Bug 4933 – mismatched providers in BouncyCastleCertProcessingFactory

Bug 4933 - mismatched providers in BouncyCastleCertProcessingFactory

Summary:

mismatched providers in BouncyCastleCertProcessingFactory

Status:	RESOLVED FIXED

Product:	Java WS Security
Component:	Authentication
Version:	unspecified
Platform:	All All

Importance:	P3 normal
Target Milestone:	4.2.1
Assigned To:	Rachana Ananthakrishnan

URL:	http://www.globus.org/mail_archive/jw...
Keywords:	4.0.x

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-01-03 07:46 by Tom Scavo
Modified:	2008-08-12 12:52 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Tom Scavo 2007-01-03 07:46:33

I receive this error while attempting to issue a proxy certificate from a
GlobusCredential created from a Java KeyStore:

Exception in thread "main" java.lang.ClassCastException:
sun.security.x509.X500Name
at
org.globus.gsi.bc.BouncyCastleCertProcessingFactory.createProxyCertificate(BouncyCastleCertProcessingFactory.java:602)
at
org.globus.gsi.bc.BouncyCastleCertProcessingFactory.createCredential(BouncyCastleCertProcessingFactory.java:278)
etc.

which points to this line in (Revision 1.7 of)
org.globus.gsi.bc.BouncyCastleCertProcessingFactory:

X509Name issuerDN = (X509Name)issuerCert.getSubjectDN();

Evidently, the problem stems from mismatched providers (Sun in the case of a
Java KeyStore, BC in the case of GlobusCredential).  The following patch works
for me:

X509Certificate[] certs = credential.getCertificateChain();
X509Certificate[] newCerts = new X509Certificate[certs.length];
for (int i = 0; i < certs.length; i++) {
    newCerts[i] = CertUtil.loadCertificate(
        new ByteArrayInputStream(certs[i].getEncoded()));
}

I execute this code before calling createCredential in
BouncyCastleCertProcessingFactory, which seems to fix the problem.

------- Comment #1 From Bruno Harbulot 2008-04-21 12:27:13 -------

*** Bug 6029 has been marked as a duplicate of this bug. ***

------- Comment #2 From Rachana Ananthakrishnan 2008-07-16 11:09:52 -------

Patch committed to CoG and updated CoG jar committed to wsrf trunk, 4.2 branch
and 4.0 branch.

Tom, thanks for your help with testing the patch.