Skip to content

v7.0.0: Complete rewrite as drop-in replacement#91

Open
joewiz wants to merge 2 commits intoeXist-db:mainfrom
joewiz:v7-rewrite
Open

v7.0.0: Complete rewrite as drop-in replacement#91
joewiz wants to merge 2 commits intoeXist-db:mainfrom
joewiz:v7-rewrite

Conversation

@joewiz
Copy link
Copy Markdown
Member

@joewiz joewiz commented Apr 21, 2026
edited
Loading

Summary

Complete rewrite of the EXPath Cryptographic Module for eXist-db 7.0+. Zero external dependencies — uses only Java's built-in JCE.

  • Drop-in replacement: same package URI (http://expath.org/ns/crypto), same module namespace, same function names, all v6 arities preserved
  • 102 tests: 64 JUnit + 38 XQSuite, including vectors adapted from the old test suite and BaseX cross-compatibility tests
  • BaseX compatible: function signatures match BaseX's crypto module for cross-engine portability

Spec sources

This implementation targets conformance with four sources:

  1. EXPath Cryptographic Module 1.0 (2010) — the original spec
  2. EXPath Cryptographic Module Editor's Draft (2017) — map-based parameter consolidation
  3. EXPath Crypto 2018 CG Final Report by Claudius Teodorescu — adds `list-providers`/`list-services`/`list-algorithms`, Java-style algorithm names (`DSAwithSHA1`), XML Canonicalization 1.1, and map-based `generate-signature`
  4. BaseX Cryptographic Functions — cross-engine compatibility

Each function class documents which spec sources it conforms to in its Javadoc.

What's new

  • Binary input for `crypto:hmac` (xs:base64Binary, xs:hexBinary)
  • All 4 `generate-signature` positional arities: 6-param, 7-param (xpath), 8-param (certificate), 3-param (private key)
  • 2-param map-based `generate-signature` per 2018 CG spec / editor's draft
  • Algorithm name aliases: `DSAwithSHA1`/`RSAwithSHA1` (2018 CG spec)
  • Canonicalization 1.1: `inclusive-1.1`, `inclusive-with-comments-1.1` (2018 CG spec)
  • 6-param `encrypt`/`decrypt` for backward compatibility (iv + provider)
  • RSA_SHA256 signature algorithm
  • AES-192 and AES-256 key sizes
  • `list-providers`/`list-services`/`list-algorithms` implemented (2018 CG spec) but disabled pending eXist binary search fix for zero-param arities
  • CI: Java 21 on 3 OSes, dependabot for Maven + Actions

Breaking changes from v6

  1. `crypto:encrypt` output format: v6 returned dash-separated bytes (`"51-143-171-..."`); v7 returns `xs:base64Binary`. Stored ciphertext from v6 must be re-encrypted.
  2. DSA_SHA1 forbidden: Java 17+ secure validation rejects DSA_SHA1. Use RSA_SHA256 instead.

Test plan

  • All 102 tests pass (101 + 1 pending for enveloping signature investigation)
  • Old module's exact hash/HMAC expected values verified
  • BaseX HMAC test vectors verified (md5/sha1/sha256/sha384/sha512, base64+hex)
  • AWS S3 REST authentication pattern verified (corrected old test's expected value via Python hmac)
  • 6-param encrypt/decrypt round-trip verified
  • 7-param generate-signature with XPath verified
  • Tested autodeploy on fresh eXist-db 7.0 Docker container — zero errors, JWT dependency resolves correctly
  • CI green on ubuntu, macos, windows (Java 21)

[This response was co-authored with Claude Code. -Joe]

🤖 Generated with Claude Code

@joewiz joewiz force-pushed the v7-rewrite branch 15 times, most recently from 05d9a23 to 8312119 Compare April 21, 2026 20:16
@joewiz @claude
[feature] v7.0.0: Complete rewrite as drop-in replacement
e4bc7e3 
Complete rewrite of the EXPath Cryptographic Module for eXist-db 7.0+.
Zero external dependencies — uses only Java's built-in JCE.

Drop-in replacement: same package URI (http://expath.org/ns/crypto),
same module namespace, same function names, all v6 arities preserved.

Targets conformance with four spec sources:
- EXPath Crypto 1.0 (2010): original specification
- EXPath Crypto Editor's Draft (2017): map-based parameters
- EXPath Crypto 2018 CG Final Report: list-* introspection,
  DSAwithSHA1/RSAwithSHA1 algorithm names, Canonicalization 1.1,
  map-based generate-signature
- BaseX Cryptographic Functions: cross-engine portability

What's new:
- Binary input support for crypto:hmac (xs:base64Binary, xs:hexBinary)
- All generate-signature arities: 6, 7 (xpath), 8 (cert), 3 (key),
  2 (map-based per 2018 CG / editor's draft)
- 6-param encrypt/decrypt for backward compatibility (iv + provider)
- Algorithm name aliases: DSAwithSHA1/RSAwithSHA1 (2018 CG spec)
- Canonicalization 1.1: inclusive-1.1, inclusive-with-comments-1.1
- BaseX-compatible signatures (lowercase algorithm names)
- RSA_SHA256 signature algorithm; AES-192 and AES-256 key sizes
- list-providers/services/algorithms implemented (2018 CG spec),
  disabled pending eXist binary search fix for zero-param arities
- 102 tests (64 JUnit + 38 XQSuite) including BaseX cross-compat vectors
- CI: Java 21 on 3 OSes, dependabot for Maven + Actions

Breaking changes from v6:
- crypto:encrypt output is xs:base64Binary (was dash-separated bytes)
- DSA_SHA1 signatures forbidden by Java 21 secure validation

Requires eXist-db 6.2+ and Java 21+.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
reinhapa
reinhapa requested changes Apr 22, 2026
View reviewed changes
Comment thread src/main/java/org/exist/xquery/modules/crypto/CryptoModule.java Outdated
Comment thread src/main/java/org/exist/xquery/modules/crypto/DecryptFunction.java Outdated
Comment thread src/main/java/org/exist/xquery/modules/crypto/HashFunction.java Outdated
Comment thread src/main/java/org/exist/xquery/modules/crypto/HmacFunction.java Outdated
Comment thread src/main/java/org/exist/xquery/modules/crypto/ListProvidersFunction.java Outdated
Comment thread src/main/java/org/exist/xquery/modules/crypto/ValidateSignatureFunction.java Outdated
Comment thread src/test/java/org/exist/xquery/modules/crypto/CryptoModuleTest.java
Comment thread src/main/java/org/exist/xquery/modules/crypto/CryptoUtils.java
@joewiz @claude
Address review feedback: text blocks, switch expression, version
4b73123 
- Update CryptoModule.RELEASE from "1.0.0" to "7.0.0"
- Convert switch statement to switch expression in CryptoUtils
- Convert multi-line string concatenations to Java 15 text blocks
  in all 7 function classes and the test file
- All 102 tests pass

Addresses @reinhapa's review comments on PR eXist-db#91.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@joewiz
Copy link
Copy Markdown
Member Author

joewiz commented Apr 22, 2026

[This response was co-authored with Claude Code. -Joe]

Thanks for the thorough review, @reinhapa! All addressed in 4b73123:

  • Version: CryptoModule.RELEASE updated from "1.0.0" to "7.0.0"
  • Text blocks: Converted all multi-line string concatenations in function descriptions and param descriptions to Java 15 text blocks (7 source files + test file)
  • Switch expression: CryptoUtils.validateAlgorithmAndKey() now uses arrow-style switch
  • Error message strings in throw statements left as concatenations (they reference local variables)

All 102 tests pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reinhapa reinhapa reinhapa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joewiz @reinhapa