On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with these changes. I've also taken this opportunity to do
> some cleanup on CertificateBuilder and added a method which uses a default
> signing algorithm based on the key, so the `build()` method no longer needs
> to provide that algorithm (though one can if they wish for things like RSA
> signatures if they want a different message digest in the signature).
test/lib-test/jdk/test/lib/security/CPVAlgTestWithOCSP.java line 1:
> 1: /*
This test seems to be the more significant reason for this change - should the
issue be renamed to something like "Add OCSP tests for various signature
algorithms including PQC algorithms". The enhancements to the test library
would then be more as an additional improvement in order to support this new
test.
test/lib/jdk/test/lib/security/CertificateBuilder.java line 462:
> 460: throws CertificateException, IOException,
> NoSuchAlgorithmException {
> 461:
> 462: AlgorithmId signAlg;
This variable looks like it is unused now.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23566#discussion_r1955119146
PR Review Comment: https://git.openjdk.org/jdk/pull/23566#discussion_r1955105753
