XML signature validations work by parsing third-party data that cannot be trusted until it is actually validated.
As with any other parsing process, unrestricted validation of third-party XML signatures can lead to security vulnerabilities. In this case, threats range from denial of service to confidentiality breaches.
By default, the Java XML Digital Signature API does not apply restrictions on XML signature validation, unless the application runs with a security
manager.
To protect the application from these vulnerabilities, set the org.jcp.xml.dsig.secureValidation attribute to
true with the javax.xml.crypto.dsig.dom.DOMValidateContext.setProperty method.
This attribute ensures that the code
enforces the following restrictions:
SignedInfo or Manifest Reference elements to 30 or less Reference transforms to 5 or less Reference IDs are unique to help prevent signature wrapping attacks http, https, or file RetrievalMethod element to reference another RetrievalMethod element
NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0)); // Noncompliant
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean signatureValidity = signature.validate(valContext);
In order to benefit from this secure validation mode, set the DOMValidateContext’s org.jcp.xml.dsig.secureValidation property to
TRUE.
NodeList signatureElement = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
DOMValidateContext valContext = new DOMValidateContext(new KeyValueKeySelector(), signatureElement.item(0));
valContext.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean signatureValidity = signature.validate(valContext);