Reading an X.509 certificate with Java

Question

I am trying to use Java to read a certificate that I received from an external party. The code is throwing the following error:

java.lang.RuntimeException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor

The code:

FileInputStream ksfis = new FileInputStream(this.getCertificateFile());
ksbufin = new BufferedInputStream(ksfis);
certificate = (X509Certificate)
  CertificateFactory.getInstance("X.509").generateCertificate(ksbufin);

To make sure the problem was not in the code, I created a self-signed certificate and used it with the code, and it worked fine. I have installed both certificates in the system key chain, and they both are valid. I am using a Mac and Java 1.6.

Any idea why I get the above exception when I load the external Party certificate? Do you think it got corrupted during transfer? If it did, it should not show up as valid on the local system, right?

Answer 1

Try to type this using openssl, and then import the result:

openssl x509 -outform der -in certificate.pem -out certificate.der

or use the Java Bouncy Castle functionality in the lightweight API:

http://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/openssl/PEMReader.html

You may encode the result again and then use the "X509" CertificateBuilder in Java to get a JCE defined certificate, e.g.

ByteArrayInputStream certStream  =  new ByteArrayInputStream(binaryCert);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certStream);