bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

PKIXCertPathReviewer using provider with name "BC" instead of "BCFIPS"

Open kamranattari4192 opened this issue 10 months ago • 0 comments

Hi,

I am trying to use all BC Fips jars to make our product FIPS compliant. For certificate path validation, I try to use class org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer from bcpkix-fips-2.0.7.jar. Its init method is throwing IllegalStateException: unable to rebuild certpath. When I checked the source code of PKIXCertPathReviewer.java, I found it has following code: try { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

            this.certPath = cf.generateCertPath(certs);
        }
        catch (GeneralSecurityException e)
        {
            throw new IllegalStateException("unable to rebuild certpath");
        }

I am confused why it provided "BC" as provider name to CertificateFactory.getInstance method instead of "BCFIPS". How can I use this class with "BCFIPS" provider?

kamranattari4192 avatar Mar 02 '25 20:03 kamranattari4192