Hi Xuelei,
Updated webrev looks good.
If we have a failing test to verify the changes, perhaps you can try
disabling the CKM_RSA_PKCS_PSS in the PKCS11 provider configuration
file. Or, you can always comment out the PSS Signature entry
registration in SunPKCS11 provider.
Thanks,
Valerie
On 11/4/2019 7:27 PM, Xuelei Fan wrote:
Hi Valerie,
Thanks for the review.
On 11/4/2019 6:36 PM, Valerie Peng wrote:
Hi Xuelei,
Overall changes look good.
A nit: SignatureScheme.java:552, "Ignore unsupport..." instead of
"Ignore the unsupported..."
Good catch!
It seems that the SignatureScheme selection is always selected with
PrivateKey first?
Yes.
It'd be nice to have some comments explain the different handling
between getSigner(PrivateKey) and getVerifier(PublicKey), i.e. former
returns null vs later passes up the exception.
Yes, better to have some words for the difference. Here is the
updated webrev:
http://cr.openjdk.java.net/~xuelei/8223940/webrev.01/
Comparing to the previous version, only the SignatureScheme.java is
updated.
Thanks,
Xuelei
Thanks,
Valerie
On 10/24/2019 1:56 PM, Xuelei Fan wrote:
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8223940/webrev.00/
For signature algorithms, the update will fail back to use the
supported signature algorithm for the specific private key.
Previously, the first preferred signature algorithm get used ad the
private key may not be able to work with the signature algorithm
however.
No new regression test as RSASSA-PSS has been supported in the
SunPKCS11 provider currently. Can I get a help for the test if you
are running a provider that does not support RSASSA-PSS yet?
Thanks & Regards,
Xuelei
