changeset 8575:d8d7c2585168

8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks Summary: Trigger xml digsig validation based on value of property org.jcp.xml.dsig.secureValidation Reviewed-by: mullan Contributed-by: bhanu.prakash.gopularam@oracle.com
author bgopularam
date Tue, 24 Jan 2017 05:19:25 +0000
parents bb23857f1fe9
children 9c82f55dd1de
files src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java	Fri Jul 11 07:42:03 2014 -0400
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java	Tue Jan 24 05:19:25 2017 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
@@ -111,7 +111,8 @@
         try {
             ResourceResolver apacheResolver =
                 ResourceResolver.getInstance(uriAttr, baseURI, secVal);
-            XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI);
+            XMLSignatureInput in = apacheResolver.resolve(uriAttr,
+                                                          baseURI, secVal);
             if (in.isOctetStream()) {
                 return new ApacheOctetStreamData(in);
             } else {