RFR CSR 8203460: Update xmldsig implementation to latest version of Apache Santuario
Sean Mullan
sean.mullan at oracle.com
Thu May 24 15:39:52 UTC 2018
I think the MGF1 based SignatureMethod algs should be named
SHA256_RSA_MGF1, etc to be consistent with the URI names in the RFC.
Otherwise the update looks good.
I think we should also file an RFE to add a new RSAPSSParams class
(which would be a subclass of SignatureMethodParameterSpec), and would
contain the parameters for the RSASSA-PSS algorithm defined in
https://tools.ietf.org/html/rfc6931#2.3.9.
--Sean
On 5/23/18 8:19 PM, Weijun Wang wrote:
> Updated. I'm now using uri.substr(uri.indexOf("#") + 1).toUpperCase() as the names.
>
> Thanks
> Max
>
>> On May 24, 2018, at 4:47 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> I don't think you should change the names of the algorithms to the JCE style (eg: SHA1withDSA). You should keep the names as defined by the W3C Recommendation and related RFCs. Even if the naming convention is different than JCE, these are the names that were chosen by the standards bodies and these are XML DSig specific algorithm names.
>>
>> Otherwise looks good.
>>
>> Thanks,
>> Sean
>>
>> On 5/21/18 10:57 PM, Weijun Wang wrote:
>>> Please take a review at
>>> https://bugs.openjdk.java.net/browse/JDK-8203460
>>> The current XMLDSig provider implementation is based on Apache Santuario 1.5.4. We'll update it to be 2.1.1. New algorithms are added.
>>> Thanks
>>> Max
>
More information about the security-dev
mailing list