diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
index e4c1a30d52545..68cb86eb7fdcb 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
@@ -207,6 +207,22 @@ public static void registerDefaultAlgorithms() {
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
new Algorithm("EC", "SHA512withECDSA", "Signature")
);
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224,
+ new Algorithm("EC", "SHA3-224withECDSA", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256,
+ new Algorithm("EC", "SHA3-256withECDSA", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384,
+ new Algorithm("EC", "SHA3-384withECDSA", "Signature")
+ );
+ algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512,
+ new Algorithm("EC", "SHA3-512withECDSA", "Signature")
+ );
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
new Algorithm("EC", "RIPEMD160withECDSA", "Signature")
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
index 17351f0211e9e..931f3d5553c19 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
@@ -103,7 +103,7 @@ public static MessageDigestAlgorithm getInstance(
return new MessageDigestAlgorithm(doc, algorithmURI);
}
- private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+ public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
if (algorithmID == null) {
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
index 439eefb10dc73..a74d373244ccf 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
@@ -494,6 +494,18 @@ public static void registerDefaultAlgorithms() {
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
);
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, SignatureECDSA.SignatureECDSASHA3_224.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, SignatureECDSA.SignatureECDSASHA3_256.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, SignatureECDSA.SignatureECDSASHA3_384.class
+ );
+ algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, SignatureECDSA.SignatureECDSASHA3_512.class
+ );
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
);
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
index 73e02864bd926..4d38b2f07bda9 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
@@ -770,6 +770,46 @@ public static byte[] convertXMLDSIGtoASN1(byte[] xmldsigBytes) throws IOExceptio
"0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91",
0x2760)
);
+
+ ecCurveDefinitions.add(
+ new ECCurveDefinition(
+ "brainpoolP256r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.7",
+ "a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
+ "7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
+ "26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
+ "8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
+ "547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997",
+ "a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
+ 1)
+ );
+
+ ecCurveDefinitions.add(
+ new ECCurveDefinition(
+ "brainpoolP384r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.11",
+ "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53",
+ "7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826",
+ "04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11",
+ "1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e",
+ "8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315",
+ "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565",
+ 1)
+ );
+
+ ecCurveDefinitions.add(
+ new ECCurveDefinition(
+ "brainpoolP512r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.13",
+ "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
+ "7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
+ "3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
+ "81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
+ "7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
+ "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
+ 1)
+ );
+
}
public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
index 45dafc3ad3894..fc79e0c774e44 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
@@ -66,8 +66,7 @@ public SignatureBaseRSA() throws XMLSignatureException {
public SignatureBaseRSA(Provider provider) throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
this.signatureAlgorithm = getSignature(provider, algorithmID);
- LOG.debug("Created SignatureRSA using {0} and provider {1}",
- algorithmID, signatureAlgorithm.getProvider());
+ LOG.debug("Created SignatureRSA using {0}", algorithmID);
}
Signature getSignature(Provider provider, String algorithmID)
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
index 75a88b8eb1332..a90a314ade294 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
@@ -371,6 +371,110 @@ public String engineGetURI() {
}
}
+ /**
+ * Class SignatureECDSASHA3-224
+ *
+ */
+ public static class SignatureECDSASHA3_224 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureECDSASHA3-224
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA3_224() throws XMLSignatureException {
+ super();
+ }
+
+ public SignatureECDSASHA3_224(Provider provider) throws XMLSignatureException {
+ super(provider);
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224;
+ }
+ }
+
+ /**
+ * Class SignatureECDSASHA3-256
+ *
+ */
+ public static class SignatureECDSASHA3_256 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureECDSASHA3-256
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA3_256() throws XMLSignatureException {
+ super();
+ }
+
+ public SignatureECDSASHA3_256(Provider provider) throws XMLSignatureException {
+ super(provider);
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256;
+ }
+ }
+
+ /**
+ * Class SignatureECDSASHA3-384
+ *
+ */
+ public static class SignatureECDSASHA3_384 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureECDSASHA3-384
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA3_384() throws XMLSignatureException {
+ super();
+ }
+
+ public SignatureECDSASHA3_384(Provider provider) throws XMLSignatureException {
+ super(provider);
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384;
+ }
+ }
+
+ /**
+ * Class SignatureECDSASHA3-512
+ *
+ */
+ public static class SignatureECDSASHA3_512 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureECDSASHA3-512
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA3_512() throws XMLSignatureException {
+ super();
+ }
+
+ public SignatureECDSASHA3_512(Provider provider) throws XMLSignatureException {
+ super(provider);
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512;
+ }
+ }
+
/**
* Class SignatureECDSARIPEMD160
*/
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
index 62f25d1298daf..01dd2ed16d7db 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
@@ -32,15 +32,7 @@
import javax.crypto.SecretKey;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyName;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyValue;
-import com.sun.org.apache.xml.internal.security.keys.content.MgmtData;
-import com.sun.org.apache.xml.internal.security.keys.content.PGPData;
-import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod;
-import com.sun.org.apache.xml.internal.security.keys.content.SPKIData;
-import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
+import com.sun.org.apache.xml.internal.security.keys.content.*;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
@@ -50,7 +42,6 @@
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -88,7 +79,7 @@
* contains the corresponding type.
