This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes CertificateFactory.generateCertificate gives Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "CertificateFactory.generateCertificate gives "sequence wrong size for a certificate" on one machine " Watch "CertificateFactory.generateCertificate gives "sequence wrong size for a certificate" on one machine " New topic
Author

CertificateFactory.generateCertificate gives "sequence wrong size for a certificate" on one machine

A Bhattacharya
Ranch Hand

Joined: Oct 22, 2007
Posts: 125
Hello

I’m trying to open a p7b file and read the CA certificates out of it. Below is my code. It works fine in one machine but in another machine the call to certFactory.generateCertificate throws exception

Error Message:java.lang.IllegalArgumentException: sequence wrong size for a certificate



On both machines I have the same p7b file, and the same bouncycastle jars. The machine where is works is a Windows Xp and the one where it doesn’t work is a Windows 2007 server machine. It is a 64 bit machine but I’m using the 32 bit jvm only.





Someone please help before I shoot myself.



Thanks

Bhattacharya.
A Bhattacharya
Ranch Hand

Joined: Oct 22, 2007
Posts: 125
I tried to upload the screenshot from Eclipse debugging session for the CertificateFactory object and the X509CertificateObject read from the p7b file, but it is not getting uploaded, so here is what it had. The values looked similar in both the working and non-working setups.

For the certFactory object:

certFactory= CertificateFactory (id=82)

+ certFacSpi=JDKX509CertificateFactory (id=86)

+ provider= BouncyCastleProvider (id=89)

+ type= “X.509” (id=94)

java.security.cert.CertificateFactory@1e27046



And for the X509CertificateObject

Cert= X509CertificateObject (id=104)

+ attrCarrier= PKCS12BagAttributeCarrierImpl (id=110)

+ basicConstraints= BasicConstraints (id=112)

+ c= X509CertificateStructure (id=115)

hashValue= 0

hashValueSet= false

issuerX500Principal= null

+ keyUsage= (id=138)

subjectX500Principal= null

+ type=”X.509” (id=94)



[+] Version: 3

SerialNumber: 1165509368

IssuerDN: O=Identrus LLC,OU=Identrus Root Certificate

Start Date: …..

Final Date: ……..

SubjectDN: …………

Public Key: RSA Public Key

Modulus: ………….

Public exponent: 10001



Signature Algorithm: SHA1WithRSAEncryption

Signature: ……………………..

A Bhattacharya
Ranch Hand

Joined: Oct 22, 2007
Posts: 125
I even wrote a standalone program and I’m running even explicitly specifying the java.exe to use but I’m facing the same exception on that machine alone.

c:\jdk1.5.0_14\jre\bin\java.exe -classpath .;bcprov-jdk15-143.jar MSCAConfigurator

Exception in thread "main" java.security.cert.CertificateException: java.lang.IllegalArgumentException: sequence wrong size for a certificate

at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)

at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:271)

at MSCAConfigurator.main(MSCAConfigurator.java:31)

Caused by: java.lang.IllegalArgumentException: sequence wrong size for a certificate

at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)

at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)

at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readPEMCertificate(Unknown Source)



I have the unlimited strength policy jars present.



C:\jdk1.5.0_14\jre\lib\security>dir *.jar

Volume in drive C has no label.

Volume Serial Number is D214-CB94



Directory of C:\jdk1.5.0_14\jre\lib\security



09/13/2004 04:12 PM 2,486 local_policy.jar

09/13/2004 04:12 PM 2,472 US_export_policy.jar



What’s wrong with this machine? If it helps, it is a 64 bit machine but the java I’m using is 32 bit.

A Bhattacharya
Ranch Hand

Joined: Oct 22, 2007
Posts: 125
Goddammit, the p7b file was actually found to be different on both the machines, I had missed it before by oversight.
However the p7b file on the problematic machine is openable by doubleclicking it and I'm able to view the certificate in it. I'm pasting the file contents below, as this website doesn't allow file with any extension at all to be uploaded. Can anyone tell me why it can't be read using the Java Apis, before I shoot myself?

