RFR: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
Weijun Wang
weijun at openjdk.java.net
Wed Mar 24 21:43:07 UTC 2021
On Wed, 24 Mar 2021 21:36:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> This enhancement contains the following code changes:
>
> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` and remove the internal one.
> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` so it understands extra fields in `PSSParameterSpec` and is aware of the defaults in both directions.
> 3. Update `DOMSignedInfo` so that secure validation can restrict `DigestMethod` used inside `RSAPSSParameterSpec`
> 4. Tests
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java line 588:
> 586:
> 587: public enum DigestAlgorithm {
> 588: // SHA1("SHA-1", DigestMethod.SHA1, 20),
Do we want to support "SHA-1"? It's considered weak and not the default but the RFC seems to have not disabled it at all.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3181
More information about the security-dev
mailing list