8259801: Enable XML Signature secure validation mode by default

seanjmullan · seanjmullan · commit baf46bac41f1 · 2021-01-28T14:28:27.000Z
Reviewed-by: weijun, rhalade
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -925,10 +925,11 @@ jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37
 crypto.policy=crypto.policydir-tbd
 
 #
-# The policy for the XML Signature secure validation mode. The mode is
-# enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
-# true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
-# or by running the code with a SecurityManager.
+# The policy for the XML Signature secure validation mode. Validation of
+# XML Signatures that violate any of these constraints will fail. The
+# mode is enforced by default. The mode can be disabled by setting the
+# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
+# javax.xml.crypto.XMLCryptoContext.setProperty() method.
 #
 #   Policy:
 #       Constraint {"," Constraint }
@@ -955,8 +956,8 @@ crypto.policy=crypto.policydir-tbd
 # MaxReferencesConstraint or KeySizeConstraint (for the same key type) is
 # specified more than once, only the last entry is enforced.
 #
-# Note: This property is currently used by the JDK Reference implementation. It
-# is not guaranteed to be examined and used by other implementations.
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
 #
 jdk.xml.dsig.secureValidationPolicy=\
     disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
diff --git a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/DOMValidateContext.java b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/DOMValidateContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,14 @@
  * (for example, you should not use the same <code>DOMValidateContext</code>
  * instance to validate two different {@link XMLSignature} objects).
  *
+ * @implNote
+ * By default, the JDK implementation enables a secure validation mode by
+ * setting the <code>org.jcp.xml.dsig.secureValidation</code> property to
+ * <code>Boolean.TRUE</code> (see the {@link #setProperty setProperty}
+ * method). When enabled, validation of XML signatures are subject to
+ * stricter checking of algorithms and other constraints as specified by the
+ * <code>jdk.xml.dsig.secureValidationPolicy</code> security property.
+ *
  * @author Sean Mullan
  * @author JSR 105 Expert Group
  * @since 1.6
@@ -103,10 +111,7 @@ private void init(Node node, KeySelector ks) {
 
         this.node = node;
         super.setKeySelector(ks);
-        if (System.getSecurityManager() != null) {
-            super.setProperty("org.jcp.xml.dsig.secureValidation",
-                              Boolean.TRUE);
-        }
+        super.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
     }
 
     /**
diff --git a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -603,21 +603,21 @@ static void test_create_signature_enveloped_dsa(int size) throws Exception {
     static void test_create_signature_enveloping_b64_dsa() throws Exception {
         System.out.println("* Generating signature-enveloping-b64-dsa.xml");
         test_create_signature_enveloping
-            (sha1, dsaSha1, dsa1024, signingKey, kvks, true);
+            (sha1, dsaSha1, dsa1024, signingKey, kvks, true, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_dsa() throws Exception {
         System.out.println("* Generating signature-enveloping-dsa.xml");
         test_create_signature_enveloping
-            (sha1, dsaSha1, dsa1024, signingKey, kvks, false);
+            (sha1, dsaSha1, dsa1024, signingKey, kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha256_dsa() throws Exception {
         System.out.println("* Generating signature-enveloping-sha256-dsa.xml");
         test_create_signature_enveloping
-            (sha256, dsaSha1, dsa1024, signingKey, kvks, false);
+            (sha256, dsaSha1, dsa1024, signingKey, kvks, false, true);
         System.out.println();
     }
 