*
*/
-public class KeyInfo extends SignatureElementProxy {
+public class KeyInfo extends ElementProxy {
private static final com.sun.org.slf4j.internal.Logger LOG =
com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class);
@@ -231,12 +222,24 @@ public void add(RSAKeyValue rsakeyvalue) {
}
/**
- * Method add
+ * Method adds public key encoded as KeyValue. If public key type is not supported by KeyValue, then
+ * DEREncodedKeyValue is used. If public key type is not supported by DEREncodedKeyValue, then
+ * IllegalArgumentException is thrown.
*
- * @param pk
+ * @param pk public key to be added to KeyInfo
*/
- public void add(PublicKey pk) {
- this.add(new KeyValue(getDocument(), pk));
+ public void add(PublicKey pk) {
+
+ if (KeyValue.isSupportedKeyType(pk)) {
+ this.add(new KeyValue(getDocument(), pk));
+ return;
+ }
+
+ try {
+ this.add(new DEREncodedKeyValue(getDocument(), pk));
+ } catch (XMLSecurityException ex) {
+ throw new IllegalArgumentException(ex);
+ }
}
/**
@@ -772,6 +775,7 @@ public boolean containsKeyInfoReference() {
return this.lengthKeyInfoReference() > 0;
}
+
/**
* This method returns the public key.
*
@@ -1188,4 +1192,10 @@ public void addStorageResolver(StorageResolver storageResolver) {
public String getBaseLocalName() {
return Constants._TAG_KEYINFO;
}
+
+ /** {@inheritDoc} */
+ @Override
+ public String getBaseNamespace() {
+ return Constants.SignatureSpecNS;
+ }
}
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
index 823a50366801f..2b5b55a3d040d 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
@@ -41,7 +41,10 @@
public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
/** JCA algorithm key types supported by this implementation. */
- private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"};
+ private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC",
+ "DiffieHellman", "DH", "XDH", "X25519", "X448",
+ "EdDSA", "Ed25519", "Ed448",
+ "RSASSA-PSS"};
/**
* Constructor DEREncodedKeyValue
@@ -144,5 +147,4 @@ protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException
throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs);
}
}
-
}
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
index ee999e6578351..d1eb890f88571 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
@@ -41,7 +41,6 @@
* (section 6.4). The KeyValue element may include externally defined public
* keys values represented as PCDATA or element types from an external
* namespace.
- *
*/
public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
@@ -120,6 +119,20 @@ public KeyValue(Document doc, PublicKey pk) {
}
}
+ /**
+ * Verifies that the XML KeyValue encoding is supported for the given key type. If the
+ * encoding is supported, it returns true else false.
+ *
+ * @return true if the public key has a KeyValue encoding, false otherwise.
