authorAlex Dupre <ale@FreeBSD.org>2010-12-14 15:29:43 +0000
committerAlex Dupre <ale@FreeBSD.org>2010-12-14 15:29:43 +0000
commitc9aac4cdc6804f6c38a3d4ceb46587a8b4792b47 (patch)
tree4728542b5d86f7adf90b6ac80cb76390aa3d4661 /security/xml-security
parent880766b3c364dcc9e152e78a30b1eb44200aacad (diff)
7 files changed, 487 insertions, 0 deletions
diff --git a/security/xml-security/Makefile b/security/xml-security/Makefile
new file mode 100644
index 000000000000..8a77f56fef0f
--- /dev/null
+++ b/security/xml-security/Makefile
@@ -0,0 +1,59 @@
+# New ports collection makefile for: Apache-XML-Security-J
+# Date created: 14 Dec 2010
+# Whom: Alex Dupre <ale@FreeBSD.org>
+# $FreeBSD$
+PORTNAME= xml-security
+CATEGORIES= security java
+MASTER_SITE_SUBDIR= santuario/java-library
+MAINTAINER= ale@FreeBSD.org
+COMMENT= A Java library for XML Signature and Encryption
+BUILD_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \
+ ${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j
+RUN_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \
+ ${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j
+USE_ZIP= yes
+USE_JAVA= yes
+USE_ANT= yes
+.if !defined(NOPORTDOCS)
+ALL_TARGET+= javadoc
+ @${ECHO} -n ">> Installing JAR as ${JAVAJARDIR}/xmlsec.jar..."
+ @${INSTALL_DATA} ${WRKSRC}/build/xmlsec-${PORTVERSION}.jar ${JAVAJARDIR}/xmlsec.jar
+ @${ECHO} " [ DONE ]"
+.if !defined(NOPORTDOCS)
+ @${ECHO} -n ">> Installing documentation in ${DOCSDIR}..."
+ @(cd ${WRKSRC}/build/docs/html && ${COPYTREE_SHARE} javadoc ${DOCSDIR})
+ @${ECHO} " [ DONE ]"
+.if !defined(NOPORTEXAMPLES)
+ @${ECHO} -n ">> Installing examples in ${EXAMPLESDIR}..."
+ @(cd ${WRKSRC}/src_samples && ${COPYTREE_SHARE} \* ${EXAMPLESDIR})
+ @${ECHO} " [ DONE ]"
+.include <bsd.port.mk>
diff --git a/security/xml-security/distinfo b/security/xml-security/distinfo
new file mode 100644
index 000000000000..eeb8af0ac887
--- /dev/null
+++ b/security/xml-security/distinfo
@@ -0,0 +1,2 @@
+SHA256 (xml-security-src-1_4_4.zip) = bde5ad7b2ed63df2237dd005126ff11d68168c02166ededbcf15d3e1e3928abb
+SIZE (xml-security-src-1_4_4.zip) = 2037548
diff --git a/security/xml-security/files/patch-build.xml b/security/xml-security/files/patch-build.xml
new file mode 100644
index 000000000000..fda7db4b568d
--- /dev/null
+++ b/security/xml-security/files/patch-build.xml
@@ -0,0 +1,39 @@
+--- build.xml.orig 2010-11-11 10:38:24.000000000 +0100
++++ build.xml 2010-12-14 13:05:00.000000000 +0100
+@@ -276,7 +276,7 @@
+ <javac target="1.4" source="1.4" srcdir="${dir.src}"
+ destdir="${dir.build.bin}"
+ debug="${build.compile.debug}"
+- includeAntRuntime="false">
++ includeAntRuntime="yes">
+ <classpath refid="id.classpath" />
+ <include name="**/org/apache/xml/security/**/*.java" />
+ <include name="**/javax/xml/crypto/**/*.java" />
+@@ -789,6 +789,19 @@
+ </jar>
+ </target>
++ <target name="jar"
++ depends="manifest,build.src">
++ <!-- Main Library -->
++ <jar basedir="${dir.build.bin}"
++ excludes="org/apache/xml/security/temp/**"
++ includes="org/apache/**, org/jcp/**, javax/xml/crypto/**"
++ destfile="${jar.library}"
++ manifest="${jar.manifest}">
++ <metainf file="${dir.manifest}/*.txt"/>
++ </jar>
++ </target>
+ <target name="build.src.jar"
+ depends="manifest,build.src">
+@@ -811,7 +824,6 @@
+ <target name="docs" depends="build.docs" />
+ <target name="xdocs" depends="build.xdocs" />
+ <target name="javadoc" depends="build.docs" />
+- <target name="jar" depends="build.jar" />
+ <target name="dist" depends="build.dist" />
+ <target name="clean" depends="env.rm.dirs,env.rm.files"/>
+ <target name="gump" depends="clean, docs, jar, test"/>
diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java b/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java
new file mode 100644
index 000000000000..31f2e02aa7dd
--- /dev/null
+++ b/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java
@@ -0,0 +1,205 @@
+--- src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java.orig 2010-11-11 10:38:28.000000000 +0100
++++ src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java 2010-12-14 12:40:29.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1999-2004 The Apache Software Foundation.
