bcgit
DigestSignatureSpi.engineInitSign is not AnnotatedPrivateKey-aware
Shouldn't engineInitSign be aware of AnnotatedPrivateKey and use its getKey() method if needed ?
Caused by: java.security.InvalidKeyException: Supplied key (org.bouncycastle.jcajce.util.AnnotatedPrivateKey) is not a RSAPrivateKey instance at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source) at java.base/java.security.Signature$Delegate.tryOperation(Signature.java:1327) at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1276) at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1373) at java.base/java.security.Signature.initSign(Signature.java:635)
It seems no provider code accounts for a possible AnnotatedPrivateKey; rather it seems something intended to be confined to CMS-related code. Can you share more about the call site?
Hmm, I thouht as per the classes's JavaDoc that this is a wrapper around any PrivateKey I can use for my annotations and thereafter no longer have to worry about it.
What do you mean with "call site" ? I did want to use the annotated Key in the context of a java.security.Signature hopefully, it is intended also for that
I've added this for DigestSignatureSpi, we'll see how it goes. If it does turn out to be useful I'll propagate it a bit further. In 1.83.
