bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard

Published 20 hours ago verified publisher icon bcgit

org.bouncycastle.asn1.x509.Time doesn't function on Java11/Java15 JVM using Arabic locale

Open mkross-palantir opened this issue 4 years ago • 5 comments

Test program:

package scratch;

import java.util.Locale;
import org.junit.jupiter.api.Test;

public class BouncyCastleTest {
    @Test
    public void testArabicDate() {
        Locale previous = Locale.getDefault();
        try {
            Locale.setDefault(new Locale("ar"));
            new org.bouncycastle.asn1.x509.Time(new java.util.Date(100000L));
        } finally {
            Locale.setDefault(previous);
        }
    }
}

When run on a Java 8 JVM, this test passes. When run from a Java 11 JVM, this test fails due to:

java.lang.IllegalArgumentException: invalid date string: Unparseable date: "g``a`a```ad`GMT+00:00"
	at org.bouncycastle.asn1.ASN1UTCTime.<init>(Unknown Source)
	at org.bouncycastle.asn1.DERUTCTime.<init>(Unknown Source)
	at org.bouncycastle.asn1.x509.Time.<init>(Unknown Source)
	at scratch.BouncyCastleTest.testArabicDate(BouncyCastleTest.java:15)

Constructor for org.bouncycastle.asn1.x509.Time may be the problem due to bouncing the input Date to a String (which is manipulated a bit before passing on to ASN1UTCTime).

This bug appears to make it impossible to invoke org.bouncycastle.x509.X509V3CertificateGenerator#setNotBefore or org.bouncycastle.x509.X509V3CertificateGenerator#setNotAfter from an Arabic-locale Java-11 or Java-15 JVM, as both of those functions only offer to take in a java.util.Date which they immediately pass off to the problematic Time constructor.

mkross-palantir avatar Feb 11 '21 00:02 mkross-palantir

Try X509v3CertificateBuilder - the class you are using is deprecated and scheduled for deletion. The other class is in the bcpkix jar.

dghgit avatar Feb 17 '21 05:02 dghgit

Try X509v3CertificateBuilder - the class you are using is deprecated and scheduled for deletion. The other class is in the bcpkix jar.

As far as I understood the original post where a bug in org.bouncycastle.asn1.x509.Time. X509V3CertificateGenerator is just one class that uses this constructor and stops working. The Time-constructor passes the date as formatted string to the ASN1UTCTime constructor without using any specific Locale to format and therefor use Arabic formatting. BTW: ASN1UTCTime's own constructor with a Date-parameter essentially does the same but specifically uses Locale.ENGLISH instead of relying on the system's default.

kimmerin avatar Apr 20 '21 15:04 kimmerin

There's actually a constructor that takes Locale already - the X509v3CertificateBuilder will actually do the right thing. You're correct in as much we should see if there's anywhere else, non-deprecated, where this is being done though. Will leave open.

dghgit avatar Apr 21 '21 01:04 dghgit

There's actually a constructor that takes Locale already

I know and when using it I assume everything works.

You're correct in as much we should see if there's anywhere else, non-deprecated, where this is being done though. Will leave open.

It's a publicly available class and a public constructor so even if there is no usage in BC-classes, this issue should be addressed IMHO.

kimmerin avatar Apr 21 '21 09:04 kimmerin

The current plan to address the issue is to delete the class in the org.bouncycastle.x509 package. There's a few things the classes in there don't quite get right.

dghgit avatar Apr 22 '21 00:04 dghgit