I had an insidious bug which needed much debugging… creating a small program to reprod

Full example: <div class="highlight highlight-source-java notranslate position-rel

Unexpected behavior in `getPublicKey()` when provider not loaded about bc-java HOT 2 CLOSED

bcgit commented on July 17, 2024

Unexpected behavior in `getPublicKey()` when provider not loaded

from bc-java.

Comments (2)

lapo-luchini commented on July 17, 2024 1

Full example:

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.x509.X509V3CertificateGenerator;

public class TestBCBug2 {

    public static void main(String[] args) throws Exception {
        KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
        gen.initialize(1024);
        KeyPair kp = gen.generateKeyPair();
        PublicKey pubkey = kp.getPublic();
        PrivateKey privkey = kp.getPrivate();
        X509V3CertificateGenerator g = new X509V3CertificateGenerator();
        g.setSerialNumber(BigInteger.valueOf(7));
        g.setSubjectDN(new X509Principal("CN=Subject"));
        g.setIssuerDN(new X509Principal("CN=Issuer"));
        g.setSignatureAlgorithm("SHA256withRSA");
        g.setNotAfter(new Date());
        g.setNotBefore(new Date());
        g.setPublicKey(pubkey);
        g.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true).getEncoded());
        g.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.keyCertSign).getEncoded());
        X509Certificate c = g.generate(privkey);
        System.out.println("PRE-LOAD");
        System.out.println("Certificate: " + c.getClass().getName());
        System.out.println("Public key: " + c.getPublicKey()); // this is null
        System.out.println();
        {
            X509CertParser p = new X509CertParser();
            p.engineInit(new ByteArrayInputStream(c.getEncoded()));
            c = (X509Certificate) p.engineRead();
        }
        System.out.println("DECODED by BC");
        System.out.println("Certificate: " + c.getClass().getName());
        System.out.println("Public key: " + c.getPublicKey()); // this is null
        System.out.println();
        c = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(c.getEncoded()));
        System.out.println("DECODED by Java");
        System.out.println("Certificate: " + c.getClass().getName());
        System.out.println("Public key: " + c.getPublicKey()); // this is valid data
        System.out.println();
        new BouncyCastleProvider(); // now we do it properly
        c = g.generate(privkey);
        System.out.println("POST-LOAD");
        System.out.println("Certificate: " + c.getClass().getName());
        System.out.println("Public key: " + c.getPublicKey()); // this is valid data
    }

}