++ * Copyright 1999-2010 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+@@ -40,6 +40,7 @@
+ /**
+ *
+ * @author $Author: raul $
++ * @author Alex Dupre
+ */
+ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
+@@ -69,34 +70,42 @@
+ private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+ throws IOException {
+- byte rLength = asn1Bytes[3];
++ if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
++ throw new IOException("Invalid ASN.1 format of ECDSA signature");
++ }
++ int offset;
++ if (asn1Bytes[1] > 0) {
++ offset = 2;
++ } else if (asn1Bytes[1] == (byte) 0x81) {
++ offset = 3;
++ } else {
++ throw new IOException("Invalid ASN.1 format of ECDSA signature");
++ }
++ byte rLength = asn1Bytes[offset + 1];
+ int i;
+- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
++ for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
+- byte sLength = asn1Bytes[5 + rLength];
++ byte sLength = asn1Bytes[offset + 2 + rLength + 1];
+ int j;
+ for (j = sLength;
+- (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
++ (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
+- int rawLen = ((i+7)/8)*8;
++ int rawLen = Math.max(i, j);
+- int tmp = ((j+7)/8)*8;
+- if (tmp > rawLen)
+- rawLen = tmp;
+- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+- || (asn1Bytes[2] != 2) || rawLen < 24
+- || (asn1Bytes[4 + rLength] != 2) ) {
++ if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
++ || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
++ || asn1Bytes[offset] != 2
++ || asn1Bytes[offset + 2 + rLength] != 2) {
+ throw new IOException("Invalid ASN.1 format of ECDSA signature");
+ }
+ byte xmldsigBytes[] = new byte[2*rawLen];
+- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, rawLen - i,
++ System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i,
+ i);
+- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
++ System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
+ 2*rawLen - j, j);
+ return xmldsigBytes;
+@@ -118,10 +127,6 @@
+ private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+ throws IOException {
+- if (xmldsigBytes.length < 48) {
+- throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+- }
+ int rawLen = xmldsigBytes.length/2;
+ int i;
+@@ -143,20 +148,34 @@
+ if (xmldsigBytes[2*rawLen - k] < 0) {
+ l += 1;
+ }
+- byte asn1Bytes[] = new byte[6 + j + l];
++ int len = 2 + j + 2 + l;
++ if (len > 255) {
++ throw new IOException("Invalid XMLDSIG format of ECDSA signature");
++ }
++ int offset;
++ byte asn1Bytes[];
++ if (len < 128) {
++ asn1Bytes = new byte[2 + 2 + j + 2 + l];
++ offset = 1;
++ } else {
++ asn1Bytes = new byte[3 + 2 + j + 2 + l];
++ asn1Bytes[1] = (byte) 0x81;
++ offset = 2;
++ }
+ asn1Bytes[0] = 48;
+- asn1Bytes[1] = (byte) (4 + j + l);
+- asn1Bytes[2] = 2;
+- asn1Bytes[3] = (byte) j;
++ asn1Bytes[offset++] = (byte) len;
++ asn1Bytes[offset++] = 2;
++ asn1Bytes[offset++] = (byte) j;
+- System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (4 + j) - i, i);
++ System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
++ offset += j;
+- asn1Bytes[4 + j] = 2;
+- asn1Bytes[5 + j] = (byte) l;
++ asn1Bytes[offset++] = 2;
++ asn1Bytes[offset++] = (byte) l;
+- System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (6 + j + l) - k, k);
++ System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
+ return asn1Bytes;
+ }
+@@ -386,4 +405,73 @@
+ }
+ }
++ /**
++ * Class SignatureRSASHA256
++ *
++ * @author Alex Dupre
++ * @version $Revision$
++ */
++ public static class SignatureECDSASHA256 extends SignatureECDSA {
++ /**
++ * Constructor SignatureRSASHA256
++ *
++ * @throws XMLSignatureException
++ */
++ public SignatureECDSASHA256() throws XMLSignatureException {
++ super();
++ }
++ /** @inheritDoc */
++ public String engineGetURI() {
++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
++ }
++ }
++ /**
++ * Class SignatureRSASHA384
++ *
++ * @author Alex Dupre
++ * @version $Revision$
++ */
++ public static class SignatureECDSASHA384 extends SignatureECDSA {
++ /**
++ * Constructor SignatureRSASHA384
++ *
++ * @throws XMLSignatureException
++ */
++ public SignatureECDSASHA384() throws XMLSignatureException {
++ super();
++ }
++ /** @inheritDoc */
++ public String engineGetURI() {
++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
++ }
++ }
++ /**
++ * Class SignatureRSASHA512
++ *
++ * @author Alex Dupre
++ * @version $Revision$
++ */
++ public static class SignatureECDSASHA512 extends SignatureECDSA {
++ /**
++ * Constructor SignatureRSASHA512
++ *
++ * @throws XMLSignatureException
++ */
++ public SignatureECDSASHA512() throws XMLSignatureException {
++ super();
++ }
++ /** @inheritDoc */
++ public String engineGetURI() {
++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
++ }
++ }
+ }
diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml b/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml
new file mode 100644
index 000000000000..af534bc16bf8
--- /dev/null
+++ b/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml
@@ -0,0 +1,147 @@
+--- src/org/apache/xml/security/resource/config.xml.orig 2010-11-11 10:38:26.000000000 +0100
++++ src/org/apache/xml/security/resource/config.xml 2010-12-14 12:40:29.000000000 +0100
+@@ -78,6 +78,12 @@
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
++ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
++ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
++ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
++ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
++ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
++ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
+@@ -97,7 +103,7 @@
+ Description="MD5 message digest from RFC 1321"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="NOT RECOMMENDED"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="MD5"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
+@@ -122,7 +128,7 @@
+ Description="SHA message digest with 384 bit"
+ AlgorithmClass="MessageDigest"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA-384"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
+@@ -142,14 +148,14 @@
+ Description="RSA Signature with MD5 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="NOT RECOMMENDED"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="MD5withRSA"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
+ Description="RSA Signature with RIPEMD-160 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="RIPEMD160withRSA"/>
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+@@ -162,43 +168,64 @@
+ Description="RSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA256withRSA"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+ Description="RSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA384withRSA"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+ Description="RSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA512withRSA"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+ Description="ECDSA Signature with SHA-1 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+- JCEName="ECDSAwithSHA1"/>
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
++ JCEName="SHA1withECDSA"/>
++ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
++ Description="ECDSA Signature with SHA-256 message digest"
++ AlgorithmClass="Signature"
++ RequirementLevel="OPTIONAL"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
++ JCEName="SHA256withECDSA"/>
++ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
++ Description="ECDSA Signature with SHA-384 message digest"
++ AlgorithmClass="Signature"
++ RequirementLevel="OPTIONAL"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
++ JCEName="SHA384withECDSA"/>
++ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
++ Description="ECDSA Signature with SHA-512 message digest"
++ AlgorithmClass="Signature"
++ RequirementLevel="OPTIONAL"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
++ JCEName="SHA512withECDSA"/>
+ <!-- MAC Algorithms -->
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
+ Description="Message Authentication code using MD5"
+ AlgorithmClass="Mac"
+ RequirementLevel="NOT RECOMMENDED"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="HmacMD5"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
+ Description="Message Authentication code using RIPEMD-160"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+@@ -211,21 +238,21 @@
+ Description="Message Authentication code using SHA-256"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="HmacSHA256"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+ Description="Message Authentication code using SHA-384"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="HmacSHA384"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
+ Description="Message Authentication code using SHA-512"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="HmacSHA512"/>
+ <!-- Block encryption Algorithms -->
diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java b/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java
new file mode 100644
index 000000000000..39f476f671fb
--- /dev/null
+++ b/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java
@@ -0,0 +1,22 @@
+--- src/org/apache/xml/security/signature/XMLSignature.java.orig 2010-11-11 10:38:26.000000000 +0100
++++ src/org/apache/xml/security/signature/XMLSignature.java 2010-12-14 12:40:29.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1999-2009 The Apache Software Foundation.
++ * Copyright 1999-2010 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+@@ -107,6 +107,12 @@
+ public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
+ /**Signature - Optional ECDSAwithSHA1 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
++ /**Signature - Optional ECDSAwithSHA256 */
++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
++ /**Signature - Optional ECDSAwithSHA384 */
++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
++ /**Signature - Optional ECDSAwithSHA512 */
++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+ /** ds:Signature.ds:SignedInfo element */
+ private SignedInfo _signedInfo = null;
diff --git a/security/xml-security/pkg-descr b/security/xml-security/pkg-descr
new file mode 100644
index 000000000000..c90608aabf78
--- /dev/null
+++ b/security/xml-security/pkg-descr
@@ -0,0 +1,13 @@
+The Apache-XML-Security-J supports XML-Signature Syntax and Processing,
+W3C Recommendation 12 February 2002 and XML Encryption Syntax and
+Processing, W3C Recommendation 10 December 2002.
+The Java library supports the standard Java API JSR-105: XML Digital
+Signature APIs for creating and validating XML Signatures. A standard
+Java API for XML Encryption JSR-106: XML Digital Encryption APIs is
+in progress and is not final, so this API is not yet supported.
+WWW: http://santuario.apache.org/Java/
+- Alex Dupre