[jdk11u-dev] RFR: 8274471: Add support for RSASSA-PSS in OCSP Response

Alexey Pavlyutkin duke at openjdk.java.net
Sat Jan 22 09:21:44 UTC 2022 

I'd like to backport

8274471: Add support for RSASSA-PSS in OCSP Response
8179503: Java should support GET OCSP calls (dependency)

to jdk11u-dev. 

The patches fix internal error upon verification of OCSP Response signed with RSASSA-PSS. 

The following changes were done to original patches:

8179503: 

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
- resolved baseline conflict that took place due to absent revocation checking code

test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java
- unsupported `ObjectIdentifier.of()` substituted with `new ObjectIdentifier`

8274471:

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
- changes to absent revokation checking code ignored

src/java.base/share/classes/sun/security/util/SignatureUtil.java
- the following non-existing methods transferred from jdk17:
    `public static Signature fromKey(String sigAlg, PrivateKey key, String provider);`
    `public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);`
    `private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);`
    `public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);`
- `EdEcKey` (unsupported in jdk11) hook removed from fromSignature() method
- copied `SignatureUtil.autoInitInternal()` method updated to use `AlgorithmId.getDefaultAlgorithmParameterSpec()` instead of `SignatureUtil.getDefaultParamSpec()`
- imported AlgorithmId class

test/jdk/java/security/testlibrary/SimpleOCSPServer.java
- imported SignatureUtil class

Verified (20.04 LTS/amd64) with

- test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java
- test/jdk/javax/net/ssl/Stapling/HttpsUrlConnClient.java

Regression: jdk_security

-------------

Commit messages:
 - Backport f63c4a832a1aea451f47aaf86d5361e970c6a28f

Changes: https://git.openjdk.java.net/jdk11u-dev/pull/788/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk11u-dev&pr=788&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8274471
  Stats: 544 lines in 10 files changed: 420 ins; 78 del; 46 mod
  Patch: https://git.openjdk.java.net/jdk11u-dev/pull/788.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk11u-dev pull/788/head:pull/788

PR: https://git.openjdk.java.net/jdk11u-dev/pull/788

More information about the jdk-updates-dev mailing list