PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys

[mhalbritter]

Here's such a ed448 key:

-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOSSF8O0uKk5pRrjUNV+QgonwO+WeDRb/i1U7vM+TLzh7
jAV58E6oglA53konKxGv+GC38dCb72gSeQ==
-----END PRIVATE KEY-----

(it has been generated with openssl genpkey -algorithm ed448 -out ed448.key and then converted to PKCS#8 with openssl pkcs8 -topk8 -in ed448.key -nocrypt -out ed448_2.key).

I guess the only change needed is to include Ed448 in these lines:

parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, "RSA", "EC", "DSA", "Ed25519"));

parsers.add(new PemParser(PKCS8_ENCRYPTED_HEADER, PKCS8_ENCRYPTED_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, "RSA", "EC", "DSA", "Ed25519"));

and add tests for it.

[philwebb]

Now that we have a DerElement class I wonder if we can decode the PrivateKeyInfo and get the algorithm directly?

[mhalbritter]

Java 17 has added EdDSA and XDH support.

On Java 17, we can support Ed448 and Ed25519 even in Boot 2.7.x.

XDH support is completely missing. We can support X448 and X25519 in Boot 2.7.x and up on Java 17.

[mhalbritter]

There's also RSA-PSS, which we don't support.

[mhalbritter]

I've added support for XDH (Java 17+), EdDSA (Java17+) and RSS-PSS. And i've improved the tests.

I've not implemented it on top of the DerElement, but I'll create an issue for this: #37426