When I try to convert a string with certificate, Exception is raised

Asked 15/5, 2012 at 4:3 Answered 1/10, 2015 at 17:18

Solved java security applet certificate x509certificate

I have an applet which signes document, and sends a document, sign, and certificate to the server side. On the server side portlet receives these 3 files, all files are stored in base64 format, but when I try to get certificate it raises exception

java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)

applet side code:

public static byte[] certificate;

public static String getCertificateString() {
        String str = "";
        byte[] result = null;
        result = Base64.encode(certificate);
        for (int i = 0; i < result.length; i++) {
            str += (char) (result[i]);
        }
        return str;
    }

    //initialization of certificate from the store
    Certificate cert = store.getCertificate(aliasKey);
    certificate = cert.toString().getBytes();

after this I send certificate to the portlet, where need to verify the sign. But the certificate conversion is failed.

portlet code:

String certificate = request.getParameter("cert");
byte[] cert_array = Base64.decode(certificate.getBytes());
try {
    cert = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert_array));
}catch(Exception e){
    e.printStackTrace();
}

And at this point, in the try block, Exception is raised

Citronella answered 15/5, 2012 at 4:3 Comment(5)

Did you check that request.getParameter("cert") returns the right data? – Georginageorgine 15/5, 2012 at 4:57

Yes, I check it, and it returns – Citronella 15/5, 2012 at 5:0

Well, what exactly does it return? – Georginageorgine 15/5, 2012 at 5:5

If you run the code in a standalone program it works? If yes, then I guess in some cases request.getParameter("cert") doesn't actually return the right data. – Georginageorgine 15/5, 2012 at 5:11

I create the standalone program, and there is the same Exception is raised – Citronella 15/5, 2012 at 5:24

Ok, @test1604 you try something like this, is implements X509TrustManager class, ok here we go:

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class YouNameClass implements X509TrustManager {... 
   public YouNameClass() {
      super();
   }
}

And add this method,

private static void trustAllHttpsCertificates() throws Exception {
//  Create a trust manager that does not validate certificate chains:
    javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
    javax.net.ssl.TrustManager tm = new YouNameClass();
    trustAllCerts[0] = tm; 
    javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, null);
    javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}

and methods override:

    @Override
     public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
       return;
}

    @Override
    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
       return;
}

    @Override
    public X509Certificate[] getAcceptedIssuers() {
       return null;
}

That's it. :)

Cambria answered 15/5, 2012 at 5:14 Comment(1)

Thanks a lot, but I does not need in ssl connection, my task is to verify the signed document using certificate – Citronella 15/5, 2012 at 5:27

Do NOT EVER trust all certificates. That is very dangerous. If you do that you may as well not use HTTPS and just use HTTP

Ebbarta answered 1/10, 2015 at 17:18 Comment(4)

A nice way to think about public key certificates is akin to a passport system. Certificates are used to establish information about the holder of that information in a way that is very difficult to forge. This is why certificate verification is so important: accepting any certificate means that an attacker’s certificate will be blindly accepted. Just like running a passport checkpoint where you deliberately accept fake passports. Rather pointless. – Ebbarta 1/10, 2015 at 19:31

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. – Aryl 2/10, 2015 at 2:22

Even if it does not provide an answer it is important to know that the "accepted answer" is wrong and INDEED it is DANGEROUS. Others who blindly copy that code should know this. – Ebbarta 18/11, 2015 at 23:27

If you have a comment regarding someone else's question or answer, then you post a comment. If you have an actual answer, then post an answer -- it's a fairly straightforward concept. If you don't have enough rep to comment, mark the question thread as a favorite, and then participate in SO with useful answers and questions until you have enough rep. Then you can find the thread in your favorites and comment. – Aryl 19/11, 2015 at 3:53