 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / April 2004DerInputStream.getLength(): lengthTag=127, too big. / CertificateFactory
Hi all... I need some help for certificate. I currently develop a project for my job and we use certificate authentification. So I generate a PKCS10 from IE( Xenroll.createPKCS10 ). I send it to a CA who deliver me a CertificateChain. I can import it with Xenroll.acceptPKCS7. The certchain is good... But i need to make some Operation in Java and try to use certificateFactory.getCertificate() to have an X509Certificate Object but i have this : ERROR --> DerInputStream.getLength(): lengthTag=127, too big. ByteArrayInputStream bis = new ByteArrayInputStream( certificat.getBytes() ); CertificateFactory cf; cf = CertificateFactory.getInstance( "X.509" ); ->X509Certificate x509Certif = (X509Certificate)cf.generateCertificate( bis ); Can someone help me ??? I really need a X509Certificate Object and i have only the certChain. Thx for all reply. U can mail my at florian.proch@accenture.com Cheers Florian Proch >ERROR --> DerInputStream.getLength(): lengthTag=127, too big. The Americans have a strange law designed to cripple their encryption software industry. They cannot export code that does industrial strength encryption. Are you possibly running afoul of that? You have only the weak version? You have to get a JCE replacement from a non American, such as BouncyCastle.org. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > >ERROR --> DerInputStream.getLength(): lengthTag=127, too big. > [quoted text clipped - 5 lines] > You have to get a JCE replacement from a non American, such as > BouncyCastle.org. Thx for ur answer... But i'm new to certificate :) I generated the PKCS10Request via Internet Explorer ... I Use EjbCA to create my certChain... The certChain is PEM encoded. Hmmm... I havn't precise that i use java J2re1.4.1. import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; I use this classes to obtain my X509Certificate. I don't know why he try to use DERInputStream cause i never found it... What can i do... Have u more details ? Cheers THe error ERROR --> DerInputStream.getLength(): lengthTag=127, too big. means that there is some ASN.1 decoding problem. It could be that there are some optional fields in the certificate that are not supported. You can use an ASN1 util or Keytool and any other certificate parser and check the certificate. If you are convinced that the certificate is valid try sending an error report to Sun. Thanks >Hi all... > [quoted text clipped - 28 lines] >Cheers >Florian Proch > THe error > [quoted text clipped - 4 lines] > You can use an ASN1 util or Keytool and any other certificate parser and > check the certificate. And be sure the certificate being supplied is indeed in DER format, and not, for instance, PEM format. > If you are convinced that the certificate is valid try sending an error > report to Sun. [quoted text clipped - 6 lines] >> ->X509Certificate x509Certif = >> (X509Certificate)cf.generateCertificate( bis ); --Mike Amling > And be sure the certificate being supplied is indeed in DER format, >and not, for instance, PEM format. I have done by best to catalog the various certificate formats and their common extensions. See http://mindprod.com/jgloss/certificate.html -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. Thx for all... I have found my prob : The Povider :) EjbCA use BouncyCastle Provider to encode. and i havn't it in Security Provider when i try to get the Certificate... I just need to add : Provider provBC = Security.getProvider("BC"); cf = CertificateFactory.getInstance( "X.509", provBC ); Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.