--- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java	Sun Jun 24 13:34:42 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java	Mon Jun 25 08:14:11 2018 -0700
@@ -651,15 +651,16 @@
             PublicKey key = certs[0].getPublicKey();
             String keyAlgorithm = key.getAlgorithm();
             String authType;
-            if (keyAlgorithm.equals("RSA")) {
-                authType = "RSA";
-            } else if (keyAlgorithm.equals("DSA")) {
-                authType = "DSA";
-            } else if (keyAlgorithm.equals("EC")) {
-                authType = "EC";
-            } else {
-                // unknown public key type
-                authType = "UNKNOWN";
+            switch (keyAlgorithm) {
+                case "RSA":
+                case "DSA":
+                case "EC":
+                case "RSASSA-PSS":
+                    authType = keyAlgorithm;
+                    break;
+                default:
+                    // unknown public key type
+                    authType = "UNKNOWN";
             }
 
             try {
@@ -1035,14 +1036,14 @@
 
                     if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                         SSLLogger.warning(
-                        "Unable to produce CertificateVerify for scheme: " + ss.name);
+                            "Unable to produce CertificateVerify for " +
+                            "signature scheme: " + ss.name);
                     }
                     checkedKeyTypes.add(ss.keyAlgorithm);
                     continue;
                 }
 
-                SSLAuthentication ka =
-                        X509Authentication.nameOf(ss.keyAlgorithm);
+                SSLAuthentication ka = X509Authentication.valueOf(ss);
                 if (ka == null) {
                     if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                         SSLLogger.warning(
@@ -1232,18 +1233,14 @@
             String authType;
             switch (keyAlgorithm) {
                 case "RSA":
-                    authType = "RSA";
-                    break;
                 case "DSA":
-                    authType = "DSA";
-                    break;
                 case "EC":
-                    authType = "EC";
+                case "RSASSA-PSS":
+                    authType = keyAlgorithm;
                     break;
                 default:
                     // unknown public key type
                     authType = "UNKNOWN";
-                    break;
             }
 
             try {
@@ -1296,26 +1293,10 @@
                     "Failed to parse server certificates", ce);
             }
 
-            // find out the types of client authentication used
-            /*
-            String keyAlgorithm = certs[0].getPublicKey().getAlgorithm();
-            String authType;
-            switch (keyAlgorithm) {
-                case "RSA":
-                    authType = "RSA";
-                    break;
-                case "DSA":
-                    authType = "DSA";
-                    break;
-                case "EC":
-                    authType = "EC";
-                    break;
-                default:
-                    // unknown public key type
-                    authType = "UNKNOWN";
-                    break;
-            }
-            */
+            // find out the types of server authentication used
+            //
+            // Note that the "UNKNOWN" authentication type is sufficient to
+            // check the required digitalSignature KeyUsage for TLS 1.3.
             String authType = "UNKNOWN";
 
             try {
branch	JDK-8145252-TLS13-branch
changeset 56806	32a737f51e37
parent 56782	b472b5917a1b