[jdk11u-dev] RFR: 8274471: Add support for RSASSA-PSS in OCSP Response [v2]

Wed May 31 10:55:13 UTC 2023

On Tue, 30 May 2023 14:43:17 GMT, Alexey Pavlyutkin <duke at openjdk.org> wrote:

>> Hi!
>> 
>> Here is backport of [JDK-8274471](https://bugs.openjdk.org/browse/JDK-8274471) adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes
>> 
>> **`src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`**
>> - import of `java.security.cert.TrustAnchor` and `sun.security.validator.Validator` packages didn't removed cuz they are still in use;
>> - added import of `java.nio.charset.StandardCharsets.UTF_8` promoting `UTF_8` constant;
>> - the changes to revocation checking were skipped
>> 
>> **`src/java.base/share/classes/sun/security/util/SignatureUtil.java`**
>> - added import `sun.security.x509.AlgorithmId` package;
>> - the following required methods ported
>> 
>>     public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
>>     public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
>>     private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
>>     public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);
>> 
>> - `EdEC` related code dropped
>> - `SignatureUtil.autoInitInternal()` method updated to use `AlgorithmId.getDefaultAlgorithmParameterSpec()` instead of almost identical `SignatureUtil.getDefaultParamSpec()`
>> 
>> **`src/java.base/share/classes/sun/security/x509/AlgorithmId.java`**
>> - `public byte[] getEncodedParams()` does not throw anymore
>> 
>> **`test/jdk/java/security/testlibrary/CertificateBuilder.java`**
>> **`test/jdk/java/security/testlibrary/SimpleOCSPServer.java`**
>> - added import of `sun.security.util.SignatureUtil` package
>> 
>> Verification/regression (amd64/LTS 20.04): `jdk_security` including updated tests
>
> Alexey Pavlyutkin has updated the pull request incrementally with one additional commit since the last revision:
> 
>   removing unnecessary EdDSA code

https://github.com/openjdk/jdk11u-dev/pull/1918 raised to replace this one

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/1891#issuecomment-1569963705