Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Not able to fix
-
Affects Version/s: EJBCA 6.14.0, EJBCA 7.2.1
-
Fix Version/s: None
-
Component/s: PKI core
-
Labels:
-
Issue discovered during:Customer
Description
A customer is trying to renew a IS certificate using the web service API, but the issuance of the certificate fails with the following error message:
2019-08-01 14:08:58,310 WARN [org.ejbca.core.ejb.ca.sign.SignSessionBean] (default task-25) Verification of outer signature in CVC request failed for holderRef 'CN=IS01,C=XX'. Message: key spec not recognized.: java.security.spec.InvalidKeySpecException: key spec not recognized at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source) at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source) at java.security.KeyFactory.generatePublic(KeyFactory.java:328) at org.cesecore.keys.util.KeyTools.getECPublicKeyWithParams(KeyTools.java:341) at org.ejbca.core.ejb.ca.sign.SignSessionBean.getCVPublicKey(SignSessionBean.java:820) at org.ejbca.core.ejb.ca.sign.SignSessionBean.createCardVerifiableCertificateWS(SignSessionBean.java:629) [...]
The authenticated CVC request being sent from the inspection system looks like this:
67 REQ_AUTHENTICATION 7f21 CV_CERTIFICATE 7f4e CERTIFICATE_BODY 5f29 PROFILE_IDENTIFIER 0 42 CA_REFERENCE XX/DVCA/00030 7f49 PUBLIC_KEY 6 OID 0.4.0.127.0.7.2.2.2.2.3 81 MODULUS A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377 82 COEFFICIENT_A 7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9 83 COEFFICIENT_B 26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6 84 BASE_POINT_G 048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997 85 BASE_POINT_R_ORDER A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7 86 PUBLIC_POINT_Y 043DB758BAA898F3A621320BF23D2E11A03B1561E98B842AE6828CD8EF91A6965F517F4088A368204A9D674F84B0DFAFC734DF6D93355E19F648F04376C425B1DA 87 COFACTOR_F 1 5f20 HOLDER_REFERENCE XX/IS01/00001 5f37 SIGNATURE 5E7AE16AAC89B82F5EB54BBEB7DC7F5B1E862CBC8E809DD2C0351997CDCF7C6E68DDBB008867A3723D70ED17C964B2350A107F991A20233AE04061599EF90365 42 CA_REFERENCE XX/IS01/00000 5f37 SIGNATURE 9827C1380C8604A91446628BFD2B77784C650883F30F64A34C52E7101731E5FA21F4499476EE331AEB1C24947D395DC9B1D1426F90DE68727538471E1AEA5DB4
InvalidKeySpecException is thrown by Bouncy Castle when KeyTools.getECPublicKeyWithParams generates a public key with key parameters from the CVCA.