Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8274471: Add support for RSASSA-PSS in OCSP Response #787

Closed
wants to merge 1 commit into from

Conversation

apavlyutkin
Copy link
Contributor

@apavlyutkin apavlyutkin commented Jan 21, 2022

I'd like to backport

8274471: Add support for RSASSA-PSS in OCSP Response
8179503: Java should support GET OCSP calls (dependency)

to jdk11u-dev.

The patches fix internal error upon verification of OCSP Response signed with RSASSA-PSS.

The following changes were done to original patches:

8179503:

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

  • resolved baseline conflict that took place due to absent revocation checking code

test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java

  • unsupported ObjectIdentifier.of() substituted with new ObjectIdentifier

8274471:

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

  • changes to absent revokation checking code ignored

src/java.base/share/classes/sun/security/util/SignatureUtil.java

  • the following non-existing methods transferred from jdk17:
    public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
    public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
    private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
    public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);
  • EdEcKey (unsupported in jdk11) hook removed from fromSignature() method
  • copied SignatureUtil.autoInitInternal() method updated to use AlgorithmId.getDefaultAlgorithmParameterSpec() instead of SignatureUtil.getDefaultParamSpec()
  • imported AlgorithmId class

test/jdk/java/security/testlibrary/SimpleOCSPServer.java

  • imported SignatureUtil class

Verified (20.04 LTS/amd64) with

  • test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java
  • test/jdk/javax/net/ssl/Stapling/HttpsUrlConnClient.java

Regression: jdk_security


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8274471: Add support for RSASSA-PSS in OCSP Response

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk11u-dev pull/787/head:pull/787
$ git checkout pull/787

Update a local copy of the PR:
$ git checkout pull/787
$ git pull https://git.openjdk.java.net/jdk11u-dev pull/787/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 787

View PR using the GUI difftool:
$ git pr show -t 787

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk11u-dev/pull/787.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Jan 21, 2022

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport f63c4a832a1aea451f47aaf86d5361e970c6a28f 8274471: Add support for RSASSA-PSS in OCSP Response Jan 21, 2022
@openjdk
Copy link

openjdk bot commented Jan 21, 2022

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Jan 21, 2022
@mlbridge
Copy link

mlbridge bot commented Jan 21, 2022

Webrevs

@apavlyutkin apavlyutkin deleted the backport-f63c4a8 branch Jan 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport rfr Pull request is ready for review
1 participant