Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reading an X.509 certificate with Java

I am trying to use Java to read a certificate that I received from an external party. The code is throwing the following error:

java.lang.RuntimeException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor

The code:

FileInputStream ksfis = new FileInputStream(this.getCertificateFile());
ksbufin = new BufferedInputStream(ksfis);
certificate = (X509Certificate)
  CertificateFactory.getInstance("X.509").generateCertificate(ksbufin);

To make sure the problem was not in the code, I created a self-signed certificate and used it with the code, and it worked fine. I have installed both certificates in the system key chain, and they both are valid. I am using a Mac and Java 1.6.

Any idea why I get the above exception when I load the external Party certificate? Do you think it got corrupted during transfer? If it did, it should not show up as valid on the local system, right?

like image 545
Java Avatar asked Jul 23 '12 22:07

Java


1 Answers

Try to type this using openssl, and then import the result:

openssl x509 -outform der -in certificate.pem -out certificate.der

or use the Java Bouncy Castle functionality in the lightweight API:

http://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/openssl/PEMReader.html

You may encode the result again and then use the "X509" CertificateBuilder in Java to get a JCE defined certificate, e.g.

ByteArrayInputStream certStream  =  new ByteArrayInputStream(binaryCert);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certStream);
like image 90
Maarten Bodewes Avatar answered Nov 14 '22 14:11

Maarten Bodewes