bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value.

Open onepeople158 opened this issue 9 months ago • 0 comments

The RFC standard for X.509 CRLs restricts the thisUpdate field to only two formats, namely UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 representation, which are 13 and 15 characters wide, respectively. However,Bouncy Castle 1.80 accepts the thisUpdate field type as GeneralizedTime with a length of 13 ("240123000000Z") in the CRL.

Code:

import java.io.InputStream;
import java.io.FileInputStream;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.cert.X509CRLHolder;

public class CRLParserExample_thisUpdate{
    public static void main(String[] args) throws Exception {
        
        InputStream inputStream = new FileInputStream("crl_file_13gn.der");

        X509CRLHolder crlHolder = new X509CRLHolder(inputStream);
        
        System.out.println(crlHolder.getThisUpdate());
    } 
}

Test Case:

crl_file_13gn.zip

onepeople158 avatar Mar 27 '25 02:03 onepeople158