Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6396

Specify Bouncy Castle provider explicitly for audit log verification

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 4

      Description

      Currently the ProtectedDataIntegrityImpl.java does not specify a provider which means that the signature verification implementation could come from any of the installed providers supporting the algorithm. For predictability we should instead specify the "BC" provider.

      (Additionally, this also causes EJBCAINTER-150 but that can be solved in a different way).

      See ProtectedDataIntegrityImpl.java:

      // ...
              final Signature signature = Signature.getInstance(sigalg);
      / ...
              signature.initVerify(pubKey);
      /...
      

      where it instead should be Signature.getInstance(sigalg, BouncyCastleProvider.PROVIDER_NAME);

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                markus Markus Kilås
                Verified by:
                Bastian Fredriksson
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: