JDK-8301544 : Add system property to toggle XML Signature secure validation mode
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.xml.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 17-pool,17-pool-oracle,20-pool,21
  • Submitted: 2023-01-31
  • Updated: 2023-09-14
  • Resolved: 2023-02-09
Related Reports
CSR :  
JDK-8301260 - Add system property to toggle XML Signature secure validation mode
Description
Summary
-------

Add a system property that can be used to enable/disable the XML Signature secure validation mode.

Problem
-------

The XML Signature secure validation mode can be enabled or disabled by setting the property "org.jcp.xml.dsig.secureValidation" with the `javax.xml.crypto.XMLCryptoContext.setProperty()` method. This requires a code change. It would be useful, especially for testing purposes, if there was an equivalent way of enabling or disabling the mode at runtime w/o having to change the application's code.


Solution
--------

Add a system property named "org.jcp.xml.dsig.secureValidation" that can be used to enable/disable the XML Signature secure validation mode. This property supersedes the `XMLCryptoContext` property value of the same name.

Specification
-------------

1. Make the following changes to the definition of the `jdk.xml.dsig.secureValidationPolicy` security property in the java.security file:

```
 #
 # The policy for the XML Signature secure validation mode. Validation of
-# XML Signatures that violate any of these constraints will fail. The
-# mode is enforced by default. The mode can be disabled by setting the
-# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
-# javax.xml.crypto.XMLCryptoContext.setProperty() method.
+# XML Signatures that violate any of these constraints will fail.
+# The mode can be enabled or disabled by setting the property
+# "org.jcp.xml.dsig.secureValidation" to Boolean.TRUE or Boolean.FALSE with
+# the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by setting
+# the system property "org.jcp.xml.dsig.secureValidation" to "true" or
+# "false". Any other value for the system property is also treated as "false".
+# If the system property is set, it supersedes the XMLCryptoContext property
+# value.
+#
+# The secure validation mode is enabled by default.
 #
 #   Policy:
 #       Constraint {"," Constraint }
```

 1. Document the system property in the @implNote of the  `javax.xml.crypto.dsig.dom.DOMValidateContext` class description where it currently describes the secure validation property:


```
  * method). When enabled, validation of XML signatures are subject to
  * stricter checking of algorithms and other constraints as specified by the
  * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.
+ * The mode can be disabled by setting the property to {@code Boolean.FALSE}.
+ * The mode can also be enabled or disabled by setting the
+ * {@systemProperty org.jcp.xml.dsig.secureValidation} system property to
+ * "true" or "false". Any other value for the system property is also treated
+ * as "false". If the system property is set, it supersedes the
+ * {@code DOMValidateContext} property value.
  *
```
Comments
Moving to Approved.
09-02-2023
[~darcy] System property now documented in DOMValidateContext API. There was actually already an @implNote there describing the secure validation mode, so this is the perfect place for it.
07-02-2023
Sounds good [~mullan]; thanks.
06-02-2023
[~darcy] That's a good idea, although if we do that we should also document the XMLCryptoContext property since they are related, and neither of them are documented in the javadocs. Let me write something up and amend the CSR.
06-02-2023
Moving to Provisional, not Approved. Should this be documented with a systemPropery javadoc tag?
06-02-2023