I want to use Bouncy Castle FIPS version as a provider (bc-fips:1.0.2), with algorithm PS256, and I get a NoSuchAlgorithmException.
The problem is that in RSSSA#getSignerAndVerifier, the resulting algorithm name is "RSASSA-PSS".
While this is working well with the regular BC provider, it doesn't work with the FIPS version (bc-fips:1.0.2), which expects it to be "SHA256withRSAandMGF1".
See here for example:
under Example 30.
This can be easily reproduced by:
JWSSigner signer = new RSASSASigner(privateKey); signer.getJCAContext().setProvider(new BouncyCastleFipsProvider()); JWSObject jwsObject = new JWSObject( new JWSHeader.Builder("PS256").keyID(UUID.randomUUID().toString()).type(JOSEObjectType.JWT).build(), new Payload("some payload")); jwsObject.sign(signer);
I wonder if that is a bug in Nimbus or in the bcfips library which is not consistent to the regular version.
In any case, can you add the ability to use the bcfips version by allowing an additional input flag isFips or the ability to override the algorithm name or any other method?