[jdk11u-dev] RFR: 8274471: Add support for RSASSA-PSS in OCSP Response

[Alexey Pavlyutkin]

On Tue, 23 May 2023 17:40:03 GMT, Alexey Pavlyutkin <duke at openjdk.org> wrote:

> Hi!
> 
> Here is backport of [JDK-8274471](https://bugs.openjdk.org/browse/JDK-8274471) adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes
> 
> **`src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`**
> - import of `java.security.cert.TrustAnchor` and `sun.security.validator.Validator` packages didn't removed cuz they are still in use;
> - added import of `java.nio.charset.StandardCharsets.UTF_8` promoting `UTF_8` constant;
> - the changes to revocation checking were skipped
> 
> **`src/java.base/share/classes/sun/security/util/SignatureUtil.java`**
> - added import of `java.security.interfaces.RSAKey` and `sun.security.x509.AlgorithmId` packages;
> - support of `SHAKE256/512` dropped;
> - `EdEC` hooks dropped;
> - syntax of `switch` statements adjusted;
> 
> **`src/java.base/share/classes/sun/security/x509/AlgorithmId.java`**
> - `public byte[] getEncodedParams()` does not throw anymore
> 
> **`test/jdk/java/security/testlibrary/CertificateBuilder.java`**
> **`test/jdk/java/security/testlibrary/SimpleOCSPServer.java`**
> - added import of `sun.security.util.SignatureUtil` package
> 
> Verification/regression (amd64/LTS 20.04): `jdk_security` including updated tests

Actually I'm not sure about EdDSA related delta, it's does not seem necessary for RSASSA-PSS support, and moreover original patch does not have the changes

https://github.com/openjdk/jdk/commit/f63c4a832a1aea451f47aaf86d5361e970c6a28f#diff-0393704a5343769f4ef9fa23b6fe9107d0ff96c17c078c30a05ef3be6c7d2304

but for some reason Git transfers them on `cherry-pick`. I could eliminate unnecesssary code, but I'm not sure if it's better to make more changes

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/1891#issuecomment-1566065876