RFR: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params [v2]
Weijun Wang
weijun at openjdk.java.net
Tue Mar 30 16:37:21 UTC 2021
On Tue, 30 Mar 2021 15:04:29 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> update XMLUtils (not used by tests here)
>
> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 36:
>
>> 34: * Parameters for the <a href="http://www.w3.org/2007/05/xmldsig-more#rsa-pss">
>> 35: * XML Signature RSASSA-PSS Algorithm</a>. The parameters are expressed as a
>> 36: * {@link PSSParameterSpec} object encapsulated.
>
> I suggest removing "encapsulated", I found use of that word a little confusing. Maybe just "The parameters are represented as a {@link PSSParameterSpec} object." Similar comment about "encapsulated" in other methods.
OK.
> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 75:
>
>> 73: * {@code TrailerField}. This is equivalent to the parameter-less signature
>> 74: * method as defined by http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1.
>> 75: *
>
> Normally I don't like to hardcode defaults (in case they weaken later) but since this is specified by RFC 6931, I don't think we have a choice, and I think we need to use this default for interoperability.
Yes, we need to support `xMLSignatureFactory.newSignatureMethod(SignatureMethod.RSA_PSS, null)`.
> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 89:
>
>> 87: *
>> 88: * @param spec the input {@code PSSParameterSpec} to be encapsulated
>> 89: */
>
> Should this throw NPE if spec is null?
I currently throw one. Do I need to mention it in the spec?
-------------
PR: https://git.openjdk.java.net/jdk/pull/3181
More information about the security-dev
mailing list