Skip to content

PKIXCertPathReviewer using provider with name "BC" instead of "BCFIPS" #2007

New issue
New issue
Open
Open
PKIXCertPathReviewer using provider with name "BC" instead of "BCFIPS"#2007
Labels
support requestCommunity assistance requested
@kamranattari4192

Description

@kamranattari4192
kamranattari4192
opened on Mar 2, 2025

Hi,

I am trying to use all BC Fips jars to make our product FIPS compliant. For certificate path validation, I try to use class org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer from bcpkix-fips-2.0.7.jar. Its init method is throwing IllegalStateException: unable to rebuild certpath.
When I checked the source code of PKIXCertPathReviewer.java, I found it has following code:
try
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

            this.certPath = cf.generateCertPath(certs);
        }
        catch (GeneralSecurityException e)
        {
            throw new IllegalStateException("unable to rebuild certpath");
        }

I am confused why it provided "BC" as provider name to CertificateFactory.getInstance method instead of "BCFIPS". How can I use this class with "BCFIPS" provider?

Metadata

Metadata

Assignees

No one assigned

    Labels

    support requestCommunity assistance requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions