-
Bug
-
Resolution: Incomplete
-
P4
-
None
-
8
-
generic
-
generic
ADDITIONAL SYSTEM INFORMATION :
RHEL 8.3
A DESCRIPTION OF THE PROBLEM :
With open jdk 1.8.0.292 we can correctly access certificates having signature SHA256withECDSA for all the curves
For the certificates that are signed by a root certificate, we see the NoSuchAlgorithm exception => we tried using SunEC, BCFIPS and BC providers
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider SunEC
at sun.security.jca.GetInstance.getService(GetInstance.java:101)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.security.Security.getImpl(Security.java:739)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:244)
at org.bouncycastle.jcajce.provider.X509SignatureUtil.setSignatureParameters(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.checkSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at com.cisco.cpm.infrastructure.certmgmt.util.CertMgmtUtils.isIssuingCert(CertMgmtUtils.java:784)
================================
Same issue for BCFIPS
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider BCFIPS
at sun.security.jca.GetInstance.getService(GetInstance.java:101)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.security.Security.getImpl(Security.java:739)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:244)
at org.bouncycastle.jcajce.provider.X509SignatureUtil.setSignatureParameters(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.checkSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at com.cisco.cpm.infrastructure.certmgmt.util.CertMgmtUtils.isIssuingCert(CertMgmtUtils.java:784)
RHEL 8.3
A DESCRIPTION OF THE PROBLEM :
With open jdk 1.8.0.292 we can correctly access certificates having signature SHA256withECDSA for all the curves
For the certificates that are signed by a root certificate, we see the NoSuchAlgorithm exception => we tried using SunEC, BCFIPS and BC providers
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider SunEC
at sun.security.jca.GetInstance.getService(GetInstance.java:101)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.security.Security.getImpl(Security.java:739)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:244)
at org.bouncycastle.jcajce.provider.X509SignatureUtil.setSignatureParameters(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.checkSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at com.cisco.cpm.infrastructure.certmgmt.util.CertMgmtUtils.isIssuingCert(CertMgmtUtils.java:784)
================================
Same issue for BCFIPS
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider BCFIPS
at sun.security.jca.GetInstance.getService(GetInstance.java:101)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.security.Security.getImpl(Security.java:739)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:244)
at org.bouncycastle.jcajce.provider.X509SignatureUtil.setSignatureParameters(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.checkSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.X509CertificateObject.verify(Unknown Source)
at com.cisco.cpm.infrastructure.certmgmt.util.CertMgmtUtils.isIssuingCert(CertMgmtUtils.java:784)
- relates to
-
-
- Closed
-