8146293: Add support for RSASSA-PSS Signature algorithm

Add RSASSA-PSS key and signature support to SunRsaSign provider Reviewed-by: wetmore
2025-08-27 23:04:50 +02:00 · 2018-05-21 23:40:52 +00:00 · 2018-05-21 23:40:52 +00:00 · 9e8d9fe1ee
commit 9e8d9fe1ee
parent 6216182dd1
79 changed files with 5489 additions and 627 deletions
--- a/src/java.base/share/classes/sun/security/pkcs10/PKCS10.java
+++ b/src/java.base/share/classes/sun/security/pkcs10/PKCS10.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -31,11 +31,8 @@ import java.io.IOException;
 import java.math.BigInteger;

 import java.security.cert.CertificateException;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidKeyException;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.PublicKey;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;

 import java.util.Base64;

@ -43,6 +40,8 @@ import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
 import sun.security.x509.X509Key;
 import sun.security.x509.X500Name;
+import sun.security.util.SignatureUtil;
+

 /**
 * A PKCS #10 certificate request is created and sent to a Certificate
@ -169,12 +168,24 @@ public class PKCS10 {
        try {
            sigAlg = id.getName();
            sig = Signature.getInstance(sigAlg);
+
            sig.initVerify(subjectPublicKeyInfo);
+
+            // set parameters after Signature.initSign/initVerify call,
+            // so the deferred provider selections occur when key is set
+            SignatureUtil.specialSetParameter(sig, id.getParameters());
+
            sig.update(data);
-            if (!sig.verify(sigData))
+            if (!sig.verify(sigData)) {
                throw new SignatureException("Invalid PKCS #10 signature");
+            }
        } catch (InvalidKeyException e) {
-            throw new SignatureException("invalid key");
+            throw new SignatureException("Invalid key");
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new SignatureException("Invalid signature parameters", e);
+        } catch (ProviderException e) {
+            throw new SignatureException("Error parsing signature parameters",
+                e.getCause());
        }
    }