On Tue, 13 Apr 2021 15:31:35 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This enhancement contains the following code changes: >> >> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` >> and remove the internal one. >> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` >> so it understands extra fields in `PSSParameterSpec` and is aware of the >> defaults in both directions. >> 3. Update `DOMSignedInfo` so that secure validation can restrict >> `DigestMethod` used inside `RSAPSSParameterSpec` >> 4. Tests > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > spec clarification src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java line 247: > 245: * as the signature algorithm, the default parameter as defined in > 246: * <a href="https://tools.ietf.org/html/rfc6931#section-2.3.9";>RFC > 6931 Section 2.3.9</a> > 247: * is used and this default parameter will also be returned by the WE should mention/link to the type returned. Suggest breaking this into two sentences: `If the {@code params} parameter is {@code null} when calling {@link XMLSignatureFactory#newSignatureMethod} with {@code RSA_PSS} as the signature algorithm, the default parameter as defined in <a href="https://tools.ietf.org/html/rfc6931#section-2.3.9";>RFC 6931 Section 2.3.9</a> is used. This default parameter is represented as an {@link RSAPSSParameterSpec} type and returned by the {@link SignatureMethod#getParameterSpec()} method.` ------------- PR: https://git.openjdk.java.net/jdk/pull/3181