@@ -626,7 +626,7 @@ static void test_create_signature_enveloping_hmac_sha1_40()
         System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");
         try {
             test_create_signature_enveloping(sha1, hmacSha1, null,
-                getSecretKey("secret".getBytes("ASCII")), sks, false);
+                getSecretKey("secret".getBytes("ASCII")), sks, false, true);
         } catch (Exception e) {
             if (!(e instanceof XMLSignatureException)) {
                 throw e;
@@ -639,199 +639,199 @@ static void test_create_signature_enveloping_hmac_sha256()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha256.xml");
         test_create_signature_enveloping(sha1, hmacSha256, null,
-            getSecretKey("secret".getBytes("ASCII")), sks, false);
+            getSecretKey("secret".getBytes("ASCII")), sks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_hmac_sha224()
             throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha224.xml");
         test_create_signature_enveloping(sha1, hmacSha224, null,
-                getSecretKey("secret".getBytes("ASCII")), sks, false);
+                getSecretKey("secret".getBytes("ASCII")), sks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_hmac_sha384()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha384.xml");
         test_create_signature_enveloping(sha1, hmacSha384, null,
-            getSecretKey("secret".getBytes("ASCII")), sks, false);
+            getSecretKey("secret".getBytes("ASCII")), sks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_hmac_sha512()
         throws Exception {
         System.out.println("* Generating signature-enveloping-hmac-sha512.xml");
         test_create_signature_enveloping(sha1, hmacSha512, null,
-            getSecretKey("secret".getBytes("ASCII")), sks, false);
+            getSecretKey("secret".getBytes("ASCII")), sks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_rsa() throws Exception {
         System.out.println("* Generating signature-enveloping-rsa.xml");
         test_create_signature_enveloping(sha1, rsaSha1, rsa,
-            getPrivateKey("RSA", 512), kvks, false);
+            getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha384_rsa_sha256()
         throws Exception {
         System.out.println("* Generating signature-enveloping-sha384-rsa_sha256.xml");
         test_create_signature_enveloping(sha384, rsaSha256, rsa,
-            getPrivateKey("RSA", 512), kvks, false);
+            getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha224_rsa_sha256()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha224-rsa_sha256.xml");
         test_create_signature_enveloping(sha224, rsaSha256, rsa,
-                getPrivateKey("RSA", 512), kvks, false);
+                getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha3_224_rsa_sha256()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha3_224-rsa_sha256.xml");
         test_create_signature_enveloping(sha3_224, rsaSha256, rsa,
-                getPrivateKey("RSA", 512), kvks, false);
+                getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha3_256_rsa_sha256()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha3_256-rsa_sha256.xml");
         test_create_signature_enveloping(sha3_256, rsaSha256, rsa,
-                getPrivateKey("RSA", 512), kvks, false);
+                getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha3_384_rsa_sha256()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha3_384-rsa_sha256.xml");
         test_create_signature_enveloping(sha3_384, rsaSha256, rsa,
-                getPrivateKey("RSA", 512), kvks, false);
+                getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha3_512_rsa_sha256()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha3_512-rsa_sha256.xml");
         test_create_signature_enveloping(sha3_512, rsaSha256, rsa,
-                getPrivateKey("RSA", 512), kvks, false);
+                getPrivateKey("RSA", 512), kvks, false, false);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha384()
         throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");
         test_create_signature_enveloping(sha512, rsaSha384, rsa1024,
-            getPrivateKey("RSA", 1024), kvks, false);
+            getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha224()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha224.xml");
         test_create_signature_enveloping(sha512, rsaSha224, rsa1024,
-                getPrivateKey("RSA", 1024), kvks, false);
+                getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha512()
         throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");
         test_create_signature_enveloping(sha512, rsaSha512, rsa1024,
-            getPrivateKey("RSA", 1024), kvks, false);
+            getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha1_mgf1()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha1_mgf1.xml");
         test_create_signature_enveloping(sha512, rsaSha1mgf1, rsa1024,
-                getPrivateKey("RSA", 1024), kvks, false);
+                getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha224_mgf1()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha224_mgf1.xml");
         test_create_signature_enveloping(sha512, rsaSha224mgf1, rsa1024,
-                getPrivateKey("RSA", 1024), kvks, false);
+                getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha256_mgf1()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha256_mgf1.xml");
         test_create_signature_enveloping(sha512, rsaSha256mgf1, rsa1024,
-                getPrivateKey("RSA", 1024), kvks, false);
+                getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha384_mgf1()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha384_mgf1.xml");
         test_create_signature_enveloping(sha512, rsaSha384mgf1, rsa1024,
-                getPrivateKey("RSA", 1024), kvks, false);
+                getPrivateKey("RSA", 1024), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_sha512_rsa_sha512_mgf1()
             throws Exception {
         System.out.println("* Generating signature-enveloping-sha512-rsa_sha512_mgf1.xml");
         test_create_signature_enveloping(sha512, rsaSha512mgf1, rsa2048,
-                getPrivateKey("RSA", 2048), kvks, false);
+                getPrivateKey("RSA", 2048), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p256_sha1() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha1.xml");
         test_create_signature_enveloping(sha1, ecdsaSha1, p256ki,
-            getECPrivateKey("P256"), kvks, false);
+            getECPrivateKey("P256"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p256_sha224() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha224.xml");
         test_create_signature_enveloping(sha1, ecdsaSha224, p256ki,
-                getECPrivateKey("P256"), kvks, false);
+                getECPrivateKey("P256"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p256_sha256() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha256.xml");
         test_create_signature_enveloping(sha1, ecdsaSha256, p256ki,
-                getECPrivateKey("P256"), kvks, false);
+                getECPrivateKey("P256"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p256_sha384() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha384.xml");
         test_create_signature_enveloping(sha1, ecdsaSha384, p256ki,
-                getECPrivateKey("P256"), kvks, false);
+                getECPrivateKey("P256"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p256_sha512() throws Exception {
         System.out.println("* Generating signature-enveloping-p256-sha512.xml");
         test_create_signature_enveloping(sha1, ecdsaSha512, p256ki,
-                getECPrivateKey("P256"), kvks, false);
+                getECPrivateKey("P256"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p384_sha1() throws Exception {
         System.out.println("* Generating signature-enveloping-p384-sha1.xml");
         test_create_signature_enveloping(sha1, ecdsaSha1, p384ki,
-            getECPrivateKey("P384"), kvks, false);
+            getECPrivateKey("P384"), kvks, false, true);
         System.out.println();
     }
 
