Service Providers
The IBMXMLCRYPTO provider (com.ibm.xml.crypto.IBMXMLCryptoProvider) is the default provider of JSR 105 services.
A JSR 105 cryptographic service is a concrete implementation of the abstract XMLSignatureFactory and KeyInfoFactory classes and is responsible for creating objects and algorithms that parse, generate and validate XML Signatures and KeyInfo structures. A concrete implementation of XMLSignatureFactory MUST provide support for each of the REQUIRED algorithms as specified by the W3C recommendation for XML Signatures. It MAY support other algorithms as defined by the W3C recommendation or other specifications.
JSR 105 leverages the JCA provider model for registering and loading XMLSignatureFactory and KeyInfoFactory implementations.
Each concrete XMLSignatureFactory and KeyInfoFactory implementation supports a specific XML mechanism type that identifies the XML processing mechanism that an implementation uses internally to parse and generate XML signature and KeyInfo structures. This JSR supports one standard type: DOM. Support for new standard types (such as JDOM) MAY be added in the future.
A JSR 105 implementation SHOULD use underlying JCE engine classes, such as java.security.Signature and java.security.MessageDigest, to perform cryptographic operations.
In addition to the XMLSignatureFactory and KeyInfoFactory classes, JSR 105 supports a service provider interface for transform and canonicalization algorithms. The TransformService class allows you to develop and plug in an implementation of a specific transform or canonicalization algorithm for a particular XML mechanism type. The TransformService class uses the standard JCA provider model for registering and loading implementations. Each JSR 105 implementation SHOULD use the TransformService class to find a provider that supports transform and canonicalization algorithms in XML Signatures that it is generating or validating.
jdk.xml.dsig.secureValidationPolicy
security property. XML Signature secure
validation mode is enabled by default when you run your application with a security manager. You can
also enable XML Signature secure validation mode by setting the
org.jcp.xml.dsig.secureValidation
property to TRUE
with the
javax.xml.crypto.XMLCryptoContext.setProperty()
method. Set this property to
TRUE
before validating an XML Signature. To set this system property in an
application, use the javax.xml.crypto.dsig.dom.DOMValidateContext.setProperty
method:DOMValidateContext context = new DOMValidateContext(key, element);
context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
security.provider.?=org.jcp.xml.dsig.internal.dom.XMLDSigRI
Substitute
the ?
with a number for the sequence that you want
the provider in the list.