+ */
+ public static boolean isSupportedKeyType(PublicKey publicKey) {
+
+ return publicKey instanceof java.security.interfaces.DSAPublicKey
+ || publicKey instanceof java.security.interfaces.RSAPublicKey
+ || publicKey instanceof java.security.interfaces.ECPublicKey;
+
+ }
+
/**
* Constructor KeyValue
*
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java
index 839d9e4285da3..9bc6e55d7e557 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java
@@ -91,6 +91,45 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte
1
);
+ /* Supported curve brainpoolP256r1 */
+ private static final Curve BRAINPOOLP256R1 = initializeCurve(
+ "brainpoolP256r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.7",
+ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
+ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
+ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
+ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
+ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
+ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
+ 1
+ );
+
+ /* Supported curve brainpoolP384r1 */
+ private static final Curve BRAINPOOLP384R1 = initializeCurve(
+ "brainpoolP384r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.11",
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
+ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
+ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
+ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
+ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
+ 1
+ );
+
+ /* Supported curve brainpoolP512r1 */
+ private static final Curve BRAINPOOLP512R1 = initializeCurve(
+ "brainpoolP512r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.13",
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
+ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
+ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
+ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
+ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
+ 1
+ );
+
private static Curve initializeCurve(String name, String oid,
String sfield, String a, String b,
String x, String y, String n, int h) {
@@ -264,7 +303,13 @@ private static String getCurveOid(ECParameterSpec params) {
match = SECP384R1;
} else if (matchCurve(params, SECP521R1)) {
match = SECP521R1;
- } else {
+ } else if (matchCurve(params, BRAINPOOLP256R1)) {
+ match = BRAINPOOLP256R1;
+ } else if (matchCurve(params, BRAINPOOLP384R1)) {
+ match = BRAINPOOLP384R1;
+ } else if (matchCurve(params, BRAINPOOLP512R1)) {
+ match = BRAINPOOLP512R1;
+ }else {
return null;
}
return match.getObjectId();
@@ -332,6 +377,12 @@ private static ECParameterSpec getECParameterSpec(String oid) {
return SECP384R1;
} else if (oid.equals(SECP521R1.getObjectId())) {
return SECP521R1;
+ } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) {
+ return BRAINPOOLP256R1;
+ } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) {
+ return BRAINPOOLP384R1;
+ } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) {
+ return BRAINPOOLP512R1;
} else {
return null;
}
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
index 3d4306e988f7e..0871ffdaffaed 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
@@ -30,7 +30,7 @@ algorithms.HMACOutputLengthMax = HMACOutputLength darf nicht grosser als {0} sei
algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein
algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden
algorithms.MissingRSAPSSParams = RSAPSSParams is a required Element for http://www.w3.org/2007/05/xmldsig-more#rsa-pss
-algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar.
+algorithms.NoSuchAlgorithmNoEx = Der Algorithmus {0} ist nicht verf\u00fcgbar.
algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1}
algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden
algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1}
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
index cfa545e5826c6..b84556de0771e 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
@@ -209,6 +209,23 @@ public final class XMLSignature extends SignatureElementProxy {
public static final String ALGO_ID_SIGNATURE_EDDSA_ED448 =
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448";
+
+ /**Signature - SHA3-224withECDSA */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_224 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224";
+
