about BouncyCastleProvider

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

about BouncyCastleProvider

Satoru Otsubo-3
Hi, all

 In java.security.cert.CertPathValidator, There is a difference between the providers BC and SUN about params.setPolicyQualifiersRejected.

 That is, when using a target cert having critical CertificatePolicies with policy qualifiers,
and when setting params.setPolicyQualifiersRejected(true),
in the case of SUN, there occurs a validation exception.

 But in the case of BC, namely in the code below, there occures no validation exception.

 (1) Why BC is using an algoritm that there occurs no validation exception,
      when setting params.setPolicyQualifiersRejected(true)?

 (2) Where can I find a documentation which describe "When setting params.setPolicyQualifiersRejected(true), BouncyCastleProvider uses an algoritm that there occurs no validation exception"?

---------------------------------------
 CertPathValidator cpv =
  CertPathValidator.getInstance("PKIX", new org.bouncycastle.jce.provider.BouncyCastleProvider());

 Set<TrustAnchor> trustAnchorSet = new HashSet<TrustAnchor>();
 trustAnchorSet.add(new TrustAnchor(trustedCert, null));
 PKIXParameters params = new PKIXParameters(trustAnchorSet);

 params.setPolicyQualifiersRejected(true);

 CertPathValidatorResult result = (PKIXCertPathValidatorResult)cpv.validate(certPath, params);
----------------------------------------


  Thanks in advance,

  Satoru