RFR: 8349759: Fix CertificateBuilder and SimpleOCSPServer test utilities to support PQC algorithms

Sean Mullan mullan at openjdk.org
Thu Feb 13 19:52:10 UTC 2025


On Thu, 13 Feb 2025 18:58:00 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> This fix makes some minor changes to the internals of the `CertificateBuilder` and `SimpleOCSPServer` test classes.  They would break when ML-DSA was selected as key and signing algorithms.  Also RSASSA-PSS works better now with these changes.  I've also taken this opportunity to do some cleanup on CertificateBuilder and added a method which uses a default signing algorithm based on the key, so the `build()` method no longer needs to provide that algorithm (though one can if they wish for things like RSA signatures if they want a different message digest in the signature).
>
> Bug needs a `noreg-self` label.

> @seanjmullan I wasn't sure if I should add that label because there is a test of these changes in `test/lib-test/jdk/test/lib/security/CPVAlgTestWithOCSP.java`. However I did notice that I forgot to change the bug ID and summary in that test code, so I will update that. Given that there is a test included with the change, LMK if you still feel that it needs the noreg label and I will add it.

That's a good question. I usually add the `noreg-self` label even it it is a brand new test and not a fix to an existing test and there is no other JDK code changes. @JesperIRL do you have any advice for this situation?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23566#issuecomment-2657569848


More information about the core-libs-dev mailing list