RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v2]

Weijun Wang weijun at openjdk.java.net
Sun Oct 4 14:02:49 UTC 2020

> Major points in CSR at https://bugs.openjdk.java.net/browse/JDK-8245274:
> - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in jarsigner
> - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a signed JAR) are reused for new signature
>   algorithms
> - A new JarSigner property "directsign"
> - Updating the jarsigner tool doc
> Major code changes:
> - Always use the signature algorithm directly as SignerInfo::signatureAlgorithm. We used to use the encryption algorithm
>   there like RSA, DSA, and EC. Now it's always SHA1withRSA or RSASSA-PSS.
> - Move signature related utilities methods from AlgorithmId.java to SignatureUtil.java
> - Add new SignatureUtil methods fromKey() and fromSignature() to simplify creating Signature and getting its AlgorithmId
> - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
> - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all old and new signature algorithms
> - Mark all -altsign related code deprecated and they can be removed once ContentSigner is removed

Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now
contains three commits:

 - extract some methods, rollback JarUtils, deperated version from 15 to 16.
 - Merge
 - 8242068: Signed JAR support for RSASSA-PSS and EdDSA


Changes: https://git.openjdk.java.net/jdk/pull/322/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=322&range=01
  Stats: 1696 lines in 21 files changed: 972 ins; 555 del; 169 mod
  Patch: https://git.openjdk.java.net/jdk/pull/322.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/322/head:pull/322

PR: https://git.openjdk.java.net/jdk/pull/322

More information about the compiler-dev mailing list