Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8274471: Add support for RSASSA-PSS in OCSP Response #36

Closed
wants to merge 2 commits into from

Conversation

apavlyutkin
Copy link
Contributor

@apavlyutkin apavlyutkin commented Dec 24, 2021

This one is submitted in place of openjdk/jdk17u#248 that was too late to jdk17u

I'd like to backport JDK-8274471 to jdk17u-dev

The patch fixes internal error upon verification of OCSP Response signed with RSASSA-PSS

The original patch applied with minor changes to src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

  • resolved baseline conflict: the original patch was done on top of JDK-8272120: Avoid looking for standard encodings in "java." modules and cannot be applied cleanly although it deletes the changes done against JDK-8272120 (see lines 249-241)
  • imported few required packages

Verified (20.04 LTS/amd64) with attached Test8274471.java.zip. Regression: jdk_security


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8274471: Add support for RSASSA-PSS in OCSP Response

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk17u-dev pull/36/head:pull/36
$ git checkout pull/36

Update a local copy of the PR:
$ git checkout pull/36
$ git pull https://git.openjdk.java.net/jdk17u-dev pull/36/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 36

View PR using the GUI difftool:
$ git pr show -t 36

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk17u-dev/pull/36.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Dec 24, 2021

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport f63c4a832a1aea451f47aaf86d5361e970c6a28f 8274471: Add support for RSASSA-PSS in OCSP Response Dec 24, 2021
@openjdk
Copy link

openjdk bot commented Dec 24, 2021

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Dec 24, 2021
@mlbridge
Copy link

mlbridge bot commented Dec 24, 2021

Webrevs

@bridgekeeper
Copy link

bridgekeeper bot commented Jan 21, 2022

@apavlyutkin This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Jan 21, 2022

Guys, could somebody review that?

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Feb 8, 2022

@TheRealMDoerr, could you checked this one. This is just a copy of openjdk/jdk17u#248 that was reviewed by you but missed 17.0.2

Copy link
Contributor

@TheRealMDoerr TheRealMDoerr left a comment

Still good. Thanks for the new PR.

@openjdk
Copy link

openjdk bot commented Feb 8, 2022

@apavlyutkin This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8274471: Add support for RSASSA-PSS in OCSP Response

Reviewed-by: mdoerr, goetz

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 205 new commits pushed to the master branch:

  • 6ce19ed: 8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
  • c2a62d7: 8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
  • 9e9c150: 8276841: Add support for Visual Studio 2022
  • 90d83a2: 8272866: java.util.random package summary contains incorrect mixing function in table
  • fc57ee6: 8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled
  • df5a29c: 8278185: Custom JRE cannot find non-ASCII named module inside
  • 6650652: 8281460: Let ObjectMonitor have its own NMT category
  • 56f0c53: 8278163: --with-cacerts-src variable resolved after GenerateCacerts recipe setup
  • 0c6e662: 8277383: VM.metaspace optionally show chunk freelist details
  • 9bb8b7f: 8271721: Split gc/g1/TestMixedGCLiveThreshold into separate tests
  • ... and 195 more: https://git.openjdk.java.net/jdk17u-dev/compare/81cd594074dd588189eb8619ad6ac91c8e022212...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@TheRealMDoerr, @GoeLin) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Feb 8, 2022
@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Feb 8, 2022

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Feb 8, 2022
@openjdk
Copy link

openjdk bot commented Feb 8, 2022

@apavlyutkin
Your change (at version ea686fe) is now ready to be sponsored by a Committer.

@GoeLin
Copy link
Member

GoeLin commented Feb 10, 2022

Hi Alexey,
you may not integrate as long as you don't have jdk17u-fix-yes label on the JBS issue. Please see https://wiki.openjdk.java.net/display/JDKUpdates/How+to+contribute+a+fix for how to contribute backports and changes.

