On 5/22/20 10:30 AM, Weijun Wang wrote:
Please take a review at
CSR : https://bugs.openjdk.java.net/browse/JDK-8245274
webrev : http://cr.openjdk.java.net/~weijun/8242068/webrev.00/
Major points in CSR:
- new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in
jarsigner
In the CSR, it says "In fact, the new -sigalg option values are quite
useless and do not need to specified."
What happens if you specify anything other than the defaults?
In the Supported Algorithms, what does keysize: (empty) mean? Do you
mean "any size" as in the current table for DSA?
- The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a
signed JAR) are reused for new signature algorithms
I think the CSR should have the proposed changes to the JAR
specification instead of just saying it will be described. Also, we
never defined the "EC" type, so I think this CSR is a good opportunity
to also fix that and add that extension to the JAR spec.
--Sean
major code changes:
- Move signature related utilities methods from AlgorithmId.java to
SignatureUtil.java
- Add new SignatureUtil methods fromKey() and fromSignature() to simplify
creating Signature and getting its AlgorithmId
- Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
- Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all
old and new signature algorithms
- Mark all -altsign related code deprecated and they can be removed once
ContentSigner is removed
Next I'll do some basic interop tests with openssl and BouncyCastle.
Thanks,
Max
