[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Using CertificateFactory to read certificates in multiple formats



I had a similar problem in importing a PKCS#7 response file from CAs. I did it in the following way, without CertificateFactory:

iaik.x509.X509Certificate[] certs =
    Util.arrangeCertificateChain(
        new PKCS7CertList(
            new ASN1InputStream(
                new FileInputStream(
                    new File(response)))).getCertificateList(), false);


ASN1InputStream automagically distinguishes between binary DER encoding and Base64/DER encoding and in the latter case skips -----BEGIN... and -----END... lines if they are present.

I hope this helps

Raffaello Giulietti




----- Original Message ----- 
From: "Joe Sanfilippo" <joe.sanfilippo@commerceone.com>
To: <iaik-jce@iaik.at>
Sent: Thursday, 20. April 2000 20:41
Subject: [iaik-jce] Using CertificateFactory to read certificates in multiple formats


> 
> I'm looking for a way to use the CertificateFactory to read in certificates
> from a file in multiple formats. (DER, base64 encoded, PKCS7). How can I use
> the IAIK toolkit to automatically figure out what type of format the
> certificates are in and read them in from file? I am writing a tool similiar
> to the JDK "keytool" command that allows you to do this.
> 
> 
> Suns implementation of the CertificateFactory allows you to do the following
> regardless of the actual input file format and it magically figures out the
> file format and does the right thing.
> 
> FileInputStream fis = new FileInputStream(certFile);
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> Collection c = cf.generateCertificates(fis);
> Certificate[] certs = (Certificate[])c.toArray(); 
> 
> In the IAIK implementation, however, this doesn't work. The above code works
> fine if the input file is in PKCS7 format, but I get a certificate parsing
> exception in any other format.
> 
> So as an alternative I've also tried to use the IAIK CertificateFactory to
> read the certs from the file one at a time as follows.
> 
>  FileInputStream fis = new FileInputStream(filename);
>  DataInputStream dis = new DataInputStream(fis);
> 
>  CertificateFactory cf = CertificateFactory.getInstance("X.509");
> 
>  byte[] bytes = new byte[dis.available()];
>  dis.readFully(bytes);
>  ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
> 
>  while (bais.available() > 0) {
>     Certificate cert = cf.generateCertificate(bais);
>     System.out.println(cert.toString());
>  }
> 
> This works for DER encoded files, but not PKCS7. So what is the best way to
> use the toolkit to read in certificates in multiple file formats?
> 
> Thanks,
> Joe Sanfilippo
> 
> --
> Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
> 
> To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce
> 

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce