|
1 | 1 | /* |
2 | | - * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. |
| 2 | + * Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights reserved. |
3 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 | 4 | * |
5 | 5 | * This code is free software; you can redistribute it and/or modify it |
|
33 | 33 | import javax.xml.crypto.dsig.XMLSignatureFactory; |
34 | 34 | import javax.xml.crypto.dsig.XMLValidateContext; |
35 | 35 | import java.security.Key; |
| 36 | +import java.security.Provider; |
| 37 | + |
36 | 38 | import org.w3c.dom.Node; |
37 | 39 |
|
38 | 40 | /** |
|
52 | 54 | * instance to validate two different {@link XMLSignature} objects). |
53 | 55 | * |
54 | 56 | * @implNote |
55 | | - * By default, the JDK implementation enables a secure validation mode by |
56 | | - * setting the <code>org.jcp.xml.dsig.secureValidation</code> property to |
57 | | - * <code>Boolean.TRUE</code> (see the {@link #setProperty setProperty} |
58 | | - * method). When enabled, validation of XML signatures are subject to |
59 | | - * stricter checking of algorithms and other constraints as specified by the |
60 | | - * <code>jdk.xml.dsig.secureValidationPolicy</code> security property. |
61 | | - * The mode can be disabled by setting the property to {@code Boolean.FALSE}. |
62 | | - * The mode can also be enabled or disabled by setting the |
63 | | - * {@systemProperty org.jcp.xml.dsig.secureValidation} system property to |
64 | | - * "true" or "false". Any other value for the system property is also treated |
65 | | - * as "false". If the system property is set, it supersedes the |
66 | | - * {@code DOMValidateContext} property value. |
| 57 | + * The JDK implementation supports the following properties that can be set |
| 58 | + * using the {@link #setProperty setProperty} method. |
| 59 | + * <ul> |
| 60 | + * <li><code>org.jcp.xml.dsig.secureValidation</code>: value must be a |
| 61 | + * {@link Boolean}. When enabled, validation of XML signatures are subject |
| 62 | + * to stricter checking of algorithms and other constraints as specified by the |
| 63 | + * <code>jdk.xml.dsig.secureValidationPolicy</code> security property. |
| 64 | + * The default value if not specified is <code>Boolean.TRUE</code>. |
| 65 | + * The mode can be disabled by setting the property to {@code Boolean.FALSE}. |
| 66 | + * The mode can also be enabled or disabled by setting the |
| 67 | + * {@systemProperty org.jcp.xml.dsig.secureValidation} system property to |
| 68 | + * "true" or "false". Any other value for the system property is also treated |
| 69 | + * as "false". If the system property is set, it supersedes the |
| 70 | + * {@code DOMValidateContext} property value. |
| 71 | + * <li><code>org.jcp.xml.dsig.validateManifests</code>: value |
| 72 | + * must be a {@link Boolean}. If enabled, the references in manifest |
| 73 | + * elements (if exist) are validated during signature validation. |
| 74 | + * The default value if not specified is <code>Boolean.FALSE</code>. |
| 75 | + * <li><code>org.jcp.xml.dsig.internal.dom.SignatureProvider</code>: value |
| 76 | + * must be a {@link Provider}. If specified, the underlying {@code Signature} |
| 77 | + * will be instantiated from this provider. |
| 78 | + * </ul> |
67 | 79 | * |
68 | 80 | * @author Sean Mullan |
69 | 81 | * @author JSR 105 Expert Group |
|
0 commit comments