+ /**Signature - SHA3-256withECDSA */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_256 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256";
+
+ /**Signature - SHA3-384withECDSA */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_384 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384";
+
+ /**Signature - SHA3-512withECDSA */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_512 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512";
+
/** Signature - Optional RSASSA-PSS */
public static final String ALGO_ID_SIGNATURE_RSA_PSS =
Constants.XML_DSIG_NS_MORE_07_05 + "rsa-pss";
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
index d584eac32d191..5ec3e293252b6 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
@@ -71,6 +71,9 @@ public final class Constants {
/** The (newer) URL for more algorithms **/
public static final String XML_DSIG_NS_MORE_07_05 = "http://www.w3.org/2007/05/xmldsig-more#";
+ /** The 2021 xmldsig-more URL for Internet Engineering Task Force (IETF) algorithms **/
+ public static final String XML_DSIG_NS_MORE_21_04 = "http://www.w3.org/2021/04/xmldsig-more#";
+
/** The URI for XML spec*/
public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace";
@@ -144,6 +147,9 @@ public final class Constants {
/** Tag of Element MaskGenerationFunction **/
public static final String _TAG_MGF = "MaskGenerationFunction";
+ /** Tag of Element Salt **/
+ public static final String _TAG_SALT = "Salt";
+
/** Tag of Element SaltLength **/
public static final String _TAG_SALTLENGTH = "SaltLength";
diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
index 6f061fc977244..b68a56fd8b916 100644
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
@@ -512,6 +512,9 @@ public static void registerDefaultPrefixes() throws XMLSecurityException {
"http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
);
setNamespacePrefix("http://www.w3.org/2009/xmldsig11#", "dsig11");
+ setNamespacePrefix("http://www.w3.org/2001/04/xmldsig-more", "rfc4051");
+ setNamespacePrefix("http://www.w3.org/2007/05/xmldsig-more#", "rfc6931");
+ setNamespacePrefix("http://www.w3.org/2021/04/xmldsig-more#", "rfc9231");
}
/**
diff --git a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
index bf7bb59c9e161..f9b683c838c9e 100644
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -312,6 +312,42 @@ public interface SignatureMethod extends XMLStructure, AlgorithmMethod {
"http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1";
+ /**
+ * The
+ * ECDSA-SHA3-224 signature method algorithm URI.
+ *
+ * @since 25
+ */
+ String ECDSA_SHA3_224 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224";
+
+ /**
+ * The
+ * ECDSA-SHA3-256 signature method algorithm URI.
+ *
+ * @since 25
+ */
+ String ECDSA_SHA3_256 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256";
+
+ /**
+ * The
+ * ECDSA-SHA3-384 signature method algorithm URI.
+ *
+ * @since 25
+ */
+ String ECDSA_SHA3_384 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384";
+
+ /**
+ * The
+ * ECDSA-SHA3-512 signature method algorithm URI.
+ *
+ * @since 25
+ */
+ String ECDSA_SHA3_512 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512";
+
/**
* Returns the algorithm-specific input parameters of this
* SignatureMethod.
diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
index cec1224affade..2ce4858bc81cb 100644
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
@@ -81,7 +81,7 @@ public KeyValue newKeyValue(PublicKey key) throws KeyException {
String algorithm = key.getAlgorithm();
if ("DSA".equals(algorithm)) {
return new DOMKeyValue.DSA((DSAPublicKey) key);
- } else if ("RSA".equals(algorithm)) {
+ } else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) {
return new DOMKeyValue.RSA((RSAPublicKey) key);
} else if ("EC".equals(algorithm)) {
return new DOMKeyValue.EC((ECPublicKey) key);
diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
index 0933c21bfd3d4..738ab64693c5d 100644
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
@@ -241,6 +241,33 @@ RSAPublicKey unmarshalKeyValue(Element kvtElem)
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
return (RSAPublicKey) generatePublicKey(rsakf, spec);
}
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (!(obj instanceof KeyValue)) {
+ return false;
+ }
+ // This equality test allows RSA keys that have different
+ // algorithms (ex: RSA and RSASSA-PSS) to be equal as long
+ // as the key is the same.
