RFR: 8241306: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params [v2]

Weijun Wang weijun at openjdk.java.net
Tue Mar 30 16:37:21 UTC 2021


On Tue, 30 Mar 2021 15:04:29 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   update XMLUtils (not used by tests here)
>
> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 36:
> 
>> 34:  * Parameters for the <a href="http://www.w3.org/2007/05/xmldsig-more#rsa-pss">
>> 35:  * XML Signature RSASSA-PSS Algorithm</a>. The parameters are expressed as a
>> 36:  * {@link PSSParameterSpec} object encapsulated.
> 
> I suggest removing "encapsulated", I found use of that word a little confusing. Maybe just "The parameters are represented as a {@link PSSParameterSpec} object." Similar comment about "encapsulated" in other methods.

OK.

> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 75:
> 
>> 73:  * {@code TrailerField}. This is equivalent to the parameter-less signature
>> 74:  * method as defined by http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1.
>> 75:  *
> 
> Normally I don't like to hardcode defaults (in case they weaken later) but since this is specified by RFC 6931, I don't think we have a choice, and I think we need to use this default for interoperability.

Yes, we need to support `xMLSignatureFactory.newSignatureMethod(SignatureMethod.RSA_PSS, null)`.

> src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 89:
> 
>> 87:      *
>> 88:      * @param spec the input {@code PSSParameterSpec} to be encapsulated
>> 89:      */
> 
> Should this throw NPE if spec is null?

I currently throw one. Do I need to mention it in the spec?

-------------

PR: https://git.openjdk.java.net/jdk/pull/3181


More information about the security-dev mailing list