-----BEGIN CERTIFICATE-----
MIIE5gYJKoZIhvcNAQcCoIIE1zCCBNMCAQExADALBgkqhkiG9w0BBwGgggS7MIIE
tzCCA5+gAwIBAgIQcKib9zN6/oxP+/AVKmDplDANBgkqhkiG9w0BAQUFADBnMRMw
EQYKCZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFYXJjb3QxGDAWBgoJ
kiaJk/IsZAEZFghibmdhbG9yZTESMBAGCgmSJomT8ixkARkWAmNhMQswCQYDVQQD
EwJDQTAeFw0xMDA2MTkwMjA2MzNaFw0yMDA2MTkwMjE0MzhaMGcxEzARBgoJkiaJ
k/IsZAEZFgNjb20xFTATBgoJkiaJk/IsZAEZFgVhcmNvdDEYMBYGCgmSJomT8ixk
ARkWCGJuZ2Fsb3JlMRIwEAYKCZImiZPyLGQBGRYCY2ExCzAJBgNVBAMTAkNBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTkotLHs68q5YoUHBQv0D/ZA
bw1wtYBkNwdLDraurswR5LX8iPulMO2x6zjM3CXxIvxSzPIFhdxcZG2OfP4cUbsY
3i/drrslsarMQM+CtVApDAAqSdkxV8RZTtlEvYAR4qkOB3EtfvWnFo1JreffGn+I
W2+O9bVkkQbn2NWxTi40XifHqNqMt7jIz2QZslrz4eM6EZGvrt/xCCrc258OpKkf
s5e/gyARCHtgNnyTpP+E4oV1ExyuKsuMRkNxB+x/l5g0woEFflfcBJEBklMcR8Rm
SHqavV1VpBrNN0YI3sVB+xxpzDDPOwUKqmoWUqjH08GBcuIC5grWmNztaCZGPwID
AQABo4IBXTCCAVkwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFOTK+zX56qT90RqQ7hFhfIxLOK4mMIIBBgYDVR0fBIH+MIH7MIH4oIH1oIHy
hoG4bGRhcDovLy9DTj1DQSxDTj13MmszY2EsQ049Q0RQLENOPVB1YmxpYyUyMEtl
eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2Es
REM9Ym5nYWxvcmUsREM9YXJjb3QsREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlv
bkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY1aHR0
cDovL3cyazNjYS5jYS5ibmdhbG9yZS5hcmNvdC5jb20vQ2VydEVucm9sbC9DQS5j
cmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADPNjL73hrrd
Q/0Vuaj1IdHm7+9LifSSDujd39A75WzGGDeczEuSypXymN2OncfJwJ4kIldcynKm
4liuU+plRknOOrq7Y+IHuTZbtM+5m2pdxSX7/ztLlcrRl6w6dK4haLnQ9ErJox/l
QjapZsv8VIwONS8YMgPJUutJD5I2nGLEzDbBN9DjsAa5zoa5jIme8YqIT+iYg9dF
33et55xXIzz3qpIgflKx4HBPO3H/HE7NgIFAyh2Kin/iopLrg0JTi63VeQvEwFpZ
PZ10iD1vrmQPbPRP7tAx56IYyIg0MjgshQTCLTC3mxyHN+L2ZLzgjEHDLJef22E+
Z6pC0C1zoLMxAA==
-----END CERTIFICATE-----
A Bhattacharya
Ranch Hand

Joined: Oct 22, 2007
Posts: 125
I knew nobody will help.
The goddammed api I used will only work with DER format it seems, not PEM.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Looks like you cross-posted everywhere, but didn't update your post on stackoverflow.com. So I wasted my time answering it based on outdated information.


Nice to meet you.
 
 
subject: CertificateFactory.generateCertificate gives "sequence wrong size for a certificate" on one machine
 
Similar Threads
sequence wrong size for a certificate
how do i programmatically create a keystore and import my certificate into it?
as of release 5, 'enum' is a keyword...
iText: password protect a signed pdf file
using bouncy castle jce provider??