[jdk11u-dev] RFR: 8274471: Add support for RSASSA-PSS in OCSP Response

Alexey Pavlyutkin duke at openjdk.org
Wed May 31 10:58:24 UTC 2023 

Hi!

Here is backport of [JDK-8274471](https://bugs.openjdk.org/browse/JDK-8274471) adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes

**`src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`**
- import of `java.security.cert.TrustAnchor` and `sun.security.validator.Validator` packages didn't removed cuz they are still in use;
- added import of `java.nio.charset.StandardCharsets.UTF_8` promoting `UTF_8` constant;
- the changes to revocation checking were skipped

**`src/java.base/share/classes/sun/security/util/SignatureUtil.java`**
- added import `sun.security.x509.AlgorithmId` package;
- the following required methods ported

    public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
    public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
    private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
    public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);

- `EdEC` related code dropped
- `SignatureUtil.autoInitInternal()` method updated to use `AlgorithmId.getDefaultAlgorithmParameterSpec()` instead of almost identical `SignatureUtil.getDefaultParamSpec()`

**`src/java.base/share/classes/sun/security/x509/AlgorithmId.java`**
- `public byte[] getEncodedParams()` does not throw anymore

**`test/jdk/java/security/testlibrary/CertificateBuilder.java`**
**`test/jdk/java/security/testlibrary/SimpleOCSPServer.java`**
- added import of `sun.security.util.SignatureUtil` package

Verification/regression (amd64/LTS 20.04): `jdk_security` including updated tests

@phohensee I raised this one in place of already reviewed https://github.com/openjdk/jdk11u-dev/pull/1891. Please check it out. Thank you

-------------

Depends on: https://git.openjdk.org/jdk11u-dev/pull/1917

Commit messages:
 - Backport f63c4a832a1aea451f47aaf86d5361e970c6a28f

Changes: https://git.openjdk.org/jdk11u-dev/pull/1918/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1918&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8274471
  Stats: 178 lines in 9 files changed: 106 ins; 40 del; 32 mod
  Patch: https://git.openjdk.org/jdk11u-dev/pull/1918.diff
  Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/1918/head:pull/1918

PR: https://git.openjdk.org/jdk11u-dev/pull/1918

More information about the jdk-updates-dev mailing list