+ try {
+ PublicKey otherKey = ((KeyValue)obj).getPublicKey();
+ if (!(otherKey instanceof RSAPublicKey)) {
+ return false;
+ }
+ RSAPublicKey otherRSAKey = (RSAPublicKey)otherKey;
+ RSAPublicKey rsaKey = (RSAPublicKey)getPublicKey();
+ return rsaKey.getPublicExponent().equals(
+ otherRSAKey.getPublicExponent())
+ && rsaKey.getModulus().equals(otherRSAKey.getModulus());
+ } catch (KeyException ke) {
+ // no practical way to determine if the keys are equal
+ return false;
+ }
+ }
}
static final class DSA extends DOMKeyValue {
@@ -369,6 +396,42 @@ static final class EC extends DOMKeyValue {
1
);
+ private static final Curve BRAINPOOLP256R1 = initializeCurve(
+ "brainpoolP256r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.7",
+ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
+ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
+ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
+ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
+ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
+ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
+ 1
+ );
+
+ private static final Curve BRAINPOOLP384R1 = initializeCurve(
+ "brainpoolP384r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.11",
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
+ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
+ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
+ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
+ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
+ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
+ 1
+ );
+
+ private static final Curve BRAINPOOLP512R1 = initializeCurve(
+ "brainpoolP512r1 [RFC 5639]",
+ "1.3.36.3.3.2.8.1.1.13",
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
+ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
+ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
+ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
+ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
+ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
+ 1
+ );
+
private static Curve initializeCurve(String name, String oid,
String sfield, String a, String b,
String x, String y, String n, int h) {
@@ -448,6 +511,12 @@ private static String getCurveOid(ECParameterSpec params) {
match = SECP384R1;
} else if (matchCurve(params, SECP521R1)) {
match = SECP521R1;
+ } else if (matchCurve(params, BRAINPOOLP256R1)) {
+ match = BRAINPOOLP256R1;
+ } else if (matchCurve(params, BRAINPOOLP384R1)) {
+ match = BRAINPOOLP384R1;
+ } else if (matchCurve(params, BRAINPOOLP512R1)) {
+ match = BRAINPOOLP512R1;
} else {
return null;
}
@@ -485,7 +554,7 @@ void marshalPublicKey(Node parent, Document doc, String dsPrefix,
DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid);
String qname = (prefix == null || prefix.length() == 0)
? "xmlns" : "xmlns:" + prefix;
- namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
+ ecKeyValueElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
qname, XMLDSIG_11_XMLNS);
ecKeyValueElem.appendChild(namedCurveElem);
String encoded = XMLUtils.encodeToString(ecPublicKey);
@@ -555,6 +624,12 @@ private static ECParameterSpec getECParameterSpec(String oid) {
return SECP384R1;
} else if (oid.equals(SECP521R1.getObjectId())) {
return SECP521R1;
+ } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) {
+ return BRAINPOOLP256R1;
+ } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) {
+ return BRAINPOOLP384R1;
+ } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) {
+ return BRAINPOOLP512R1;
} else {
return null;
}
diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
index 5e44ccaeae8b0..6523b93935da8 100644
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
@@ -100,6 +100,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519";
static final String ED448 =
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448";
+ static final String ECDSA_SHA3_224 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224";
+ static final String ECDSA_SHA3_256 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256";
+ static final String ECDSA_SHA3_384 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384";
+ static final String ECDSA_SHA3_512 =
+ "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512";
// see RFC 6931 for these algorithm definitions
static final String ECDSA_RIPEMD160 =
@@ -241,6 +249,14 @@ static SignatureMethod unmarshal(Element smElem) throws MarshalException {
return new SHA384withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA512)) {
return new SHA512withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA3_224)) {
+ return new SHA3_224withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA3_256)) {
+ return new SHA3_256withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA3_384)) {
+ return new SHA3_384withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA3_512)) {
+ return new SHA3_512withECDSA(smElem);
} else if (alg.equals(ECDSA_RIPEMD160)) {
return new RIPEMD160withECDSA(smElem);
} else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
@@ -1160,6 +1176,94 @@ String getJCAFallbackAlgorithm() {
}
}
+ static final class SHA3_224withECDSA extends AbstractECDSASignatureMethod {
