Bouncycastle:CertificateFactory.generateCertificate 给出“证书的序列错误大小”在一台机器上但不在另一台机器上
我正在尝试打开 p7b 文件并从中读取 CA 证书。下面是我的代码。它在一台机器上工作正常,但在另一台机器上,对 certFactory.generateCertificate 的调用会引发异常
Error Message:java.lang.IllegalArgumentException: sequence wrong size for a certificate
在两台机器上,我都有相同的 p7b 文件和相同的 bouncycastle jar。可以工作的机器是 Windows Xp,不能工作的机器是 Windows 2007 服务器机器。这是一台 64 位机器,但我只使用 32 位 jvm。
CertificateFactory certFactory = CertificateFactory.getInstance("X.509",
new BouncyCastleProvider());
java.security.cert.Certificate cert = null;
FileInputStream inStream = new FileInputStream("");
ArrayList<java.security.cert.Certificate> certificates = new ArrayList<java.security.cert.Certificate>();
CAService caService = null;
caService.getCertificateAuthority().setCaCerts(new ArrayList<String>());
while ((cert = certFactory.generateCertificate(inStream)) != null)
{
certificates.add(cert);
StringWriter swrtr = new StringWriter();
PEMWriter writer = new PEMWriter(swrtr);
writer.writeObject(cert);
writer.flush();
caService.getCertificateAuthority().getCaCerts().add(swrtr.toString());
}
我什至编写了一个独立的程序,并且我什至明确指定要使用的 java.exe 运行,但我仅在那台机器上面临相同的异常。
c:\jdk1.5.0_14\jre\bin\java.exe -classpath .;bcprov-jdk15-143.jar MSCAConfigurator
Exception in thread "main" java.security.cert.CertificateException: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:271)
at MSCAConfigurator.main(MSCAConfigurator.java:31)
Caused by: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readPEMCertificate(Unknown Source)
我有无限强度的策略 jar。
C:\jdk1.5.0_14\jre\lib\security>dir *.jar
C 驱动器中的卷没有标签。
卷序列号为 D214-CB94
C:\jdk1.5.0_14\jre\lib\security
目录 09/13/2004 04:12 PM 2,486 local_policy.jar
09/13/2004 04:12 PM 2,472 US_export_policy.jar
出了什么问题用这台机器?在我开枪自杀之前请有人帮忙。
I’m trying to open a p7b file and read the CA certificates out of it. Below is my code. It works fine in one machine but in another machine the call to certFactory.generateCertificate throws exception
Error Message:java.lang.IllegalArgumentException: sequence wrong size for a certificate
On both machines I have the same p7b file, and the same bouncycastle jars. The machine where is works is a Windows Xp and the one where it doesn’t work is a Windows 2007 server machine. It is a 64 bit machine but I’m using the 32 bit jvm only.
CertificateFactory certFactory = CertificateFactory.getInstance("X.509",
new BouncyCastleProvider());
java.security.cert.Certificate cert = null;
FileInputStream inStream = new FileInputStream("");
ArrayList<java.security.cert.Certificate> certificates = new ArrayList<java.security.cert.Certificate>();
CAService caService = null;
caService.getCertificateAuthority().setCaCerts(new ArrayList<String>());
while ((cert = certFactory.generateCertificate(inStream)) != null)
{
certificates.add(cert);
StringWriter swrtr = new StringWriter();
PEMWriter writer = new PEMWriter(swrtr);
writer.writeObject(cert);
writer.flush();
caService.getCertificateAuthority().getCaCerts().add(swrtr.toString());
}
I even wrote a standalone program and I’m running even explicitly specifying the java.exe to use but I’m facing the same exception on that machine alone.
c:\jdk1.5.0_14\jre\bin\java.exe -classpath .;bcprov-jdk15-143.jar MSCAConfigurator
Exception in thread "main" java.security.cert.CertificateException: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:271)
at MSCAConfigurator.main(MSCAConfigurator.java:31)
Caused by: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readPEMCertificate(Unknown Source)
I have the unlimited strength policy jars present.
C:\jdk1.5.0_14\jre\lib\security>dir *.jar
Volume in drive C has no label.
Volume Serial Number is D214-CB94
Directory of C:\jdk1.5.0_14\jre\lib\security
09/13/2004 04:12 PM 2,486 local_policy.jar
09/13/2004 04:12 PM 2,472 US_export_policy.jar
What’s wrong with this machine? Someone please help before I shoot myself.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
交叉发布并显然解决了这里的问题 http:// www.coderanch.com/t/528193/Security/CertificateFactory-generateCertificate-gives-sequence-wrong
Cross-posted and apparently resolved the issue here http://www.coderanch.com/t/528193/Security/CertificateFactory-generateCertificate-gives-sequence-wrong
根据 javadocs,
CertificateFactory.generateCertificates()支持 PKCS#7 格式,但CertificateFactory.generateCertificate()不支持。According to the javadocs,
CertificateFactory.generateCertificates()support the PKCS#7 format butCertificateFactory.generateCertificate()does not.