Bug 4933 - mismatched providers in BouncyCastleCertProcessingFactory
: mismatched providers in BouncyCastleCertProcessingFactory
Status: RESOLVED FIXED
: Java WS Security
Authentication
: unspecified
: All All
: P3 normal
: 4.2.1
Assigned To:
: http://www.globus.org/mail_archive/jw...
: 4.0.x
:
:
  Show dependency treegraph
 
Reported: 2007-01-03 07:46 by
Modified: 2008-08-12 12:52 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-01-03 07:46:33
I receive this error while attempting to issue a proxy certificate from a
GlobusCredential created from a Java KeyStore:

Exception in thread "main" java.lang.ClassCastException:
sun.security.x509.X500Name
at
org.globus.gsi.bc.BouncyCastleCertProcessingFactory.createProxyCertificate(BouncyCastleCertProcessingFactory.java:602)
at
org.globus.gsi.bc.BouncyCastleCertProcessingFactory.createCredential(BouncyCastleCertProcessingFactory.java:278)
etc.

which points to this line in (Revision 1.7 of)
org.globus.gsi.bc.BouncyCastleCertProcessingFactory:

X509Name issuerDN = (X509Name)issuerCert.getSubjectDN();

Evidently, the problem stems from mismatched providers (Sun in the case of a
Java KeyStore, BC in the case of GlobusCredential).  The following patch works
for me:

X509Certificate[] certs = credential.getCertificateChain();
X509Certificate[] newCerts = new X509Certificate[certs.length];
for (int i = 0; i < certs.length; i++) {
    newCerts[i] = CertUtil.loadCertificate(
        new ByteArrayInputStream(certs[i].getEncoded()));
}

I execute this code before calling createCredential in
BouncyCastleCertProcessingFactory, which seems to fix the problem.
------- Comment #1 From 2008-04-21 12:27:13 -------
*** Bug 6029 has been marked as a duplicate of this bug. ***
------- Comment #2 From 2008-07-16 11:09:52 -------
Patch committed to CoG and updated CoG jar committed to wsrf trunk, 4.2 branch
and 4.0 branch.

Tom, thanks for your help with testing the patch.