wangweij commented on code in PR #206:
URL:
https://github.com/apache/santuario-xml-security-java/pull/206#discussion_r1317647363
##########
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java:
##########
@@ -660,7 +712,12 @@ Type getAlgorithmType() {
}
}
- static final class SHA1withRSAandMGF1 extends AbstractRSASignatureMethod {
+ static final class SHA1withRSAandMGF1 extends
AbstractRSAPSSSignatureMethod {
+
+ private static PSSParameterSpec spec
Review Comment:
These can be `final`.
##########
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java:
##########
@@ -682,7 +743,12 @@ Type getAlgorithmType() {
}
Review Comment:
How about we move the `getAlgorithmType` method into
`AbstractRSASignatureMethod`? All RSA and RSASSA-PSS signature methods return
`Type.RSA`. We can even do similar change for `AbstractDSASignatureMethod`,
`AbstractEDDSASignatureMethod`, and `AbstractECDSASignatureMethod`.
##########
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java:
##########
@@ -362,6 +380,40 @@ byte[] preVerifyFormat(Key key, byte[] sig) {
}
}
+ abstract static class AbstractRSAPSSSignatureMethod
+ extends AbstractRSASignatureMethod {
+
+ AbstractRSAPSSSignatureMethod(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+
+ AbstractRSAPSSSignatureMethod(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+
+ public abstract PSSParameterSpec getPSSParameterSpec();
+
+ @Override
+ Signature getSignature(Provider p)
+ throws NoSuchAlgorithmException {
+ try {
+ Signature s = (p == null)
+ ? Signature.getInstance("RSASSA-PSS")
+ : Signature.getInstance("RSASSA-PSS", p);
+ try {
+ s.setParameter(getPSSParameterSpec());
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new NoSuchAlgorithmException("Should not happen", e);
+ }
+ return s;
+ } catch (NoSuchAlgorithmException nsae) {
Review Comment:
How about `return super.getSignature(p);`?
##########
src/main/java/org/apache/xml/security/algorithms/implementations/SignatureBaseRSA.java:
##########
@@ -364,10 +369,53 @@ public String engineGetURI() {
}
}
+ public abstract static class SignatureBaseRSAPSS extends SignatureBaseRSA {
+
+ public SignatureBaseRSAPSS() throws XMLSignatureException {
+ super();
+ }
+
+ public SignatureBaseRSAPSS(Provider provider) throws
XMLSignatureException {
+ super(provider);
+ }
+
+ @Override
+ Signature getSignature(Provider provider, String algorithmID)
+ throws XMLSignatureException {
+ try {
+ Signature sig;
+ if (provider == null) {
+ String providerId = JCEMapper.getProviderId();
+ if (providerId == null) {
+ sig = Signature.getInstance("RSASSA-PSS");
+ } else {
+ sig = Signature.getInstance("RSASSA-PSS", providerId);
+ }
+ } else {
+ sig = Signature.getInstance("RSASSA-PSS", provider);
+ }
+ try {
+ sig.setParameter(getPSSParameterSpec());
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new NoSuchAlgorithmException("Should not happen", e);
+ }
+ return sig;
+ } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+ return super.getSignature(provider, algorithmID);
+ }
+ }
+
+ abstract PSSParameterSpec getPSSParameterSpec();
+ }
+
/**
* Class SignatureRSASHA1MGF1
*/
- public static class SignatureRSASHA1MGF1 extends SignatureBaseRSA {
+ public static class SignatureRSASHA1MGF1 extends SignatureBaseRSAPSS {
+
+ private static PSSParameterSpec spec
Review Comment:
Make `final`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
