RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v6]
Valerie Peng
valeriep at openjdk.java.net
Fri Oct 16 19:36:13 UTC 2020
On Fri, 16 Oct 2020 01:38:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/SignatureUtil.java line 94:
>>
>>> 92: * @return an AlgorithmParameterSpec object
>>> 93: * @throws ProviderException
>>> 94: */
>>
>> Well, I am a bit unsure about your changes to this method. With your change, it returns default parameter spec (instead
>> of null) when the specified AlgorithmParameters object is null. This may not be desirable for all cases? Existing
>> callers would have to check for (params != null) before calling this method. The javadoc description also seems a bit
>> strange with the to-be-converted AlgorithmParameters object being optional. Maybe add a separate method like
>> `getParamSpecWithDefault` on top of this method or add a separate boolean argument `useDefault`?
>
> I cannot remember why I need to return a default. The only default we current have is for RSASSA-PSS, and in all
> RSASSA-PSS AlgorithmId for signature I see there is always the params. (When it's for a key the params can be missing).
> All 3 callers of this method is on a signature AlgorithmId so the params should not be null. I'll remove the default
> return value and do more testing.
Sounds good. RSASSA-PSS sig algorithm id always have params, it's required.
-------------
PR: https://git.openjdk.java.net/jdk/pull/322
More information about the security-dev
mailing list