Fix certificate creation with cross-keys (#31866)
fixes #31864 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
This commit is contained in:
parent
35c8c09b8d
commit
bf951a5554
3 changed files with 34 additions and 7 deletions
|
@ -183,6 +183,36 @@ public abstract class JWKTest {
|
|||
verify(data, sign, JavaAlgorithm.ES256, publicKeyFromJwk);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCertificateGenerationWithRsaAndEc() throws Exception {
|
||||
KeyPairGenerator keyGenRsa = CryptoIntegration.getProvider().getKeyPairGen(KeyType.RSA);
|
||||
KeyPairGenerator keyGenEc = CryptoIntegration.getProvider().getKeyPairGen(KeyType.EC);
|
||||
SecureRandom randomGen = new SecureRandom();
|
||||
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
|
||||
keyGenEc.initialize(ecSpec, randomGen);
|
||||
KeyPair keyPairRsa = keyGenRsa.generateKeyPair();
|
||||
KeyPair keyPairEc = keyGenEc.generateKeyPair();
|
||||
X509Certificate certificateRsa = generateV1SelfSignedCertificate(keyPairRsa, "root");
|
||||
X509Certificate certificateEc = generateV3Certificate(keyPairEc, keyPairRsa.getPrivate(), certificateRsa, "child");
|
||||
certificateRsa.verify(keyPairRsa.getPublic());
|
||||
certificateEc.verify(keyPairRsa.getPublic());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCertificateGenerationWithEcAndRsa() throws Exception {
|
||||
KeyPairGenerator keyGenRsa = CryptoIntegration.getProvider().getKeyPairGen(KeyType.RSA);
|
||||
KeyPairGenerator keyGenEc = CryptoIntegration.getProvider().getKeyPairGen(KeyType.EC);
|
||||
SecureRandom randomGen = new SecureRandom();
|
||||
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
|
||||
keyGenEc.initialize(ecSpec, randomGen);
|
||||
KeyPair keyPairRsa = keyGenRsa.generateKeyPair();
|
||||
KeyPair keyPairEc = keyGenEc.generateKeyPair();
|
||||
X509Certificate certificateEc = generateV1SelfSignedCertificate(keyPairEc, "root");
|
||||
X509Certificate certificateRsa = generateV3Certificate(keyPairRsa, keyPairEc.getPrivate(), certificateEc, "child");
|
||||
certificateRsa.verify(keyPairEc.getPublic());
|
||||
certificateEc.verify(keyPairEc.getPublic());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void publicEs256P256() throws Exception {
|
||||
testPublicEs256("secp256r1");
|
||||
|
|
|
@ -84,10 +84,9 @@ public class BCCertificateUtilsProvider implements CertificateUtilsProvider {
|
|||
* @param caCert the CA certificate
|
||||
* @param subject the subject name
|
||||
* @return the x509 certificate
|
||||
* @throws Exception the exception
|
||||
*/
|
||||
public X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert,
|
||||
String subject) throws Exception {
|
||||
String subject) {
|
||||
try {
|
||||
X500Name subjectDN = new X500Name("CN=" + subject);
|
||||
|
||||
|
@ -131,7 +130,7 @@ public class BCCertificateUtilsProvider implements CertificateUtilsProvider {
|
|||
|
||||
// Content Signer
|
||||
ContentSigner sigGen;
|
||||
switch (keyPair.getPublic().getAlgorithm())
|
||||
switch (caCert.getPublicKey().getAlgorithm())
|
||||
{
|
||||
case "EC":
|
||||
sigGen = new JcaContentSignerBuilder("SHA256WithECDSA").setProvider(BouncyIntegration.PROVIDER)
|
||||
|
|
|
@ -86,11 +86,9 @@ public class BCFIPSCertificateUtilsProvider implements CertificateUtilsProvider{
|
|||
* @param subject the subject name
|
||||
*
|
||||
* @return the x509 certificate
|
||||
*
|
||||
* @throws Exception the exception
|
||||
*/
|
||||
public X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert,
|
||||
String subject) throws Exception {
|
||||
String subject) {
|
||||
try {
|
||||
X500Name subjectDN = new X500Name("CN=" + subject);
|
||||
|
||||
|
@ -134,7 +132,7 @@ public class BCFIPSCertificateUtilsProvider implements CertificateUtilsProvider{
|
|||
|
||||
// Content Signer
|
||||
ContentSigner sigGen;
|
||||
switch (caPrivateKey.getAlgorithm()){
|
||||
switch (caCert.getPublicKey().getAlgorithm()){
|
||||
case "EC":
|
||||
sigGen = new JcaContentSignerBuilder("SHA256WithECDSA").setProvider(BouncyIntegration.PROVIDER)
|
||||
.build(caPrivateKey);
|
||||
|
|
Loading…
Reference in a new issue