Skip to content

Signing CSR for EC key fails with Unknown signature type requested: SHA256WITHNULL #294

New issue
New issue
Closed
Closed
Signing CSR for EC key fails with Unknown signature type requested: SHA256WITHNULL#294
@raemer

Description

@raemer
raemer
opened on Mar 11, 2024

Hi,

I am trying to use jruby-openssl file a CSR (via GEANT's ACME service) for an EC key.
Signing the CSR fails with "Unknown signature type requested: SHA256WITHNULL". From other recent issues, I suspect that this is also due to some missing code for handling of EC keys.
We'd like to use this in order to generate certificates from within puppetserver (which uses jruby).

Can anyone estimate if this will be fixed in the near future (so that we know if it is worth implementing a workaround outside of jruby) or does anyone know a workaround (within jruby)? Based on the code in #289, passing the right digest might work? If so, could someone point me to the right way to find the digest to a given EC?

Best regards,
Jan-Martin

Code to provoke the error and stacktrace:

irb(main):037:0> @private_key = OpenSSL::PKey::EC.generate('secp384r1')
=> #
irb(main):038:0> @digest=OpenSSL::Digest::SHA256.new
=> #
irb(main):039:1* c=OpenSSL::X509::Request.new.tap do |csr|
irb(main):040:1>   csr.public_key = @private_key
irb(main):041:1>   csr.subject = OpenSSL::X509::Name.new([['CN', 'puppet.cert-test.zit-rlp.de', OpenSSL::ASN1::UTF8STRING]])
irb(main):042:1>   csr.version = 2
irb(main):043:1>   csr.sign @private_key, @digest
irb(main):044:0> end
OpenSSL::X509::Request#version= has no effect on certification request
org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source): Unknown signature type requested: SHA256WITHNULL (Java::JavaLang::IllegalArgumentException)
        from org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source)
        from org.jruby.ext.openssl.impl.PKCS10Request.sign(PKCS10Request.java:140)
        from org.jruby.ext.openssl.X509Request.sign(X509Request.java:320)
        from org.jruby.ext.openssl.X509Request$INVOKER$i$2$0$sign.call(X509Request$INVOKER$i$2$0$sign.gen)
        from org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:476)
        from org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:293)
        from org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:328)
        from org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:66)
        from org.jruby.ir.interpreter.Interpreter.INTERPRET_BLOCK(Interpreter.java:116)
        from org.jruby.runtime.MixedModeIRBlockBody.commonYieldPath(MixedModeIRBlockBody.java:136)
        from org.jruby.runtime.IRBlockBody.doYield(IRBlockBody.java:170)
        from org.jruby.runtime.BlockBody.yield(BlockBody.java:108)
        from org.jruby.runtime.Block.yield(Block.java:189)
        from org.jruby.RubyKernel.tap(RubyKernel.java:2034)
        from org.jruby.RubyKernel$INVOKER$s$0$0$tap.call(RubyKernel$INVOKER$s$0$0$tap.gen)
        from org.jruby.internal.runtime.methods.JavaMethod$JavaMethodZeroBlock.call(JavaMethod.java:561)
        ... 197 levels...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions