Home > Archive > Java Security > April 2004 > DerInputStream.getLength(): lengthTag=127, too big. / CertificateFactory
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
DerInputStream.getLength(): lengthTag=127, too big. / CertificateFactory
|
|
| Florian Proch 2004-04-13, 1:41 pm |
| Hi all...
I need some help for certificate.
I currently develop a project for my job and we use certificate
authentification.
So I generate a PKCS10 from IE( Xenroll.createPKCS10 ).
I send it to a CA who deliver me a CertificateChain.
I can import it with Xenroll.acceptPKCS7. The certchain is good...
But i need to make some Operation in Java and try to use
certificateFactory.getCertificate() to have an X509Certificate Object
but i have this :
ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
ByteArrayInputStream bis = new ByteArrayInputStream(
certificat.getBytes() );
CertificateFactory cf;
cf = CertificateFactory.getInstance( "X.509" );
->X509Certificate x509Certif =
(X509Certificate)cf.generateCertificate( bis );
Can someone help me ??? I really need a X509Certificate Object and i
have only the certChain.
Thx for all reply.
U can mail my at florian.proch@accenture.com
Cheers
Florian Proch
| |
| Roedy Green 2004-04-13, 9:36 pm |
| On 13 Apr 2004 09:48:11 -0700, florian.proch@accenture.com (Florian
Proch) wrote or quoted :
>ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
The Americans have a strange law designed to cripple their encryption
software industry. They cannot export code that does industrial
strength encryption. Are you possibly running afoul of that? You have
only the weak version?
You have to get a JCE replacement from a non American, such as
BouncyCastle.org.
--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
| |
| Florian Proch 2004-04-14, 8:33 am |
| Roedy Green <look-at-the-website@mindprod.com> wrote in message news:<k43p70dcgkasei368rblc9gu7vb09oqvpf@4ax.com>...
> On 13 Apr 2004 09:48:11 -0700, florian.proch@accenture.com (Florian
> Proch) wrote or quoted :
>
>
> The Americans have a strange law designed to cripple their encryption
> software industry. They cannot export code that does industrial
> strength encryption. Are you possibly running afoul of that? You have
> only the weak version?
>
> You have to get a JCE replacement from a non American, such as
> BouncyCastle.org.
Thx for ur answer...
But i'm new to certificate :)
I generated the PKCS10Request via Internet Explorer ...
I Use EjbCA to create my certChain...
The certChain is PEM encoded.
Hmmm... I havn't precise that i use java J2re1.4.1.
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
I use this classes to obtain my X509Certificate.
I don't know why he try to use DERInputStream cause i never found it...
What can i do...
Have u more details ?
Cheers
| |
| sickofspam@spam.com 2004-04-14, 2:50 pm |
|
THe error
ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
means that there is some ASN.1 decoding problem. It could be that there
are some optional fields in the certificate that are not supported.
You can use an ASN1 util or Keytool and any other certificate parser and
check the certificate.
If you are convinced that the certificate is valid try sending an error
report to Sun.
Thanks
Florian Proch wrote:
>Hi all...
>
>I need some help for certificate.
>
>I currently develop a project for my job and we use certificate
>authentification.
>
>So I generate a PKCS10 from IE( Xenroll.createPKCS10 ).
>I send it to a CA who deliver me a CertificateChain.
>I can import it with Xenroll.acceptPKCS7. The certchain is good...
>
>But i need to make some Operation in Java and try to use
>certificateFactory.getCertificate() to have an X509Certificate Object
>but i have this :
>
>ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
>
>ByteArrayInputStream bis = new ByteArrayInputStream(
>certificat.getBytes() );
>CertificateFactory cf;
>cf = CertificateFactory.getInstance( "X.509" );
>->X509Certificate x509Certif =
>(X509Certificate)cf.generateCertificate( bis );
>
>
>Can someone help me ??? I really need a X509Certificate Object and i
>have only the certChain.
>
>Thx for all reply.
>U can mail my at florian.proch@accenture.com
>
>Cheers
>Florian Proch
>
>
| |
| Michael Amling 2004-04-14, 10:33 pm |
| sickofspam@spam.com wrote:
> THe error
>
> ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
>
> means that there is some ASN.1 decoding problem. It could be that there
> are some optional fields in the certificate that are not supported.
> You can use an ASN1 util or Keytool and any other certificate parser and
> check the certificate.
And be sure the certificate being supplied is indeed in DER format,
and not, for instance, PEM format.
[color=darkred]
>
> If you are convinced that the certificate is valid try sending an error
> report to Sun.
--Mike Amling
| |
| Roedy Green 2004-04-16, 8:42 am |
| On Thu, 15 Apr 2004 01:29:24 GMT, Michael Amling <nospam@nospam.com>
wrote or quoted :
> And be sure the certificate being supplied is indeed in DER format,
>and not, for instance, PEM format.
I have done by best to catalog the various certificate formats and
their common extensions. See
http://mindprod.com/jgloss/certificate.html
--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
| |
| Florian Proch 2004-04-20, 12:49 pm |
| Thx for all...
I have found my prob : The Povider :)
EjbCA use BouncyCastle Provider to encode. and i havn't it in Security
Provider when i try to get the Certificate...
I just need to add :
Provider provBC = Security.getProvider("BC");
cf = CertificateFactory.getInstance( "X.509", provBC );
|
|
|
|
|