Re: read certificate

Jan Luehe (Jan.Luehe@eng.sun.com)
Tue, 16 Mar 1999 09:03:27 -0800 (PST)

Message-Id: <199903161703.JAA04603@laguna.eng.sun.com>
Date: Tue, 16 Mar 1999 09:03:27 -0800 (PST)
From: Jan Luehe <Jan.Luehe@eng.sun.com>
Subject: Re: read certificate
To: java-security@java.sun.com, HZhang@sempra.com

Hua:

> InputStream inStream = new
> FileInputStream("c:\\jdk12Test\\security\\testCert1.p12");
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
> inStream.close();
>
> I got the following stack trace:
>
> java.security.cert.CertificateParsingException: signed overrun, bytes = 53
> at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1022)
> at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:150)
> at
> sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto
> ry.java:93)
> at
> java.security.cert.CertificateFactory.generateCertificate(Certificate
> Factory.java:290)
> at security.TestCert.main(TestCert.java:14)
>
> The certificate file is exported from Netscape Web Browser. The certificate
> is issued by VeriSign as Personal X509 Certificate. If this particular
> certificate format is not supported by JAVA, which type of certificate from
> what CAs are supported ?

The certificate exported from your Netscape browser is
encoded as a PKCS#12 block, which is not supported
by the default certificate factory implementation provided
with JDK 1.2.

The certificate factory implementation provided by the
"Sun" provider (the default provider that comes standard
with JDK 1.2) only supports certificates enoded in the
X.509 or PKCS#7 standards, which are supported by the
VeriSign and Thawte Root CAs.

> Also, when installing a certificate into Netscape
> Browser, the Browser will create a private key for the Certificate, how do
> I retrieve this private key in JAVA ?

I am not familiar how the private key is stored in Netscape.
I assume it is also stored using PKCS#12. In that case, you
would have to write your own parser for PKCS#12.

Jan