JDK-8223682 : [xmldsig] Add KeyValue::EC_TYPE
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 13
  • Submitted: 2019-05-10
  • Updated: 2021-10-17
  • Resolved: 2019-05-23
Related Reports
CSR :  
Description
Summary
-------

Add a new `EC_TYPE` constant to the `javax.xml.crypto.dsig.keyinfo.KeyValue` interface.

        final static String EC_TYPE =
                "http://www.w3.org/2009/xmldsig11#ECKeyValue";
Problem
-------

The EC key value is supported in Santuario 2.1.3, we should add a new constant for it.

Solution
--------

See Specification. Besides adding the next string constant, the XML schema for the new type is also added (like we did for RSA and DSA). The text is copied from 4.5.2 and 4.5.2.3 of https://www.w3.org/TR/xmldsig-core/.

Specification
-------------

    diff --git a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyValue.java b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyValue.java
    --- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyValue.java
    +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/KeyValue.java
    @@ -1,5 +1,5 @@
     /*
    - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
    + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
      * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      *
      * This code is free software; you can redistribute it and/or modify it
    @@ -47,6 +47,8 @@
      *      <choice>
      *        <element ref="ds:DSAKeyValue"/>
      *        <element ref="ds:RSAKeyValue"/>
    + *        <!-- <element ref="dsig11:ECKeyValue"/> -->
    + *        <!-- ECC keys (XMLDsig 1.1) will use the any element -->
      *        <any namespace="##other" processContents="lax"/>
      *      </choice>
      *    </complexType>
    @@ -75,6 +77,25 @@
      *        <element name="Exponent" type="ds:CryptoBinary"/>
      *      </sequence>
      *    </complexType>
    + *
    + *    <complexType name="ECKeyValueType">
    + *      <sequence>
    + *        <choice>
    + *          <element name="ECParameters" type="dsig11:ECParametersType" />
    + *          <element name="NamedCurve" type="dsig11:NamedCurveType" />
    + *        </choice>
    + *        <element name="PublicKey" type="dsig11:ECPointType" />
    + *      </sequence>
    + *      <attribute name="Id" type="ID" use="optional" />
    + *    </complexType>
    + *
    + *    <complexType name="NamedCurveType">
    + *      <attribute name="URI" type="anyURI" use="required" />
    + *    </complexType>
    + *
    + *    <simpleType name="ECPointType">
    + *      <restriction base="ds:CryptoBinary" />
    + *    </simpleType>
      * </pre>
      * A <code>KeyValue</code> instance may be created by invoking the
      * {@link KeyInfoFactory#newKeyValue newKeyValue} method of the
    @@ -124,6 +148,16 @@
    +     /**
    +     * URI identifying the EC KeyValue KeyInfo type:
    +     * http://www.w3.org/2009/xmldsig11#ECKeyValue. This can be specified as
    +     * the value of the <code>type</code> parameter of the
    +     * {@link RetrievalMethod} class to describe a remote
    +     * <code>ECKeyValue</code> structure.
    +     *
    +     * @since 13
    +     */
    +    final static String EC_TYPE =
    +        "http://www.w3.org/2009/xmldsig11#ECKeyValue";


Comments
Moving to Approved.
23-05-2019