RFR: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params [v6]
Sean Mullan
mullan at openjdk.java.net
Tue Apr 13 17:10:03 UTC 2021
On Tue, 13 Apr 2021 15:31:35 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This enhancement contains the following code changes:
>>
>> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` and remove the internal one.
>> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` so it understands extra fields in `PSSParameterSpec` and is aware of the defaults in both directions.
>> 3. Update `DOMSignedInfo` so that secure validation can restrict `DigestMethod` used inside `RSAPSSParameterSpec`
>> 4. Tests
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> spec clarification
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java line 247:
> 245: * as the signature algorithm, the default parameter as defined in
> 246: * <a href="https://tools.ietf.org/html/rfc6931#section-2.3.9">RFC 6931 Section 2.3.9</a>
> 247: * is used and this default parameter will also be returned by the
WE should mention/link to the type returned. Suggest breaking this into two sentences:
`If the {@code params} parameter is {@code null} when calling {@link XMLSignatureFactory#newSignatureMethod} with {@code RSA_PSS} as the signature algorithm, the default parameter as defined in <a href="https://tools.ietf.org/html/rfc6931#section-2.3.9">RFC 6931 Section 2.3.9</a> is used. This default parameter is represented as an {@link RSAPSSParameterSpec} type and returned by the {@link SignatureMethod#getParameterSpec()} method.`
-------------
PR: https://git.openjdk.java.net/jdk/pull/3181
More information about the security-dev
mailing list