3131 * java.base/sun.security.x509
3232 * @run main/othervm SecureValidation
3333 */
34+
35+ /*
36+ * ===========================================================================
37+ * (c) Copyright IBM Corp. 2025, 2025 All Rights Reserved
38+ * ===========================================================================
39+ */
40+
3441import jdk .test .lib .Asserts ;
3542import jdk .test .lib .security .XMLUtils ;
3643import jdk .test .lib .Utils ;
4855import javax .xml .xpath .XPathConstants ;
4956import javax .xml .xpath .XPathFactory ;
5057import java .security .PrivateKey ;
58+ import java .security .Signature ;
5159import java .security .cert .X509Certificate ;
5260import java .security .spec .MGF1ParameterSpec ;
5361import java .security .spec .PSSParameterSpec ;
@@ -70,10 +78,24 @@ public static void main(String[] args) throws Exception {
7078 MGF1ParameterSpec .SHA512 , 48 , TRAILER_FIELD_BC );
7179
7280 // Sign with PSS with SHA-384 and SHA-512
73- Document signed = XMLUtils .signer (privateKey , cert )
81+ var signer = XMLUtils .signer (privateKey , cert )
7482 .dm (DigestMethod .SHA384 )
75- .sm (SignatureMethod .RSA_PSS , new RSAPSSParameterSpec (pspec ))
76- .sign (doc );
83+ .sm (SignatureMethod .RSA_PSS , new RSAPSSParameterSpec (pspec ));
84+ Document signed ;
85+ try {
86+ signed = signer .sign (doc );
87+ } catch (javax .xml .crypto .dsig .XMLSignatureException xmlse ) {
88+ Throwable cause = xmlse .getCause ();
89+ if (cause instanceof java .security .InvalidAlgorithmParameterException ) {
90+ if (Signature .getInstance ("RSASSA-PSS" ).getProvider ().getName ().equals ("OpenJCEPlus" )
91+ && cause .getMessage ().equals ("The message digest within the PSSParameterSpec does not match the MGF message digest." )
92+ ) {
93+ System .out .println ("Expected error message is caught for OpenJCEPlus provider." );
94+ return ;
95+ }
96+ }
97+ throw xmlse ;
98+ }
7799
78100 XPath xp = XPathFactory .newInstance ().newXPath ();
79101 xp .setNamespaceContext (new NamespaceContext () {
0 commit comments