806 

   807 #

   808 # The policy for the XML Signature secure validation mode. The mode is

   809 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to

   810 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,

   811 # or by running the code with a SecurityManager.

   812 #

   813 #   Policy:

   814 #       Constraint {"," Constraint }

   815 #   Constraint:

   816 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |

   817 #       ReferenceUriSchemeConstraint | OtherConstraint

   818 #   AlgConstraint

   819 #       "disallowAlg" Uri

   820 #   MaxTransformsConstraint:

   821 #       "maxTransforms" Integer

   822 #   MaxReferencesConstraint:

   823 #       "maxReferences" Integer

   824 #   ReferenceUriSchemeConstraint:

   825 #       "disallowReferenceUriSchemes" String { String }

   826 #   OtherConstraint:

   827 #       "noDuplicateIds" | "noRetrievalMethodLoops"

   828 #

   829 # For AlgConstraint, Uri is the algorithm URI String that is not allowed.

   830 # See the XML Signature Recommendation for more information on algorithm

   831 # URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is

   832 # specified more than once, only the last entry is enforced.

   833 #

   834 # Note: This property is currently used by the JDK Reference implementation. It

   835 # is not guaranteed to be examined and used by other implementations.

   836 #

   837 jdk.xml.dsig.secureValidationPolicy=\

   838     disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\

   839     disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\

   840     disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\

   841     disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\

   842     maxTransforms 5,\

   843     maxReferences 30,\

   844     disallowReferenceUriSchemes file http https,\

   845     noDuplicateIds,\

   846     noRetrievalMethodLoops