8242184: CRL generation error with RSASSA-PSS

Reviewed-by: xuelei

src/java.base/share/classes/sun/security/x509/AlgorithmId.java

@@ -1041,6 +1041,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
             case "RSA":
                 return ifcFfcStrength(KeyUtil.getKeySize(k))
                     + "withRSA";
+            case "RSASSA-PSS":
+                return "RSASSA-PSS";
             default:
                 return null;
         }

src/java.base/share/classes/sun/security/x509/X509CRLImpl.java

@@ -35,6 +35,7 @@ import java.security.cert.X509Certificate;
 import java.security.cert.X509CRLEntry;
 import java.security.cert.CRLException;
 import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
 import java.util.*;
 
 import javax.security.auth.x500.X500Principal;
@@ -495,10 +496,20 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
             else
                 sigEngine = Signature.getInstance(algorithm, provider);
 
-            sigEngine.initSign(key);
+            AlgorithmParameterSpec params = AlgorithmId
+                    .getDefaultAlgorithmParameterSpec(algorithm, key);
+            try {
+                SignatureUtil.initSignWithParam(sigEngine, key, params, null);
+            } catch (InvalidAlgorithmParameterException e) {
+                throw new SignatureException(e);
+            }
 
-            // in case the name is reset
-            sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
+            if (params != null) {
+                sigAlgId = AlgorithmId.get(sigEngine.getParameters());
+            } else {
+                // in case the name is reset
+                sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
+            }
             infoSigAlgId = sigAlgId;
 
             DerOutputStream out = new DerOutputStream();

src/java.base/share/classes/sun/security/x509/X509CertImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -601,11 +601,11 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
             SignatureUtil.initSignWithParam(sigEngine, key, signingParams,
                     null);
 
-            // in case the name is reset
             if (signingParams != null) {
                 algId = AlgorithmId.get(sigEngine.getParameters());
             } else {
-                algId = AlgorithmId.get(algorithm);
+                // in case the name is reset
+                algId = AlgorithmId.get(sigEngine.getAlgorithm());
             }
             DerOutputStream out = new DerOutputStream();
             DerOutputStream tmp = new DerOutputStream();