here() function is not supported.
+# Generating an XML Signature that uses the here() function will throw an
+# XMLSignatureException. Validating an existing XML Signature that uses the
+# here() function will also throw an XMLSignatureException.
+#
+# The default value for this property is true.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+#jdk.xml.dsig.hereFunctionSupported=true
 
 #
 # Deserialization JVM-wide filter factory
 
@@ -91,6 +91,8 @@ grant codeBase "jrt:/java.xml.crypto" {
                    "removeProviderProperty.XMLDSig";
     permission java.security.SecurityPermission
                    "com.sun.org.apache.xml.internal.security.register";
+    permission java.security.SecurityPermission
+                   "getProperty.jdk.xml.dsig.hereFunctionSupported";
     permission java.security.SecurityPermission
                    "getProperty.jdk.xml.dsig.secureValidationPolicy";
     permission java.lang.RuntimePermission
 
@@ -209,6 +209,14 @@ public static void registerDefaultAlgorithms() {
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
             new Algorithm("EC", "RIPEMD160withECDSA", "Signature")
         );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519,
+            new Algorithm("Ed25519", "Ed25519", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448,
+            new Algorithm("Ed448", "Ed448", "Signature")
+        );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
             new Algorithm("", "HmacMD5", "Mac", 0, 0)
 
@@ -31,10 +31,7 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
-import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA;
-import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureDSA;
-import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.*;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
@@ -496,6 +493,12 @@ public static void registerDefaultAlgorithms() {
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
         );
+        algorithmHash.put(
+                XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519, SignatureEDDSA.SignatureEd25519.class
+        );
+        algorithmHash.put(
+                XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448, SignatureEDDSA.SignatureEd448.class
+        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );
 
@@ -30,7 +30,6 @@
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.*;
 import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.List;
 
 public final class ECDSAUtils {
@@ -786,9 +785,7 @@ public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
             field = ecFieldF2m.getReductionPolynomial();
         }
 
-        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
-        while (ecCurveDefinitionIterator.hasNext()) {
-            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+        for (ECCurveDefinition ecCurveDefinition : ecCurveDefinitions) {
             String oid = ecCurveDefinition.equals(field, a, b, affineX, affineY, order, h);
             if (oid != null) {
                 return oid;
@@ -798,9 +795,7 @@ public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
     }
 
     public static ECCurveDefinition getECCurveDefinition(String oid) {
-        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
-        while (ecCurveDefinitionIterator.hasNext()) {
-            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+        for (ECCurveDefinition ecCurveDefinition : ecCurveDefinitions) {
             if (ecCurveDefinition.getOid().equals(oid)) {
                 return ecCurveDefinition;
             }
 
@@ -0,0 +1,228 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
+import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+
+import java.io.IOException;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ *
+ */
+public abstract class SignatureEDDSA extends SignatureAlgorithmSpi {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureEDDSA.class);
+
+    private final Signature signatureAlgorithm;
+
+
+    /**
+     * Constructor SignatureEDDSA
+     *
+     * @throws XMLSignatureException
+     */
+    public SignatureEDDSA() throws XMLSignatureException {
+        this(null);
+    }
+
+    public SignatureEDDSA(Provider provider) throws XMLSignatureException {
+        String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+        LOG.debug("Created SignatureEDDSA using {}", algorithmID);
+
+        try {
+            if (provider == null) {
+                String providerId = JCEMapper.getProviderId();
+                if (providerId == null) {
+                    this.signatureAlgorithm = Signature.getInstance(algorithmID);
+
+                } else {
+                    this.signatureAlgorithm = Signature.getInstance(algorithmID, providerId);
+                }
+
+            } else {
+                this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
+            }
+
+        } catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void engineSetParameter(AlgorithmParameterSpec params)
+        throws XMLSignatureException {
+        try {
+            this.signatureAlgorithm.setParameter(params);
+        } catch (InvalidAlgorithmParameterException ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
+        try {
+
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Called SignatureEDDSA.verify() on " + XMLUtils.encodeToString(signature));
+            }
+
+            return this.signatureAlgorithm.verify(signature);
+        } catch (SignatureException  ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+        engineInitVerify(publicKey, signatureAlgorithm);
+    }
+
+    /** {@inheritDoc} */
+    protected byte[] engineSign() throws XMLSignatureException {
+        try {
+            return this.signatureAlgorithm.sign();
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+        throws XMLSignatureException {
+
+        engineInitSign(privateKey, secureRandom, this.signatureAlgorithm);
+    }
+
+    /** {@inheritDoc} */
+    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+        engineInitSign(privateKey, (SecureRandom)null);
+    }
+
+    /** {@inheritDoc} */
+    protected void engineUpdate(byte[] input) throws XMLSignatureException {
+        try {
+            this.signatureAlgorithm.update(input);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void engineUpdate(byte input) throws XMLSignatureException {
+        try {
+            this.signatureAlgorithm.update(input);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected void engineUpdate(byte[] buf, int offset, int len) throws XMLSignatureException {
+        try {
+            this.signatureAlgorithm.update(buf, offset, len);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    protected String engineGetJCEAlgorithmString() {
+        return this.signatureAlgorithm.getAlgorithm();
+    }
+
+    /** {@inheritDoc} */
+    protected String engineGetJCEProviderName() {
+        return this.signatureAlgorithm.getProvider().getName();
+    }
+
+    /** {@inheritDoc} */
+    protected void engineSetHMACOutputLength(int HMACOutputLength)
+        throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+    }
+
+    /** {@inheritDoc} */
+    protected void engineInitSign(
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
+    ) throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnEdDSA");
+    }
+
+    /**
+     * Class SignatureEd25519
+     *
+     */
+    public static class SignatureEd25519 extends SignatureEDDSA {
+        /**
+         * Constructor SignatureEd25519
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureEd25519() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureEd25519(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519;
+        }
+    }
+
+    /**
+     * Class SignatureEd448
+     */
+    public static class SignatureEd448 extends SignatureEDDSA {
+
+        /**
+         * Constructor SignatureEd448
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureEd448() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureEd448(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448;
+        }
+    }
+}