+ SHA3_224withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA3_224withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_SHA3_224;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "SHA3-224withECDSAinP1363Format";
+ }
+ @Override
+ String getJCAFallbackAlgorithm() {
+ return "SHA3-224withECDSA";
+ }
+ }
+
+ static final class SHA3_256withECDSA extends AbstractECDSASignatureMethod {
+ SHA3_256withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA3_256withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_SHA3_256;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "SHA3-256withECDSAinP1363Format";
+ }
+ @Override
+ String getJCAFallbackAlgorithm() {
+ return "SHA3-256withECDSA";
+ }
+ }
+
+ static final class SHA3_384withECDSA extends AbstractECDSASignatureMethod {
+ SHA3_384withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA3_384withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_SHA3_384;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "SHA3-384withECDSAinP1363Format";
+ }
+ @Override
+ String getJCAFallbackAlgorithm() {
+ return "SHA3-384withECDSA";
+ }
+ }
+
+ static final class SHA3_512withECDSA extends AbstractECDSASignatureMethod {
+ SHA3_512withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA3_512withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_SHA3_512;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "SHA3-512withECDSAinP1363Format";
+ }
+ @Override
+ String getJCAFallbackAlgorithm() {
+ return "SHA3-512withECDSA";
+ }
+ }
+
static final class RIPEMD160withECDSA extends AbstractECDSASignatureMethod {
RIPEMD160withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
index 119bf16bc3236..52ccc84d1d072 100644
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
@@ -345,6 +345,14 @@ public SignatureMethod newSignatureMethod(String algorithm,
return new DOMSignatureMethod.SHA384withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) {
return new DOMSignatureMethod.SHA512withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_224)) {
+ return new DOMSignatureMethod.SHA3_224withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_256)) {
+ return new DOMSignatureMethod.SHA3_256withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_384)) {
+ return new DOMSignatureMethod.SHA3_384withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_512)) {
+ return new DOMSignatureMethod.SHA3_512withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) {
return new DOMSignatureMethod.RIPEMD160withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ED25519)) {
diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
index 2982291c8e253..670d7b0c8673a 100644
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
@@ -142,7 +142,7 @@ public Object newInstance(Object ctrParamObj)
@SuppressWarnings("removal")
public XMLDSigRI() {
// This is the JDK XMLDSig provider, synced from
- // Apache Santuario XML Security for Java, version 3.0.3
+ // Apache Santuario XML Security for Java, version 3.0.5
super("XMLDSig", VER, INFO);
final Provider p = this;
diff --git a/src/java.xml.crypto/share/legal/santuario.md b/src/java.xml.crypto/share/legal/santuario.md
index 768f0c7b144a4..4421e16df25a1 100644
--- a/src/java.xml.crypto/share/legal/santuario.md
+++ b/src/java.xml.crypto/share/legal/santuario.md
@@ -1,4 +1,4 @@
-## Apache Santuario v3.0.3
+## Apache Santuario v3.0.5
### Apache 2.0 License
```
@@ -211,7 +211,7 @@ limitations under the License.
```
Apache Santuario - XML Security for Java
-Copyright 1999-2023 The Apache Software Foundation
+Copyright 1999-2024 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
@@ -223,5 +223,5 @@ The development of this software was partly funded by the European
Commission in the project in the ISIS Programme.
This product contains software that is
-copyright (c) 2021, Oracle and/or its affiliates.
+copyright (c) 2021, 2023, Oracle and/or its affiliates.
```
diff --git a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java
index 7ab2c7f4e9345..668a5a50a0ade 100644
--- a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java
+++ b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
/**
* @test
* @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949
- * 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972
+ * 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972 8344137
* @summary Basic unit tests for generating XML Signatures with JSR 105
* @modules java.base/sun.security.util
* java.base/sun.security.x509
@@ -99,6 +99,7 @@ public class GenerationTests {
private static SignatureMethod dsaSha1, dsaSha256,
rsaSha1, rsaSha224, rsaSha256, rsaSha384, rsaSha512,
ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512,
+ ecdsaSha3_224, ecdsaSha3_256, ecdsaSha3_384, ecdsaSha3_512,
hmacSha1, hmacSha224, hmacSha256, hmacSha384, hmacSha512,
rsaSha1mgf1, rsaSha224mgf1, rsaSha256mgf1, rsaSha384mgf1, rsaSha512mgf1,
rsaSha3_224mgf1, rsaSha3_256mgf1, rsaSha3_384mgf1, rsaSha3_512mgf1,
@@ -244,9 +245,9 @@ public class GenerationTests {
})
.toArray(String[]::new);
- // As of JDK 22, the number of defined algorithms are...
