On Tue, 30 Mar 2021 02:07:06 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This enhancement contains the following code changes: >> >> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` >> and remove the internal one. >> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` >> so it understands extra fields in `PSSParameterSpec` and is aware of the >> defaults in both directions. >> 3. Update `DOMSignedInfo` so that secure validation can restrict >> `DigestMethod` used inside `RSAPSSParameterSpec` >> 4. Tests > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > update XMLUtils (not used by tests here) src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 36: > 34: * Parameters for the <a > href="http://www.w3.org/2007/05/xmldsig-more#rsa-pss"> > 35: * XML Signature RSASSA-PSS Algorithm</a>. The parameters are expressed > as a > 36: * {@link PSSParameterSpec} object encapsulated. I suggest removing "encapsulated", I found use of that word a little confusing. Maybe just "The parameters are represented as a {@link PSSParameterSpec} object." Similar comment about "encapsulated" in other methods. src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 75: > 73: * {@code TrailerField}. This is equivalent to the parameter-less > signature > 74: * method as defined by > http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1. > 75: * Normally I don't like to hardcode defaults (in case they weaken later) but since this is specified by RFC 6931, I don't think we have a choice, and I think we need to use this default for interoperability. src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 89: > 87: * > 88: * @param spec the input {@code PSSParameterSpec} to be encapsulated > 89: */ Should this throw NPE if spec is null? src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 99: > 97: * @return the encapsulated {@code PSSParameterSpec} object > 98: */ > 99: public PSSParameterSpec getPSSParameterSpec() { If an XML Signature contained an RSAPSSParams with no DigestMethod, would this return a PSSParameterSpec with the defaults as specified in the @implSpec? src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 103: > 101: } > 102: > 103: @Override Since you are overriding `Object.hashCode` and `equals`, I think you should document the specification for that. src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 113: > 111: > 112: @Override > 113: public boolean equals(Object obj) { Add specification. src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/RSAPSSParameterSpec.java line 139: > 137: > 138: @Override > 139: public String toString() { Add specification. ------------- PR: https://git.openjdk.java.net/jdk/pull/3181