-
Bug
-
Resolution: Unresolved
-
P4
-
23
-
Fix Understood
-
generic
-
generic
ADDITIONAL SYSTEM INFORMATION :
This is generic. Has no tie to any OS. Enhancement is not yet available on any JDK version yet.
A DESCRIPTION OF THE PROBLEM :
0
I need to sign XML in Java using Digital Signatures.
I have a key pair using signature algorithm RSASSA-PSS:
SunRsaSign RSASSA-PSS private CRT key, 2048 bits
Sun RSASSA-PSS public key, 2048 bits
See this code here from the OpenJDK test framework: https://github.com/openjdk/jdk/blob/master/test/lib/jdk/test/lib/security/XMLUtils.java
I'm using this utility to load the value:
Document doc = XMLUtils.string2doc("<a><b>Text</b>Raw</a>");
KeyPairGenerator instance = KeyPairGenerator.getInstance("RSASSA-PSS");
instance.initialize(2048);
KeyPair keyPair = instance.generateKeyPair();
PSSParameterSpec pspec = new PSSParameterSpec("SHA-384", "MGF1",
MGF1ParameterSpec.SHA512, 48, TRAILER_FIELD_BC);
Document signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic())
.dm(DigestMethod.SHA384)
.sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec))
.sign(doc);
System.out.println(XMLUtils.doc2string(signed));
System.out.println("Good? " + XMLUtils.validator().validate(signed, keyPair.getPublic()));
Unfortunately, this is not working
Exception in thread "main" java.security.KeyException: unsupported key algorithm: RSASSA-PSS
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory.newKeyValue(DOMKeyInfoFactory.java:85)
because:
https://github.com/openjdk/jdk/blob/master/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java#L82
It does not allow "RSASSA-PSS".
It appears that if it were to be changed to:
} else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) {
return new DOMKeyValue.RSA((RSAPublicKey) key);
That appears to work.
Is this something we can put in place or is there some other way to do this?
This is generic. Has no tie to any OS. Enhancement is not yet available on any JDK version yet.
A DESCRIPTION OF THE PROBLEM :
0
I need to sign XML in Java using Digital Signatures.
I have a key pair using signature algorithm RSASSA-PSS:
SunRsaSign RSASSA-PSS private CRT key, 2048 bits
Sun RSASSA-PSS public key, 2048 bits
See this code here from the OpenJDK test framework: https://github.com/openjdk/jdk/blob/master/test/lib/jdk/test/lib/security/XMLUtils.java
I'm using this utility to load the value:
Document doc = XMLUtils.string2doc("<a><b>Text</b>Raw</a>");
KeyPairGenerator instance = KeyPairGenerator.getInstance("RSASSA-PSS");
instance.initialize(2048);
KeyPair keyPair = instance.generateKeyPair();
PSSParameterSpec pspec = new PSSParameterSpec("SHA-384", "MGF1",
MGF1ParameterSpec.SHA512, 48, TRAILER_FIELD_BC);
Document signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic())
.dm(DigestMethod.SHA384)
.sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec))
.sign(doc);
System.out.println(XMLUtils.doc2string(signed));
System.out.println("Good? " + XMLUtils.validator().validate(signed, keyPair.getPublic()));
Unfortunately, this is not working
Exception in thread "main" java.security.KeyException: unsupported key algorithm: RSASSA-PSS
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory.newKeyValue(DOMKeyInfoFactory.java:85)
because:
https://github.com/openjdk/jdk/blob/master/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java#L82
It does not allow "RSASSA-PSS".
It appears that if it were to be changed to:
} else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) {
return new DOMKeyValue.RSA((RSAPublicKey) key);
That appears to work.
Is this something we can put in place or is there some other way to do this?