/reviewers 2

@openjdk
Copy link

openjdk bot commented Feb 10, 2022

@GoeLin
The number of required reviews for this PR is now set to 2 (with at least 1 of role reviewers).

@openjdk openjdk bot removed sponsor Pull request is ready to be sponsored ready Pull request is ready to be integrated labels Feb 10, 2022
@alexeybakhtin
Copy link

alexeybakhtin commented Feb 22, 2022

Minor comments of the OCSP changes:
The original patch removes unused imports. These unused imports were caused by JDK-8232066: “Remove outdated code/methods from PKIX implementation”
JDK-8232066 does not affect the functionality of this enhancement and can be skipped

So, looks good to me (not a reviewer)

@gnu-andrew
Copy link
Member

gnu-andrew commented Feb 24, 2022

Part of JDK-8272120 is still being dragged in with the use of UTF_8 in OSCP.java. We can retain that as "UTF-8" and avoid adding the import that is not present in the original patch.

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Feb 24, 2022

Part of JDK-8272120 is still being dragged in with the use of UTF_8 in OSCP.java. We can retain that as "UTF-8" and avoid adding the import that is not present in the original patch.

Ok, fixed. BTW how about jdk11u-dev? As I understand being just an enhancement JDK-8272120 does not have a chance to be backported to jdk11, but using "UTF-8" is still an overhead.

Copy link
Contributor

@TheRealMDoerr TheRealMDoerr left a comment

Thanks for the update! Good. I think it makes sense to accept it in 11u, too, after it is carefully reviewed and tested.

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Mar 1, 2022

Thanks for the update! Good. I think it makes sense to accept it in 11u, too, after it is carefully reviewed and tested.

Thank you. I've already completed backports to 11 (very dirty) & 8 (just a bit unclean). They are postponed

@GoeLin how can I get "ready" label back? Thank you

GoeLin
GoeLin approved these changes Mar 1, 2022
Copy link
Member

@GoeLin GoeLin left a comment

Formal requirements are all met now.
LGTM

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Mar 1, 2022
@GoeLin
Copy link
Member

GoeLin commented Mar 1, 2022

Please enable github actions, also in the other repos where you might backport to.

@apavlyutkin
Copy link
Contributor Author

apavlyutkin commented Mar 1, 2022

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Mar 1, 2022
@openjdk
Copy link

openjdk bot commented Mar 1, 2022

@apavlyutkin
Your change (at version e22864b) is now ready to be sponsored by a Committer.

@GoeLin
Copy link
Member

GoeLin commented Mar 1, 2022

/sponsor

@openjdk
Copy link

openjdk bot commented Mar 1, 2022

Going to push as commit 8e13d2f.
Since your change was applied there have been 205 commits pushed to the master branch:

  • 6ce19ed: 8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
  • c2a62d7: 8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
  • 9e9c150: 8276841: Add support for Visual Studio 2022
  • 90d83a2: 8272866: java.util.random package summary contains incorrect mixing function in table
  • fc57ee6: 8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled
  • df5a29c: 8278185: Custom JRE cannot find non-ASCII named module inside
  • 6650652: 8281460: Let ObjectMonitor have its own NMT category
  • 56f0c53: 8278163: --with-cacerts-src variable resolved after GenerateCacerts recipe setup
  • 0c6e662: 8277383: VM.metaspace optionally show chunk freelist details
  • 9bb8b7f: 8271721: Split gc/g1/TestMixedGCLiveThreshold into separate tests
  • ... and 195 more: https://git.openjdk.java.net/jdk17u-dev/compare/81cd594074dd588189eb8619ad6ac91c8e022212...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Mar 1, 2022
@openjdk openjdk bot closed this Mar 1, 2022
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored labels Mar 1, 2022
@openjdk
Copy link

openjdk bot commented Mar 1, 2022

@GoeLin @apavlyutkin Pushed as commit 8e13d2f.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport integrated Pull request has been integrated
5 participants