DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43414>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43414 Summary: Cannot parse X509 cert with key size longer than 2048 (JRE 1.4) Product: Security Version: Java 1.4.1 Platform: All OS/Version: other Status: NEW Severity: blocker Priority: P1 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] There's a 'bug' on the CertificateFactory class of the Sun JCE Provider integrated in the Sun Java 1.4.2, which supports cryptography for certificates with key size no longer than 2048 bytes. In the org.apache.xml.security.keys.content.x509.XMLX509Certificate, the "getX509Certificate" method only use the CertificateFactory supplied by the Sun JCE Provider of the JRE. --------------------------- To fix this bug, developer should be specify another JCE provider (for example BouncyCastle). String provider = JCEMapper.getProviderId(); CertificateFactory certFact; if (provider == null) { certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID); } else { certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, provider); } ... -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
