RFR: 8349759: Fix CertificateBuilder and SimpleOCSPServer test utilities to support PQC algorithms [v3]

Jamil Nimeh jnimeh at openjdk.org
Thu Feb 13 23:50:50 UTC 2025


> This fix makes some minor changes to the internals of the `CertificateBuilder` and `SimpleOCSPServer` test classes.  They would break when ML-DSA was selected as key and signing algorithms.  Also RSASSA-PSS works better now with these changes.  I've also taken this opportunity to do some cleanup on CertificateBuilder and added a method which uses a default signing algorithm based on the key, so the `build()` method no longer needs to provide that algorithm (though one can if they wish for things like RSA signatures if they want a different message digest in the signature).

Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:

  Remove unnecessary throws declarations

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/23566/files
  - new: https://git.openjdk.org/jdk/pull/23566/files/8c16daba..d0c95035

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=23566&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=23566&range=01-02

  Stats: 16 lines in 1 file changed: 0 ins; 11 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/23566.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/23566/head:pull/23566

PR: https://git.openjdk.org/jdk/pull/23566


More information about the core-libs-dev mailing list