santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43414] New: - Cannot parse X509 cert with key size longer than 2048 (JRE 1.4)
Date Tue, 18 Sep 2007 07:40:35 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43414>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43414

           Summary: Cannot parse X509 cert with key size longer than 2048
                    (JRE 1.4)
           Product: Security
           Version: Java 1.4.1
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: blocker
          Priority: P1
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: julien.pasquier@wanadoo.fr


There's a 'bug' on the CertificateFactory class of the Sun JCE Provider
integrated in the Sun Java 1.4.2, which supports cryptography for certificates
with key size no longer than 2048 bytes.

In the org.apache.xml.security.keys.content.x509.XMLX509Certificate, the
"getX509Certificate" method only use the CertificateFactory supplied by the Sun
JCE Provider of the JRE.

---------------------------

To fix this bug, developer should be specify another JCE provider (for example
BouncyCastle).

String provider = JCEMapper.getProviderId();
CertificateFactory certFact;
if (provider == null)
{
    certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
}
else
{
    certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID,
provider);
}
...

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message