[ECA-8386] Cannot renew a CV certificate using the WS API - Key spec not recognized - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not able to fix
Affects Version/s: EJBCA 6.14.0, EJBCA 7.2.1
Fix Version/s: None
Component/s: PKI core
Labels:
- cvc
- webservice

Issue discovered during:
Customer

Description

A customer is trying to renew a IS certificate using the web service API, but the issuance of the certificate fails with the following error message:

2019-08-01 14:08:58,310 WARN  [org.ejbca.core.ejb.ca.sign.SignSessionBean] (default task-25) Verification of outer signature in CVC request failed for holderRef 'CN=IS01,C=XX'. Message: key spec not recognized.: java.security.spec.InvalidKeySpecException: key spec not recognized
	at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
	at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)
	at java.security.KeyFactory.generatePublic(KeyFactory.java:328)
	at org.cesecore.keys.util.KeyTools.getECPublicKeyWithParams(KeyTools.java:341)
	at org.ejbca.core.ejb.ca.sign.SignSessionBean.getCVPublicKey(SignSessionBean.java:820)
	at org.ejbca.core.ejb.ca.sign.SignSessionBean.createCardVerifiableCertificateWS(SignSessionBean.java:629) [...]

The authenticated CVC request being sent from the inspection system looks like this:

67 REQ_AUTHENTICATION
   7f21 CV_CERTIFICATE
      7f4e CERTIFICATE_BODY
         5f29 PROFILE_IDENTIFIER  0
         42 CA_REFERENCE  XX/DVCA/00030
         7f49 PUBLIC_KEY
            6 OID  0.4.0.127.0.7.2.2.2.2.3
            81 MODULUS
A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377
            82 COEFFICIENT_A
7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9
            83 COEFFICIENT_B
26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6
            84 BASE_POINT_G
048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997
            85 BASE_POINT_R_ORDER
A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7
            86 PUBLIC_POINT_Y
043DB758BAA898F3A621320BF23D2E11A03B1561E98B842AE6828CD8EF91A6965F517F4088A368204A9D674F84B0DFAFC734DF6D93355E19F648F04376C425B1DA
            87 COFACTOR_F  1
         5f20 HOLDER_REFERENCE  XX/IS01/00001
      5f37 SIGNATURE
5E7AE16AAC89B82F5EB54BBEB7DC7F5B1E862CBC8E809DD2C0351997CDCF7C6E68DDBB008867A3723D70ED17C964B2350A107F991A20233AE04061599EF90365
   42 CA_REFERENCE  XX/IS01/00000
   5f37 SIGNATURE
9827C1380C8604A91446628BFD2B77784C650883F30F64A34C52E7101731E5FA21F4499476EE331AEB1C24947D395DC9B1D1426F90DE68727538471E1AEA5DB4

InvalidKeySpecException is thrown by Bouncy Castle when KeyTools.getECPublicKeyWithParams generates a public key with key parameters from the CVCA.

Attachments

Activity

People

Assignee:: Bastian Fredriksson

Reporter:: Bastian Fredriksson

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-08-05 16:01

Updated:: 2019-09-05 08:19

Resolved:: 2019-09-05 08:19

Time Tracking

Estimated:

Remaining:

1d 4h 30m

Logged:

3h 30m