Search code examples
javabouncycastlespongycastlescepjscep

JSCEP-Wrong 3rd argument type. Found: 'org.spongycastle.pkcs.PKCS10CertificationRequest', required: 'org.bouncycastle.pkcs.PKCS10CertificationRequest'


I'm implementing Jscep for android. Initially, I tried Jscep for java and it worked fine. Now in Android, I used SpongyCastle instead of BouncyCastle. Now my problem is that the enrol method of Client class is using BouncyCastle. And so when I try to pass in the arguments, the spongycastle and bouncycastle are not fitting (obviously).

The following extends spongycastle.

        PKCS10CertificationRequestBuilder crb = generateCSR(keyPair,entity);

I'm passing the above variable 'crb' as the third argument to enrol method as below.

try {
            response = client.enrol(cert, keyPair.getPrivate(), crb.build(getContentSigner(keyPair)), "MDM-ROOT-CA");
        } 

And I'm getting the following error. "Wrong 3rd argument type. Found: 'org.spongycastle.pkcs.PKCS10CertificationRequest', required: 'org.bouncycastle.pkcs.PKCS10CertificationRequest".

I tried to extend the Client, but it's declared final.

My question is "Should I switch back to BouncyCastle jars?". Or else "How can I pass this spongycastle variable?"


Solution

  • My question is "Should I switch back to BouncyCastle jars?". Or else "How can I pass this spongycastle variable?"

    Probably neither will work on on all Android platforms

    From what I have seen, Jscep works with (genuine) BouncyCastle not SpongyCastle.

    If I read this old issue correctly, the cut-down version of BouncyCastle in pre-3.0 Android is missing functionality that Jscep needs.

    • For pre-3.0 Android their doesn't appear to be a practical solution. You can't just tell Java to treat those two types as equivalent. It would break the JVM / Davlik runtime type system.

    • According to this StackOverflow Q&A, in 3.0 Android changed the Java package name on their cut-down BouncyCastle. That means that you should be able to bundle genuine BouncyCastle JARs with a 3.0+ Android app. That should be sufficient to get Jscep to work on that platform.

      This SpongyCastle issue comment says that the trick to getting Android to use the genuine BouncyCastle functionality is:

      ... call Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME) to remove the built-in BC before calling Security.addProvider(new BouncyCastleProvider()).

    • In theory, it should be possible to port Jscep to use SpongyCastle, but there are no clear indications that anyone has succeeded in doing this. (Given the previous, the need for such a port is only diminishing.)

    Also, I couldn't find a free-standing alternative to the Jscep that worked on Android. However, I did find this:

    which might be useful.