How to use the XML Signature secure validation mode
By Smullan-Oracle on Mar 13, 2014
In JDK 7u25, we introduced a new secure validation mode for XML Signatures. This mode is designed to protect you from XML Signatures that contain potentially hostile constructs that could cause denial-of-service or other types of security issues.
The good news is that if you run your application with a SecurityManager, the secure validation mode is enabled by default, and there is no further action required.
org.jcp.xml.dsig.secureValidationhas been defined to allow applications to enable the mode.
The property can be set by an application by calling the
setProperty method of the
javax.xml.crypto.dsig.dom.DOMValidateContext class with the name of the property above and a
Boolean value. For example:
DOMValidateContext context = new DOMValidateContext(key, element); context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
The property should be set before you validate an XML Signature. When set to true
this property instructs the implementation to process XML signatures
more securely. This will set limits on various XML signature constructs
to avoid conditions such as denial-of-service attacks. Specifically, it enforces the following restrictions:
- Forbids use of the XSLT Transform
- Restricts the number of SignedInfo or Manifest References to 30 or less
- Restricts the number of Reference Transforms to 5 or less
- Forbids the use of MD5 related signature or mac algorithms
- Ensures that Reference Ids are unique to help prevent signature wrapping attacks
- Forbids Reference URIs of type http or file
- Does not allow a RetrievalMethod to reference another RetrievalMethod
This mode is also in the soon to be released JDK 8.