Skip to content
This repository was archived by the owner on Oct 22, 2024. It is now read-only.
This repository was archived by the owner on Oct 22, 2024. It is now read-only.

Using bouncycastle version 1.66 throws ClassCastException #8

Open
Open
Using bouncycastle version 1.66 throws ClassCastException#8
@ingesyvertsen

Description

@ingesyvertsen
ingesyvertsen
opened on Jul 17, 2020

We tried to upgrade our bouncycastle dependencies to version 1.66, but we get a ClassCastException with the following stacktrace:

no.difi.vefa.peppol.security.lang.PeppolSecurityException: Exception when reading AIA: 'org.bouncycastle.asn1.DLTaggedObject cannot be cast to org.bouncycastle.asn1.DERTaggedObject'.
	at no.difi.vefa.peppol.security.util.DifiCertificateValidator.validate(DifiCertificateValidator.java:64)
	at no.difi.vefa.peppol.lookup.LookupClient.getServiceMetadata(LookupClient.java:95)
       ...internal stack trace here....
Caused by: no.difi.certvalidator.api.FailedValidationException: Exception when reading AIA: 'org.bouncycastle.asn1.DLTaggedObject cannot be cast to org.bouncycastle.asn1.DERTaggedObject'.
	at no.difi.certvalidator.rule.OCSPRule.validate(OCSPRule.java:41)
	at no.difi.certvalidator.rule.AbstractRule.validate(AbstractRule.java:24)
	at no.difi.certvalidator.rule.HandleErrorRule.validate(HandleErrorRule.java:44)
	at no.difi.certvalidator.rule.AbstractRule.validate(AbstractRule.java:17)
	at no.difi.certvalidator.structure.AndJunction.validate(AndJunction.java:29)
	at no.difi.certvalidator.structure.AbstractJunction.validate(AbstractJunction.java:36)
	at no.difi.certvalidator.util.CachedValidatorRule.load(CachedValidatorRule.java:43)
	at no.difi.certvalidator.util.CachedValidatorRule.load(CachedValidatorRule.java:13)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
	at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
	at no.difi.certvalidator.util.CachedValidatorRule.validate(CachedValidatorRule.java:30)
	at no.difi.certvalidator.util.CachedValidatorRule.validate(CachedValidatorRule.java:35)
	at no.difi.certvalidator.structure.AndJunction.validate(AndJunction.java:29)
	at no.difi.certvalidator.structure.AndJunction.validate(AndJunction.java:29)
	at no.difi.certvalidator.structure.AbstractJunction.validate(AbstractJunction.java:36)
	at no.difi.certvalidator.util.CachedValidatorRule.load(CachedValidatorRule.java:43)
	at no.difi.certvalidator.util.CachedValidatorRule.load(CachedValidatorRule.java:13)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
	at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
	at no.difi.certvalidator.util.CachedValidatorRule.validate(CachedValidatorRule.java:30)
	at no.difi.certvalidator.util.CachedValidatorRule.validate(CachedValidatorRule.java:35)
	at no.difi.certvalidator.ValidatorGroup.validate(ValidatorGroup.java:79)
	at no.difi.certvalidator.ValidatorGroup.validate(ValidatorGroup.java:70)
	at no.difi.vefa.peppol.security.util.DifiCertificateValidator.validate(DifiCertificateValidator.java:62)
	... 48 more
Caused by: net.klakegg.pkix.ocsp.OcspException: Exception when reading AIA: 'org.bouncycastle.asn1.DLTaggedObject cannot be cast to org.bouncycastle.asn1.DERTaggedObject'.
	at net.klakegg.pkix.ocsp.AbstractOcspClient.detectOcspUri(AbstractOcspClient.java:99)
	at net.klakegg.pkix.ocsp.OcspClient.verify(OcspClient.java:51)
	at net.klakegg.pkix.ocsp.OcspClient.verify(OcspClient.java:44)
	at no.difi.certvalidator.rule.OCSPRule.validate(OCSPRule.java:34)
	... 83 more
Caused by: java.lang.ClassCastException: org.bouncycastle.asn1.DLTaggedObject cannot be cast to org.bouncycastle.asn1.DERTaggedObject
	at net.klakegg.pkix.ocsp.AbstractOcspClient.detectOcspUri(AbstractOcspClient.java:91)
	... 86 more

It seems similar to this issue for digipost's certificate validator digipost/certificate-validator#15

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions