This week's book giveaway is in the JavaScript forum.
We're giving away four copies of JavaScript Promises Essentials and have Rami Sarieddine on-line!
See this thread for details.
The moose likes Sockets and Internet Protocols and the fly likes Assigning a manually read certificate to the trustStore Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Assigning a manually read certificate to the trustStore" Watch "Assigning a manually read certificate to the trustStore" New topic
Author

Assigning a manually read certificate to the trustStore

Rogelio Sevilla
Greenhorn

Joined: Sep 20, 2011
Posts: 1
Good day to everyone :-D,

This is my first post, I hope my question isn't too basic .

I have been assigned an old project here on my job and I have stumbled with a problem that I have not been able to solve :-S. Currently, the project code needs to read a keystore file to be able to visit an ssl site. To achieve this, it assigns the keystore file path to the javax.net.ssl.trustStore system property doing something like this:

System.setProperty("javax.net.ssl.trustStore","config/myjksfile");

The problem is that, when doing this, I get an exception similar to this one:

java.io.IOException: DerInputStream.getLength(): lengthTag=06, too big.


During the execution of this line:

HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();



After some googling, I found that the problem was, most likely, an error within the keystore file. However, one of my partners ran the exact same project code, with the exact same jks file without any problem :-s . I debugged the application and found out that, on my PC, the jks content was not being read completely as in my partner's pc... weird (on my pc, the code doesn't read the last 6 characters). I tried to find any difference between my partner's machine and mine without success.

Anyway, i created a function where I read the same content from a certificate file, not from a keystore. I'm doing something like this:



public X509Certificate getCertificate() {
try {

InputStream inStream = new FileInputStream("config/myCertificate.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");

X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
inStream.close();
return cert;
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}


When I use the next two lines:


X509Certificate cer = cl.getCertificate();
String sig = new String(cer.getSignature());


I get the complete signature of the certificate, which doesn't happen when using the original code on the old project in my machine. As you can see, on my method, I read a .cer file, not a .jks file. My question is:

Is there any way i can use the certificate i'm getting with this function to be able to visit the ssl site instead of using the original code? (the one using the javax.net.ssl.trustStore property)?


Any advice would be appreciated.

Thanks a lot in advance :-D
Tushar Kapila
Ranch Hand

Joined: Dec 23, 2007
Posts: 35

maybe you can use http client instead of URL to make connections and read server pages/ objects http://hc.apache.org/httpclient-3.x/sslguide.html


http://thehungersite.com | http://www.worldcommunitygrid.org/
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Assigning a manually read certificate to the trustStore