Skip to content

Remediate XML Signature Wrapping in SMD validation#3116

Open
CydeWeys wants to merge 1 commit into
google:masterfrom
CydeWeys:fix-xsw-sunrise
Open

Remediate XML Signature Wrapping in SMD validation#3116
CydeWeys wants to merge 1 commit into
google:masterfrom
CydeWeys:fix-xsw-sunrise

Conversation

@CydeWeys

@CydeWeys CydeWeys commented Jun 29, 2026

Copy link
Copy Markdown
Member

Implement multi-layered defense-in-depth to completely block XML Signature Wrapping (XSW) vulnerabilities during Sunrise phase SMD verification:

  • Expose the unmarshalled XML id attribute (xsdId) from the SignedMark JAXB model.
  • Refactor TmchXmlSignature.verify() to assert that the root element name is 'signedMark' in the correct namespace, that exactly one such element exists in the DOM, and that the signature's Reference URI matches the root element ID. Return the validated ID.
  • In DomainFlowTmchUtils.verifyEncodedSignedMark(), assert that the cryptographically verified ID matches the unmarshalled xsdId.
  • Add a robust integration test case to TmchXmlSignatureTest.java verifying that XSW payloads are correctly caught and rejected by our DOM uniqueness check.

This change is Reviewable

Implement multi-layered defense-in-depth to completely block
XML Signature Wrapping (XSW) vulnerabilities during Sunrise phase
SMD verification:
- Expose the unmarshalled XML id attribute (xsdId) from the
  SignedMark JAXB model.
- Refactor TmchXmlSignature.verify() to assert that the root element
  name is 'signedMark' in the correct namespace, that exactly one
  such element exists in the DOM, and that the signature's Reference
  URI matches the root element ID. Return the validated ID.
- In DomainFlowTmchUtils.verifyEncodedSignedMark(), assert that the
  cryptographically verified ID matches the unmarshalled xsdId.
- Add a robust integration test case to TmchXmlSignatureTest.java
  verifying that XSW payloads are correctly caught and rejected by
  our DOM uniqueness check.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant