Comments (2)
Full example:
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class TestBCBug2 {
public static void main(String[] args) throws Exception {
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(1024);
KeyPair kp = gen.generateKeyPair();
PublicKey pubkey = kp.getPublic();
PrivateKey privkey = kp.getPrivate();
X509V3CertificateGenerator g = new X509V3CertificateGenerator();
g.setSerialNumber(BigInteger.valueOf(7));
g.setSubjectDN(new X509Principal("CN=Subject"));
g.setIssuerDN(new X509Principal("CN=Issuer"));
g.setSignatureAlgorithm("SHA256withRSA");
g.setNotAfter(new Date());
g.setNotBefore(new Date());
g.setPublicKey(pubkey);
g.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true).getEncoded());
g.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.keyCertSign).getEncoded());
X509Certificate c = g.generate(privkey);
System.out.println("PRE-LOAD");
System.out.println("Certificate: " + c.getClass().getName());
System.out.println("Public key: " + c.getPublicKey()); // this is null
System.out.println();
{
X509CertParser p = new X509CertParser();
p.engineInit(new ByteArrayInputStream(c.getEncoded()));
c = (X509Certificate) p.engineRead();
}
System.out.println("DECODED by BC");
System.out.println("Certificate: " + c.getClass().getName());
System.out.println("Public key: " + c.getPublicKey()); // this is null
System.out.println();
c = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(c.getEncoded()));
System.out.println("DECODED by Java");
System.out.println("Certificate: " + c.getClass().getName());
System.out.println("Public key: " + c.getPublicKey()); // this is valid data
System.out.println();
new BouncyCastleProvider(); // now we do it properly
c = g.generate(privkey);
System.out.println("POST-LOAD");
System.out.println("Certificate: " + c.getClass().getName());
System.out.println("Public key: " + c.getPublicKey()); // this is valid data
}
}
from bc-java.
I think I've fixed this, but my advice is not to use the X509V3CertificateGenerator as the class will disappear.
from bc-java.
Related Issues (20)
- bcpg in release 1.78 now requires bcutil dependency HOT 5
- Which one should the OID of the Dilithium algorithm be used? HOT 1
- Upgrading to 1.78 results in class not found errors when running in OSGI containers HOT 19
- IllegalArgumentException: Unknown object id - DNQ - passed to distinguished name HOT 9
- JcaContentSignerBuilder.java TOCTOU issue? HOT 4
- Provide artifacts without JDK naming scheme HOT 4
- java.lang.OutOfMemoryError: Java heap space with 1.78 HOT 3
- Missing 1.78 tag or branch? HOT 1
- Null Pointer Exception for deserialized object of class ProvSecretKeySpec from the old BC-FIPS version 1.0.1 with the newer version 1.0.2.4 HOT 7
- `cryptlib` package is missing from `bcprov-jdk18on-1.78` causing the `PGPUtil.init()` to fail. HOT 4
- bcprov-ext-jdk18on-1.78 missing OSGi manifest HOT 5
- Failing while building all modules of bc-java including bcutil-jdk15to18:1.69 (using gradle build command) HOT 1
- KeyPair encryption and decryption generated garbage characters at the beginning HOT 1
- Failing while building bc-java version r1rv69 using gradle build HOT 2
- resolution for high severity CVE-2024-29857 and bc-fips HOT 8
- version 1.78.1:java.lang.ClassNotFoundException: org.bouncycastle.asn1.oiw.OIWObjectIdentifiers HOT 7
- ASN1ObjectIdentifier.createPrimitive fails to instantiate a CMSSignedData starting from 1.78 HOT 6
- regression in PemReader in 1.78 throws `IOException: -----END CERTIFICATE----- not found` HOT 1
- Provide example how to use the windows keystore "Windows-MY" with minimum non-BC classes HOT 2
- issues with Import-Package, versioning scheme and missing class in 1.78.1 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bc-java.