You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While playing around with delta certificates, I noticed that BC throws an IllegalArgumentException when building a certificate with a delta certificate extension constructed using DeltaCertificateTool.makeDeltaCertificateExtension(). This occurs when both the Issuer and Subject of the base and delta certificate are the same. The exception is not thrown, and the certificate is constructed correctly, if only one of the Issuer and Subject is the same or if they are different. The relevant Internet-Draft appears to allow the same Subject and Issuer to be present in both the delta and base certificate, meaning that neither will be present in the constructed extension.
BC version: 1.78.1.
Stack trace:
Exception in thread "main" java.lang.IllegalArgumentException: illegal object in getInstance: org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
at org.bouncycastle.asn1.ASN1BitString.getInstance(Unknown Source)
at org.bouncycastle.asn1.x509.DeltaCertificateDescriptor.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.DeltaCertificateDescriptor.trimTo(Unknown Source)
at org.bouncycastle.cert.X509v3CertificateBuilder.build(Unknown Source)
at ch.freising.pqcthesis.DeltaCertMinimalTest.main(DeltaCertMinimalTest.java:52)
The text was updated successfully, but these errors were encountered:
NoahFreising
changed the title
IllegalArgumentException when Building Certificate with Delta Certificate Extension Using makeDeltaCertificateExtension() if Subject and Issuer are the ame
IllegalArgumentException when Building Certificate with Delta Certificate Extension if Subject and Issuer are the Same
May 25, 2024
While playing around with delta certificates, I noticed that BC throws an
IllegalArgumentException
when building a certificate with a delta certificate extension constructed using DeltaCertificateTool.makeDeltaCertificateExtension(). This occurs when both the Issuer and Subject of the base and delta certificate are the same. The exception is not thrown, and the certificate is constructed correctly, if only one of the Issuer and Subject is the same or if they are different. The relevant Internet-Draft appears to allow the same Subject and Issuer to be present in both the delta and base certificate, meaning that neither will be present in the constructed extension.BC version:
1.78.1
.Stack trace:
Minimum example that throws an exception:
The text was updated successfully, but these errors were encountered: