[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] IAIK-JCE internal Error



Maybe you have specified a wrong value when creating the uniqueIdentifier
attribute.
The value has to be supplied as a Java object that complies with the type
expected by the setValue method of the class that represents the particular
ASN.1 type, e.g.:

 AVA ava = new AVA(ObjectID.commonName, "John Doe");

 will create an AVA for the X.500 attribute type commonName. Since, per
default, the commonName value will be
 encoded as PrintableString, the value has to be specified as
java.lang.String object.

The value of a uniqueIdentifier attribute is defined as BIT STRING, and so a
byte array has to be specified since the setValue method of the
iaik.asn1.BIT_STRING class expects a byte array:

byte[] val = ...;
AVA ava = new AVA(ObjectID.uniqueIdentifier, value);

respectively

Name name = new Name();
...
name.addRDN(ObjectID.uniqueIdentifier, value);
...


Notice that JCE2.51 alternatively allows a String value for the
uniqueIdentifier attribute, since some certificates interpret the value of
the BIT_STRING uniqueIdentifier as DER encoded PrintableString. (see the
Javadoc for more information).

You also may change the encoding type when creating a AVA by means of the
defineEncoding(ObjectID type, ASN encodingType) (see the Javadoc)

Maybe that this will solve the problem.

Dieter Bratko

----- Original Message -----
From: Michel Drescher <Michel.Drescher@pallas.com>
To: IAIK JCE mailing list <iaik-jce@iaik.tu-graz.ac.at>
Sent: Thursday, June 24, 1999 10:19 AM
Subject: [iaik-jce] IAIK-JCE internal Error


> Folks,
>
> I got a spurious exception when signing a certificate:
>
> iaik.utils.InternalErrorException
>   java.lang.Throwable()
>   java.lang.Exception()
>   java.lang.RuntimeException()
>   iaik.utils.InternalErrorException(java.lang.Exception)
>   iaik.asn1.ASN1Object iaik.asn1.structures.AVA.toASN1Object()
>   iaik.asn1.ASN1Object iaik.asn1.structures.RDN.toASN1Object()
>   iaik.asn1.ASN1Object iaik.asn1.structures.Name.toASN1Object()
>   void iaik.x509.X509Certificate.a()
>   void iaik.x509.X509Certificate.sign(iaik.asn1.structures.AlgorithmID,
>                                       iaik.java.security.PrivateKey)
>   void unicore.pki.CertifcateFactory.generateCertificate()
>   void unicore.pki.CertifcateFactory.connEtoC7(java.awt.event.ActionEvent)
>   void
unicore.pki.CertifcateFactory.actionPerformed(java.awt.event.ActionEvent)
>   [... normal event queue following ...]
>
> IAIK doc sais that if this kind of exception is thrown, an internal error
or bug
> has shown up - and was not the fault of the user (?).
>
> The error occurs with
> - IAIK-JCE2.5 Applet Edition
> - IBM Visual Age for Java Personal Edition
>
> Creating a self-signed certificate works fine, but any other certificate
type will
> fail. For Subject and Issuer, I use the RDNs [ObjectID.]commonName,
emailAddress,
> organizationalUnit, organization, location, country, uniqueIdentifier.
>
> Since the certificates should work with Netscape, the following extensions
were
> used:
> For the self signed Ca certificate:
> - BasicConstraints (cA=true, plc=3)
> - KeyUsage         (keyCertSign)
>
> For the CA certificate (for being signed with the self-signed one):
> - BasicConstraints (cA=true, plc=2)
> - KeyUsage         (keyCertSign)
> - NetscapeCertType (SSL_CA, SMIME_CA, OBJECT_SIGNING_CA)
>
> All extensions were flagged as being critical.
> In all cases RSA keypairs with a "strength" of 512 bits are used.
>
> Any help would be greatly appreciated.
> Michel Drescher
> // pallas  GmbH  ............  Michel Drescher  .........
>    Hermuelheimer Str. 10       Analyst
>    D-50321 Bruehl, Germany     drescher@pallas.com
>    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
>    http://www.pallas.de        direct +49-(0)2232-1896-30
> .........................................................
>
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>


smime.p7s