On Thu, 1 Apr 2021 13:32:47 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This enhancement contains the following code changes:
>>
>> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec`
>> and remove the internal one.
>> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod`
>> so it understands extra fields in `PSSParameterSpec` and is aware of the
>> defaults in both directions.
>> 3. Update `DOMSignedInfo` so that secure validation can restrict
>> `DigestMethod` used inside `RSAPSSParameterSpec`
>> 4. Tests
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> spec word change, no hashCode and equals, test change
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java
line 74:
> 72: * {@code MaskGenerationFunction}, 32 as {@code SaltLength}, and 1 as
> 73: * {@code TrailerField}. This is equivalent to the parameter-less
> signature
> 74: * method as defined by
> http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1.
http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 is just a placeholder
page for the namespace. I would instead link to
`SignatureMethod.SHA256_RSA_MGF1` and also reference the RFC for more
information. How about:
`This is equivalent to the {@link SignatureMethod#SHA256_RSA_MGF1
parameter-less signature method} as defined in <a
href="https://www.ietf.org/rfc/rfc6931.txt#section-2.3.10";>RFC 6931</a>.
`
-------------
PR: https://git.openjdk.java.net/jdk/pull/3181
