8274471: Add support for RSASSA-PSS in OCSP Response

[apavlyutkin]

I'd like to backport

8274471: Add support for RSASSA-PSS in OCSP Response
8179503: Java should support GET OCSP calls (dependency)

to jdk11u-dev.

The patches fix internal error upon verification of OCSP Response signed with RSASSA-PSS.

The following changes were done to original patches:

8179503:

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

• resolved baseline conflict that took place due to absent revocation checking code

test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java

• unsupported ObjectIdentifier.of() substituted with new ObjectIdentifier

8274471:

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

• changes to absent revokation checking code ignored

src/java.base/share/classes/sun/security/util/SignatureUtil.java

• the following non-existing methods transferred from jdk17:
  public static Signature fromKey(String sigAlg, PrivateKey key, String provider);
public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider);
private static Signature autoInitInternal(String alg, PrivateKey key, Signature s);
public static AlgorithmId fromSignature(Signature sigEngine, PrivateKey key);
• EdEcKey (unsupported in jdk11) hook removed from fromSignature() method
• copied SignatureUtil.autoInitInternal() method updated to use AlgorithmId.getDefaultAlgorithmParameterSpec() instead of SignatureUtil.getDefaultParamSpec()
• imported AlgorithmId class

test/jdk/java/security/testlibrary/SimpleOCSPServer.java

• imported SignatureUtil class

Verified (20.04 LTS/amd64) with

• test/jdk/java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java
• test/jdk/javax/net/ssl/Stapling/HttpsUrlConnClient.java

Regression: jdk_security

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change must be properly reviewed

Issue

• JDK-8274471: Add support for RSASSA-PSS in OCSP Response

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk11u-dev pull/787/head:pull/787
$ git checkout pull/787

Update a local copy of the PR:
$ git checkout pull/787
$ git pull https://git.openjdk.java.net/jdk11u-dev pull/787/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 787

View PR using the GUI difftool:
$ git pr show -t 787

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk11u-dev/pull/787.diff

[bridgekeeper]

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (885d435c)