+ // As of JDK 25, the number of defined algorithms are...
static {
- if (allSignatureMethods.length != 29
+ if (allSignatureMethods.length != 33
|| allDigestMethods.length != 9) {
System.out.println(Arrays.toString(allSignatureMethods));
System.out.println(Arrays.toString(allDigestMethods));
@@ -305,6 +306,10 @@ public static void main(String args[]) throws Exception {
test_create_signature_enveloping_p256_sha256();
test_create_signature_enveloping_p256_sha384();
test_create_signature_enveloping_p256_sha512();
+ test_create_signature_enveloping_p256_sha3_224();
+ test_create_signature_enveloping_p256_sha3_256();
+ test_create_signature_enveloping_p256_sha3_384();
+ test_create_signature_enveloping_p256_sha3_512();
test_create_signature_enveloping_p384_sha1();
test_create_signature_enveloping_p521_sha1();
test_create_signature_enveloping_ed25519();
@@ -559,6 +564,10 @@ private static void setup() throws Exception {
ecdsaSha256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA256, null);
ecdsaSha384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA384, null);
ecdsaSha512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA512, null);
+ ecdsaSha3_224 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_224, null);
+ ecdsaSha3_256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_256, null);
+ ecdsaSha3_384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_384, null);
+ ecdsaSha3_512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_512, null);
ed25519 = fac.newSignatureMethod(SignatureMethod.ED25519, null);
ed448 = fac.newSignatureMethod(SignatureMethod.ED448, null);
@@ -892,6 +901,34 @@ static void test_create_signature_enveloping_p256_sha512() throws Exception {
System.out.println();
}
+ static void test_create_signature_enveloping_p256_sha3_224() throws Exception {
+ System.out.println("* Generating signature-enveloping-p256-sha3_224.xml");
+ test_create_signature_enveloping(sha1, ecdsaSha3_224, p256ki,
+ getECPrivateKey("P256"), kvks, false, true);
+ System.out.println();
+ }
+
+ static void test_create_signature_enveloping_p256_sha3_256() throws Exception {
+ System.out.println("* Generating signature-enveloping-p256-sha3_256.xml");
+ test_create_signature_enveloping(sha1, ecdsaSha3_256, p256ki,
+ getECPrivateKey("P256"), kvks, false, true);
+ System.out.println();
+ }
+
+ static void test_create_signature_enveloping_p256_sha3_384() throws Exception {
+ System.out.println("* Generating signature-enveloping-p256-sha3_384.xml");
+ test_create_signature_enveloping(sha1, ecdsaSha3_384, p256ki,
+ getECPrivateKey("P256"), kvks, false, true);
+ System.out.println();
+ }
+
+ static void test_create_signature_enveloping_p256_sha3_512() throws Exception {
+ System.out.println("* Generating signature-enveloping-p256-sha3_512.xml");
+ test_create_signature_enveloping(sha1, ecdsaSha3_512, p256ki,
+ getECPrivateKey("P256"), kvks, false, true);
+ System.out.println();
+ }
+
static void test_create_signature_enveloping_p384_sha1() throws Exception {
System.out.println("* Generating signature-enveloping-p384-sha1.xml");
test_create_signature_enveloping(sha1, ecdsaSha1, p384ki,
diff --git a/test/jdk/javax/xml/crypto/dsig/PSS.java b/test/jdk/javax/xml/crypto/dsig/PSS.java
new file mode 100644
index 0000000000000..3b5730577fb98
--- /dev/null
+++ b/test/jdk/javax/xml/crypto/dsig/PSS.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.security.XMLUtils;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.spec.RSAPSSParameterSpec;
+import java.security.KeyPairGenerator;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+
+/**
+ * @test
+ * @bug 8344137
+ * @summary check RSASSA-PSS key
+ * @library /test/lib
+ * @modules java.xml.crypto
+ */
+public class PSS {
+
+ public static void main(String[] args) throws Exception {
+
+ var doc = XMLUtils.string2doc("TextRaw");
+ var kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
+ kpg.initialize(2048);
+ var keyPair = kpg.generateKeyPair();
+
+ var pspec = new PSSParameterSpec("SHA-384", "MGF1",
+ MGF1ParameterSpec.SHA512, 48,
+ PSSParameterSpec.TRAILER_FIELD_BC);
+
+ var signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic())
+ .dm(DigestMethod.SHA384)
+ .sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec))
+ .sign(doc);
+
+ Asserts.assertTrue(XMLUtils.validator().validate(signed));
+ }
+}