RFR: 8349759: Fix CertificateBuilder and SimpleOCSPServer test utilities to support PQC algorithms
Sean Mullan
mullan at openjdk.org
Thu Feb 13 19:55:09 UTC 2025
On Thu, 13 Feb 2025 19:45:19 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> This fix makes some minor changes to the internals of the `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS works better now with these changes. I've also taken this opportunity to do some cleanup on CertificateBuilder and added a method which uses a default signing algorithm based on the key, so the `build()` method no longer needs to provide that algorithm (though one can if they wish for things like RSA signatures if they want a different message digest in the signature).
>
> test/lib-test/jdk/test/lib/security/CPVAlgTestWithOCSP.java line 1:
>
>> 1: /*
>
> This test seems to be the more significant reason for this change - should the issue be renamed to something like "Add OCSP tests for various signature algorithms including PQC algorithms". The enhancements to the test library would then be more as an additional improvement in order to support this new test.
Also, should it be moved to somewhere else like jdk/test/sun/security/provider/certpath?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23566#discussion_r1955130339
More information about the core-libs-dev
mailing list