bcgit
[WIP] Fixes Issue #1508 providing more information about certificate parsing issues
This PR adds an IllegalArgumentWarningException that is a subclass of IllegalArgumentException which is used to convey more information about certificate parsing errors. In particular, the Exception includes a list of all the errors that were encountered during the parsing, and includes (if possible) the parsed certificate object.
This change is backwards compatible.
I haven't (yet) added tests or updated the documentation -- I'll do that if this approach seems worthwhile.
For RSAKeyParameter you can set:
"org.bouncycastle.rsa.allow_unsafe_mod" to true to avoid the validations
these are things that by rights would usually result in a CVE if they were accepted. If (for other reasons) it's necessary to accept such a key, you might as well be transparent about it.
If anything on the list fails though the key should be rejected outright, it's not actually safe to use (or put another way, it's probably not worth putting together a list of what's wrong with it, it's not going to help, the key is invalid and should be rejected, so defining special handling for the exception isn't going to help...).
I'm wondering looking at this if what you're really looking for is a reporting class, something like the CertPathReviewer, which can work through a certificate and explain what's wrong with it?
Yes -- I'm looking for a detailed reporting class and I didn't want to duplicate all the parsing code and thereby cause maintenance problems (as they would, inevitably) get out of sync.
Do you have a suggestion on how to achieve this goal?