Summary

Add a new SignatureMethodParameterSpec subclass for RSASSA-PSS signature parameters.

Problem

With the RSASSA-PSS signature algorithm supported by the latest version of Apache Santuario, we need a public API so that a user can specify the parameters used to initialize the signature.

Solution

See spec. The algorithm URI, the XML schema definition, and the default value are defined in Section 2.3.9 of RFC 6931.

Specification

/**
 * Parameters for the <a href="http://www.w3.org/2007/05/xmldsig-more#rsa-pss">
 * XML Signature RSASSA-PSS Algorithm</a>. The parameters are represented as a
 * {@link PSSParameterSpec} object.
 * <p>
 * The XML Schema Definition is defined as:
 * <pre><code>
 *    &lt;xs:element name="RSAPSSParams" type="pss:RSAPSSParamsType"&gt;
 *        &lt;xs:annotation&gt;
 *            &lt;xs:documentation&gt;
 *    Top level element that can be used in xs:any namespace="#other"
 *    wildcard of ds:SignatureMethod content.
 *            &lt;/xs:documentation&gt;
 *        &lt;/xs:annotation&gt;
 *    &lt;/xs:element&gt;
 *    &lt;xs:complexType name="RSAPSSParamsType"&gt;
 *        &lt;xs:sequence&gt;
 *            &lt;xs:element ref="ds:DigestMethod" minOccurs="0"/&gt;
 *            &lt;xs:element name="MaskGenerationFunction"
 *               type="pss:MaskGenerationFunctionType" minOccurs="0"/&gt;
 *            &lt;xs:element name="SaltLength" type="xs:int"
 *               minOccurs="0"/&gt;
 *            &lt;xs:element name="TrailerField" type="xs:int"
 *               minOccurs="0"/&gt;
 *        &lt;/xs:sequence&gt;
 *    &lt;/xs:complexType&gt;
 *    &lt;xs:complexType name="MaskGenerationFunctionType"&gt;
 *        &lt;xs:sequence&gt;
 *            &lt;xs:element ref="ds:DigestMethod" minOccurs="0"/&gt;
 *        &lt;/xs:sequence&gt;
 *        &lt;xs:attribute name="Algorithm" type="xs:anyURI"
 *           default="http://www.w3.org/2007/05/xmldsig-more#MGF1"/&gt;
 *    &lt;/xs:complexType&gt;
 * </code></pre>
 *
 * @since 17
 * @see SignatureMethod
 * @see <a href="http://www.ietf.org/rfc/rfc6931.txt">RFC 6931</a>
 */
public final class RSAPSSParameterSpec implements SignatureMethodParameterSpec {


    /**
     * Creates a new {@code RSAPSSParameterSpec} object with the specified
     * {@link PSSParameterSpec} object.
     *
     * @param spec the input {@code PSSParameterSpec} object
     *
     * @throws NullPointerException if {@code spec} is null
     */
    public RSAPSSParameterSpec(PSSParameterSpec spec);

    /**
     * Returns the {@code PSSParameterSpec} object inside.
     *
     * @return the {@code PSSParameterSpec} object inside
     */
    public PSSParameterSpec getPSSParameterSpec();
}

Also, add a new constant for the new signature scheme and specify the behavior and defaults if parameters are not specified at:

--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
+
+    /**
+     * The <a href="http://www.w3.org/2007/05/xmldsig-more#rsa-pss">
+     * RSASSA-PSS</a> signature method algorithm URI.
+     * <p>
+     * Calling {@link XMLSignatureFactory#newSignatureMethod
+     * XMLSignatureFactory.newSignatureMethod(RSA_PSS, null)} returns a
+     * {@code SignatureMethod} object that uses the default parameter as defined in
+     * <a href="https://tools.ietf.org/html/rfc6931#section-2.3.9">RFC 6931 Section 2.3.9</a>,
+     * which uses SHA-256 as the {@code DigestMethod}, MGF1 with SHA-256 as the
+     * {@code MaskGenerationFunction}, 32 as {@code SaltLength}, and 1 as
+     * {@code TrailerField}. This default parameter is represented as an
+     * {@link javax.xml.crypto.dsig.spec.RSAPSSParameterSpec RSAPSSParameterSpec}
+     * type and returned by the {@link #getParameterSpec()} method
+     * of the {@code SignatureMethod} object.
+     *
+     * @since 17
+     */
+    String RSA_PSS = "http://www.w3.org/2007/05/xmldsig-more#rsa-pss";
+