随着Bouncy Castle被添加为提供者,以下代码:
private static boolean isSelfSigned(final X509Certificate cert) {
try {
final PublicKey key = cert.getPublicKey();
cert.verify(key);
return true;
} catch (final RuntimeException re) {
LOG.warn(re, "isSelfSigned: error.");
return false;
} catch (final GeneralSecurityException gse) {
LOG.warn(gse, "isSelfSigned: error.");
return false;
}
}
导致以下两个错误,具体取决于cert的实现类:
java.security.InvalidKeyException: Supplied key (org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey) is not a RSAPublicKey instance
或
java.security.InvalidKeyException: Supplied key (sun.security.ec.ECPublicKeyImpl) is not a RSAPublicKey instance
Bouncy Castle不支持验证EC签名证书吗?似乎没有任何参数我可以指示密钥不是RSA。如何使用Bouncy Castle验证EC签名证书?
答案 0 :(得分:0)
这是我的误解。检查失败,因为证书确实具有EC密钥,但父证书具有RSA密钥。