8274471: Add support for RSASSA-PSS in OCSP Response

[apavlyutkin]

Hi!

Here is backport of JDK-8274471 adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

• import of java.security.cert.TrustAnchor and sun.security.validator.Validator packages didn't removed cuz they are still in use;
• added import of java.nio.charset.StandardCharsets.UTF_8 promoting UTF_8 constant;
• the changes to revocation checking were skipped

src/java.base/share/classes/sun/security/util/SignatureUtil.java

• added import sun.security.x509.AlgorithmId package;
• the following required methods ported

    public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
    public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
    private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
    public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);

• EdEC related code dropped
• SignatureUtil.autoInitInternal() method updated to use AlgorithmId.getDefaultAlgorithmParameterSpec() instead of almost identical SignatureUtil.getDefaultParamSpec()

src/java.base/share/classes/sun/security/x509/AlgorithmId.java

• public byte[] getEncodedParams() does not throw anymore

test/jdk/java/security/testlibrary/CertificateBuilder.java
test/jdk/java/security/testlibrary/SimpleOCSPServer.java

• added import of sun.security.util.SignatureUtil package

Verification/regression (amd64/LTS 20.04): jdk_security including updated tests

@phohensee I raised this one in place of already reviewed #1891. Please check it out. Thank you

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8274471 needs maintainer approval

Integration blocker

 ⚠️ Dependency #1917 must be integrated first

Issue

• JDK-8274471: Add support for RSASSA-PSS in OCSP Response (Bug - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/1918/head:pull/1918
$ git checkout pull/1918

Update a local copy of the PR:
$ git checkout pull/1918
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/1918/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1918

View PR using the GUI difftool:
$ git pr show -t 1918

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1918.diff

Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into pr/1917 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (61926582)

[apavlyutkin]

@phohensee

Hi, Paul! Could you also check out this one. You've already reviewed the delta here #1891, but then I re-created parent PR from the scratch to avoid huge upmerge. Thank you

[bridgekeeper]

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[apavlyutkin]

Please don't close this, bot.

[bridgekeeper]

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@apavlyutkin This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

[apavlyutkin]

No blocker anymore

[apavlyutkin]

/open

[openjdk]

@apavlyutkin This pull request is now open

[apavlyutkin]

@phohensee Hi Paul! Can you check it? This is a copy of #1891 that has been already reviewed by you but then closed due to problematic rebase. Thank you

[bridgekeeper]

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@apavlyutkin This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.