Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6654

PublicCryptoToken can't be used for database protection verification

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.11.0
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
    • Stakeholder:
      Services
    • Issue discovered during:
      Integration
    • Sprint:
      EJBCA Sprint 13

      Description

      ProtectedDataIntegrityImpl.verifySignature(String, String, int) enforces signature verification using BouncyCastleProvider.PROVIDER_NAME, but org.cesecore.keys.token.PublicCryptoToken mandates the SunRsaSign signature provider.

      Since the keys are instantiated using default provider e.g.

      	private final static String providerName = "SunRsaSign";
      ...
      			return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(data));
      ...
      			return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(data)).getPublicKey();
      

      instead of

      	private final static String providerName = BouncyCastleProvider.PROVIDER_NAME;
      ...
      			return KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(data));
      ...
      			return CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(data)).getPublicKey();
      

      The signature verification has shown to fail.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ulf_undmark Ulf Undmark
                Reporter:
                Hodell Anton Hodell
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 15 minutes
                  15m
                  Remaining:
                  Remaining Estimate - 15 minutes
                  15m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified