Skip to content

Fix EC key matching and ServerKeyPairValidator for non-IGTF certs#126

Open
DmitryLitvintsev wants to merge 1 commit into
eu-emi:masterfrom
DmitryLitvintsev:fix/ec-key-matching-and-validator
Open

Fix EC key matching and ServerKeyPairValidator for non-IGTF certs#126
DmitryLitvintsev wants to merge 1 commit into
eu-emi:masterfrom
DmitryLitvintsev:fix/ec-key-matching-and-validator

Conversation

@DmitryLitvintsev

Copy link
Copy Markdown

CertificateHelpers: normalize EC/ECDSA algorithm names in checkKeysMatching

  • Handle both directions of EC/ECDSA algorithm name mismatch (modern bcprov-jdk18on returns 'EC' for private keys; some cert implementations return 'ECDSA' for public keys)
  • Always run signature-based verification for EC key pairs (previously skipped when pubKey.getAlgorithm() == 'EC')
  • Use SHA256withECDSA instead of deprecated SHA1withECDSA

issue: #125

CertificateHelpers: normalize EC/ECDSA algorithm names in checkKeysMatching
- Handle both directions of EC/ECDSA algorithm name mismatch (modern
  bcprov-jdk18on returns 'EC' for private keys; some cert implementations
  return 'ECDSA' for public keys)
- Always run signature-based verification for EC key pairs (previously
  skipped when pubKey.getAlgorithm() == 'EC')
- Use SHA256withECDSA instead of deprecated SHA1withECDSA

issue: eu-emi#125
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant