[GitHub] [santuario-xml-security-java] seanjmullan commented on a diff in pull request #206: SANTUARIO-604: Use PSSParameterSpec for RSASSA-PSS without parameters SignatureMethod URIs

Thu, 07 Sep 2023 07:08:29 -0700 


seanjmullan commented on code in PR #206:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/206#discussion_r1318672899


##########
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java:
##########
@@ -682,7 +743,12 @@ Type getAlgorithmType() {
         }

Review Comment:
   Good idea- fixed.



##########
src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java:
##########
@@ -364,10 +369,53 @@ public String engineGetURI() {
         }
     }
 
+    public abstract static class SignatureBaseRSAPSS extends SignatureBaseRSA {
+
+        public SignatureBaseRSAPSS() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureBaseRSAPSS(Provider provider) throws 
XMLSignatureException {
+            super(provider);
+        }
+
+        @Override
+        Signature getSignature(Provider provider, String algorithmID)
+            throws XMLSignatureException {
+            try {
+                Signature sig;
+                if (provider == null) {
+                    String providerId = JCEMapper.getProviderId();
+                    if (providerId == null) {
+                        sig = Signature.getInstance("RSASSA-PSS");
+                    } else {
+                        sig = Signature.getInstance("RSASSA-PSS", providerId);
+                    }
+                } else {
+                    sig = Signature.getInstance("RSASSA-PSS", provider);
+                }
+                try {
+                    sig.setParameter(getPSSParameterSpec());
+                } catch (InvalidAlgorithmParameterException e) {
+                    throw new NoSuchAlgorithmException("Should not happen", e);
+                }
+                return sig;
+            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+                return super.getSignature(provider, algorithmID);
+            }
+        }
+
+        abstract PSSParameterSpec getPSSParameterSpec();
+    }
+
     /**
      * Class SignatureRSASHA1MGF1
      */
-    public static class SignatureRSASHA1MGF1 extends SignatureBaseRSA {
+    public static class SignatureRSASHA1MGF1 extends SignatureBaseRSAPSS {
+
+        private static PSSParameterSpec spec

Review Comment:
   Fixed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to