     static void test_create_signature_enveloping_p521_sha1() throws Exception {
         System.out.println("* Generating signature-enveloping-p521-sha1.xml");
         test_create_signature_enveloping(sha1, ecdsaSha1, p521ki,
-            getECPrivateKey("P521"), kvks, false);
+            getECPrivateKey("P521"), kvks, false, true);
         System.out.println();
     }
 
@@ -963,6 +963,7 @@ static void test_create_signature_reference_dependency() throws Exception {
 
         DOMValidateContext dvc = new DOMValidateContext
             (kvks, doc.getDocumentElement());
+        dvc.setProperty("org.jcp.xml.dsig.secureValidation", false);
         XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
 
         if (sig.equals(sig2) == false) {
@@ -1010,6 +1011,7 @@ static void test_create_signature_with_attr_in_no_namespace()
 
         DOMValidateContext dvc = new DOMValidateContext
             (kvks, doc.getDocumentElement());
+        dvc.setProperty("org.jcp.xml.dsig.secureValidation", false);
         dvc.setIdAttributeNS(nc, null, "Id");
         XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
 
@@ -1451,7 +1453,7 @@ private static void dumpDocument(Document doc, Writer w) throws Exception {
 
     private static void test_create_signature_enveloping
         (DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey,
-         KeySelector ks, boolean b64) throws Exception {
+         KeySelector ks, boolean b64, boolean secVal) throws Exception {
 
         // create reference
         Reference ref;
@@ -1486,6 +1488,7 @@ private static void dumpDocument(Document doc, Writer w) throws Exception {
 
         DOMValidateContext dvc = new DOMValidateContext
             (ks, doc.getDocumentElement());
+        dvc.setProperty("org.jcp.xml.dsig.secureValidation", secVal);
         XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
 
         if (sig.equals(sig2) == false) {
