JDK-8260154 : Enable XML Signature secure validation mode by default
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 17
  • Submitted: 2021-01-20
  • Updated: 2021-01-27
  • Resolved: 2021-01-27
Related Reports
CSR :  
JDK-8259801 - Enable XML Signature secure validation mode by default
Description
Summary
-------

Enable the XML Signature secure validation mode by default. This will improve out of the box security by restricting signatures that contain potentially unsafe content.

Problem
-------

The XML Signature secure validation mode is enabled by setting the property `org.jcp.xml.dsig.secureValidation` to `Boolean.TRUE` with the `javax.xml.crypto.XMLCryptoContext.setProperty()` method, or by running the code with a security manager.

Use of a security manager is increasingly rare. This option should be enabled by default regardless of whether a security manager is enabled so that all applications can be protected by default.

Solution
--------

Change `javax.xml.crypto.dsig.dom.DOMValidateContext` to set the property `org.jcp.xml.dsig.secureValidation` to `Boolean.TRUE` by default.

Specification
-------------

Add the following to the class summary of `javax.xml.crypto.dsig.dom.DOMValidateContext`:

    * @implNote
    * By default, the JDK implementation enables a secure validation mode by
    * setting the <code>org.jcp.xml.dsig.secureValidation</code> property to
    * <code>Boolean.TRUE</code> (see the {@link #setProperty setProperty}
    * method). When enabled, validation of XML signatures are subject to 
    * stricter checking of algorithms and other constraints as specified by the
    * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.
 
Change the text for the `jdk.xml.dsig.secureValidationPolicy` in the `java.security` file as follows:
```
  #
- # The policy for the XML Signature secure validation mode. The mode is
- # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
- # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
- # or by running the code with a SecurityManager.
+ # The policy for the XML Signature secure validation mode. Validation of
+ # XML Signatures that violate any of these constraints will fail. The
+ # mode is enforced by default. The mode can be disabled by setting the
+ # property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
+ # javax.xml.crypto.XMLCryptoContext.setProperty() method.
  #
```
Comments
I see a release note is already planned; moving to Approved.
27-01-2021