Please take a review at
CSR : https://bugs.openjdk.java.net/browse/JDK-8245274
webrev : http://cr.openjdk.java.net/~weijun/8242068/webrev.00/
Major points in CSR:
- new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in
jarsigner
- The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a
signed JAR) are reused for new signature algorithms
major code changes:
- Move signature related utilities methods from AlgorithmId.java to
SignatureUtil.java
- Add new SignatureUtil methods fromKey() and fromSignature() to simplify
creating Signature and getting its AlgorithmId
- Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
- Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all
old and new signature algorithms
- Mark all -altsign related code deprecated and they can be removed once
ContentSigner is removed
Next I'll do some basic interop tests with openssl and BouncyCastle.
Thanks,
Max
