Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5414

Systemtest failures with non JDK handled EC curves

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.6.0
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Testing

      Description

      When running system tests with curves that are not part of standard JDK package we run into some exceptions like:
      Caused by: java.lang.RuntimeException: Not a known named curve: 1.2.840.10045.3.1.1

      In PKCS10RequestMessage.verify we are using a verifier that does not set the BC provider.

      We also see:
      Caused by: java.io.NotSerializableException: java.security.cert.Certificate: X.509: java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.1
      Caused by: an exception which occurred:
      in object of type java.security.cert.Certificate$CertificateRep
      in field cert
      in object of type org.cesecore.certificates.certificate.request.X509ResponseMessage

      X509responseMessage has:
      /** Certificate to be in response message, */
      private Certificate cert = null;

      which we know from before to cause problems. Should be changed to byte[]

      After some JDK updates this happens for prime196v1 curves, and it definitely happens with brainpool curves.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: