Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6396

Specify Bouncy Castle provider explicitly for audit log verification

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 4

      Description

      Currently the ProtectedDataIntegrityImpl.java does not specify a provider which means that the signature verification implementation could come from any of the installed providers supporting the algorithm. For predictability we should instead specify the "BC" provider.

      (Additionally, this also causes EJBCAINTER-150 but that can be solved in a different way).

      See ProtectedDataIntegrityImpl.java:

      // ...
              final Signature signature = Signature.getInstance(sigalg);
      / ...
              signature.initVerify(pubKey);
      /...
      

      where it instead should be Signature.getInstance(sigalg, BouncyCastleProvider.PROVIDER_NAME);

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              markus Markus KilÄs
              Verified by:
              Bastian Fredriksson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: