Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8386

Cannot renew a CV certificate using the WS API - Key spec not recognized

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Not able to fix
        • Affects Version/s: EJBCA 6.14.0, EJBCA 7.2.1
        • Fix Version/s: None
        • Component/s: PKI core
        • Labels:
        • Issue discovered during:
          Customer

          Description

          A customer is trying to renew a IS certificate using the web service API, but the issuance of the certificate fails with the following error message:

          2019-08-01 14:08:58,310 WARN  [org.ejbca.core.ejb.ca.sign.SignSessionBean] (default task-25) Verification of outer signature in CVC request failed for holderRef 'CN=IS01,C=XX'. Message: key spec not recognized.: java.security.spec.InvalidKeySpecException: key spec not recognized
	at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
	at org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi.engineGeneratePublic(Unknown Source)
	at java.security.KeyFactory.generatePublic(KeyFactory.java:328)
	at org.cesecore.keys.util.KeyTools.getECPublicKeyWithParams(KeyTools.java:341)
	at org.ejbca.core.ejb.ca.sign.SignSessionBean.getCVPublicKey(SignSessionBean.java:820)
	at org.ejbca.core.ejb.ca.sign.SignSessionBean.createCardVerifiableCertificateWS(SignSessionBean.java:629) [...]

          The authenticated CVC request being sent from the inspection system looks like this:

          67 REQ_AUTHENTICATION
   7f21 CV_CERTIFICATE
      7f4e CERTIFICATE_BODY
         5f29 PROFILE_IDENTIFIER  0
         42 CA_REFERENCE  XX/DVCA/00030
         7f49 PUBLIC_KEY
            6 OID  0.4.0.127.0.7.2.2.2.2.3
            81 MODULUS
A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377
            82 COEFFICIENT_A
7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9
            83 COEFFICIENT_B
26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6
            84 BASE_POINT_G
048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997
            85 BASE_POINT_R_ORDER
A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7
            86 PUBLIC_POINT_Y
043DB758BAA898F3A621320BF23D2E11A03B1561E98B842AE6828CD8EF91A6965F517F4088A368204A9D674F84B0DFAFC734DF6D93355E19F648F04376C425B1DA
            87 COFACTOR_F  1
         5f20 HOLDER_REFERENCE  XX/IS01/00001
      5f37 SIGNATURE
5E7AE16AAC89B82F5EB54BBEB7DC7F5B1E862CBC8E809DD2C0351997CDCF7C6E68DDBB008867A3723D70ED17C964B2350A107F991A20233AE04061599EF90365
   42 CA_REFERENCE  XX/IS01/00000
   5f37 SIGNATURE
9827C1380C8604A91446628BFD2B77784C650883F30F64A34C52E7101731E5FA21F4499476EE331AEB1C24947D395DC9B1D1426F90DE68727538471E1AEA5DB4

          InvalidKeySpecException is thrown by Bouncy Castle when KeyTools.getECPublicKeyWithParams generates a public key with key parameters from the CVCA.

            Attachments

              Activity

                People

                • Assignee:
                  bastianf Bastian Fredriksson
                  Reporter:
                  bastianf Bastian Fredriksson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 2 days
                    2d
                    Remaining:
                    Time Spent - 3 hours, 30 minutes Remaining Estimate - 1 day, 4 hours, 30 minutes
                    1d 4h 30m
                    Logged:
                    Time Spent - 3 hours, 30 minutes Remaining Estimate - 1 day, 4 hours, 30 minutes
                    3h 30m