WolfSSL
/
wolfcrypt-jni
mirror of https://github.com/wolfSSL/wolfcrypt-jni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #66 from cconlon/certPathValidatorFIPSFix 

CertPathValidator: set PKIXParameters Signature provider if null with wolfCrypt FIPS
pull/69/head
András Fekete 2024-03-11 16:29:57 -04:00 committed by GitHub
parent 699b60d025 1140503101
commit 0497ee767c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/com/wolfssl/provider/jce/WolfCryptPKIXCertPathValidator.java
View File

@ -653,9 +653,16 @@ public class WolfCryptPKIXCertPathValidator extends CertPathValidatorSpi {
/* If we are in FIPS mode, verify wolfJCE is the Signature provider /* If we are in FIPS mode, verify wolfJCE is the Signature provider
* to help maintain FIPS compliance */ * to help maintain FIPS compliance */
if (Fips.enabled && pkixParams.getSigProvider() != "wolfJCE") { if (Fips.enabled && pkixParams.getSigProvider() != "wolfJCE") {
throw new CertPathValidatorException( if (pkixParams.getSigProvider() == null) {
"CertPathParameters Signature Provider must be wolfJCE " + /* Preferred Signature provider not set, set to wolfJCE */
"when using wolfCrypt FIPS"); pkixParams.setSigProvider("wolfJCE");
}
else {
throw new CertPathValidatorException(
"CertPathParameters Signature Provider must be wolfJCE " +
"when using wolfCrypt FIPS: " +
pkixParams.getSigProvider());
}
} }
/* Use wolfSSL CertManager to facilitate chain verification */ /* Use wolfSSL CertManager to facilitate chain verification */