RFR: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params [v3]
Sean Mullan
mullan at openjdk.java.net
Fri Apr 9 16:47:10 UTC 2021
On Thu, 1 Apr 2021 13:32:47 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This enhancement contains the following code changes:
>>
>> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` and remove the internal one.
>> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` so it understands extra fields in `PSSParameterSpec` and is aware of the defaults in both directions.
>> 3. Update `DOMSignedInfo` so that secure validation can restrict `DigestMethod` used inside `RSAPSSParameterSpec`
>> 4. Tests
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> spec word change, no hashCode and equals, test change
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 74:
> 72: * {@code MaskGenerationFunction}, 32 as {@code SaltLength}, and 1 as
> 73: * {@code TrailerField}. This is equivalent to the parameter-less signature
> 74: * method as defined by http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1.
http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 is just a placeholder page for the namespace. I would instead link to `SignatureMethod.SHA256_RSA_MGF1` and also reference the RFC for more information. How about:
`This is equivalent to the {@link SignatureMethod#SHA256_RSA_MGF1 parameter-less signature method} as defined in <a href="https://www.ietf.org/rfc/rfc6931.txt#section-2.3.10">RFC 6931</a>.
`
-------------
PR: https://git.openjdk.java.net/jdk/pull/3181
More information about the security-dev
mailing list