Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8274471: Add support for RSASSA-PSS in OCSP Response #1918

Closed
wants to merge 1 commit into from

Conversation

apavlyutkin
Copy link
Contributor

@apavlyutkin apavlyutkin commented May 31, 2023

Hi!

Here is backport of JDK-8274471 adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

  • import of java.security.cert.TrustAnchor and sun.security.validator.Validator packages didn't removed cuz they are still in use;
  • added import of java.nio.charset.StandardCharsets.UTF_8 promoting UTF_8 constant;
  • the changes to revocation checking were skipped

src/java.base/share/classes/sun/security/util/SignatureUtil.java

  • added import sun.security.x509.AlgorithmId package;
  • the following required methods ported
    public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
    public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
    private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
    public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);
  • EdEC related code dropped
  • SignatureUtil.autoInitInternal() method updated to use AlgorithmId.getDefaultAlgorithmParameterSpec() instead of almost identical SignatureUtil.getDefaultParamSpec()

src/java.base/share/classes/sun/security/x509/AlgorithmId.java

  • public byte[] getEncodedParams() does not throw anymore

test/jdk/java/security/testlibrary/CertificateBuilder.java
test/jdk/java/security/testlibrary/SimpleOCSPServer.java

  • added import of sun.security.util.SignatureUtil package

Verification/regression (amd64/LTS 20.04): jdk_security including updated tests

@phohensee I raised this one in place of already reviewed #1891. Please check it out. Thank you


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8274471 needs maintainer approval

Integration blocker

 ⚠️ Dependency #1917 must be integrated first

Issue

  • JDK-8274471: Add support for RSASSA-PSS in OCSP Response (Bug - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/1918/head:pull/1918
$ git checkout pull/1918

Update a local copy of the PR:
$ git checkout pull/1918
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/1918/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1918

View PR using the GUI difftool:
$ git pr show -t 1918

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1918.diff

Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented May 31, 2023

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into pr/1917 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport f63c4a832a1aea451f47aaf86d5361e970c6a28f 8274471: Add support for RSASSA-PSS in OCSP Response May 31, 2023
@openjdk
Copy link

openjdk bot commented May 31, 2023

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels May 31, 2023
@mlbridge
Copy link

mlbridge bot commented May 31, 2023

Webrevs

@apavlyutkin
Copy link
Contributor Author

@phohensee

Hi, Paul! Could you also check out this one. You've already reviewed the delta here #1891, but then I re-created parent PR from the scratch to avoid huge upmerge. Thank you

@bridgekeeper
Copy link

bridgekeeper bot commented Jul 3, 2023

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@apavlyutkin
Copy link
Contributor Author

Please don't close this, bot.

@bridgekeeper
Copy link

bridgekeeper bot commented Aug 21, 2023

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@bridgekeeper
Copy link

bridgekeeper bot commented Sep 18, 2023

@apavlyutkin This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

@bridgekeeper bridgekeeper bot closed this Sep 18, 2023
@apavlyutkin
Copy link
Contributor Author

No blocker anymore

@apavlyutkin
Copy link
Contributor Author

/open

@openjdk openjdk bot reopened this Oct 3, 2023
@openjdk
Copy link

openjdk bot commented Oct 3, 2023

@apavlyutkin This pull request is now open

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Oct 3, 2023

@phohensee Hi Paul! Can you check it? This is a copy of #1891 that has been already reviewed by you but then closed due to problematic rebase. Thank you

@bridgekeeper
Copy link

bridgekeeper bot commented Oct 31, 2023

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@bridgekeeper
Copy link

bridgekeeper bot commented Nov 28, 2023

@apavlyutkin This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.

@bridgekeeper bridgekeeper bot closed this Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport rfr Pull request is ready for review
1 participant