Re: How to generate a "CertPath"?

From: Jeff (jeff_at_gatewest.net)
Date: 01/24/04 

Date: 23 Jan 2004 18:50:07 -0800

somebody <some@body.com> wrote in message news:<pan.2004.01.23.22.39.12.75500@body.com>...
> When the generateCertPath line below is executed, I receive the
> following message:
>
> java.security.cert.CertificateException: unsupported encoding
>
> This is a CA certificate from Verisign. What encoding should
> I use?
>
> -THanks
>
>
>
> try {
>
> // open an input stream to the file
> FileInputStream fis = new FileInputStream(filename);
>
> // instantiate a CertificateFactory for X.509
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
>
> X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
>
> //CertPath cp = cf.generateCertPath(fis, cert.getEncoded().toString());
> CertPath cp = cf.generateCertPath(fis, "PKCS7");
>
>
> }
> catch (Exception e) {
> e.printStackTrace();
> }

Hello,
 
I encountered a message in one of Sun's Java forums that sounds
similar to what you are experiencing. The address of that message (and
the replies) is http://forum.java.sun.com/thread.jsp?thread=199654&forum=9&message=666032.
For your convenience, I've restated the message/replies below:
 
* * *
 
 Hi,

I am trying to generate a Certificate object using CertificateFactory,
and the message "java.security.cert.CertificateException: Unsupported
encoding" happenes . The certificate type I am using is X.509. The
encoded certificate was got from the browser (begin from "-----BEGIN
CERTIFICATE-----" and end with "-----END CERTIFICATE-----"). Here is
the segment of my code. Anyone knows what the problem is? Thanks in
advance.

/** Create an instance of the certificate factory */
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance("X.509");

/** Convert base 64 encoded certificate to a byte stream */
ByteArrayInputStream bais =
new ByteArrayInputStream(encodedCert.getBytes());

/** Generate certificate */
cf.generateCertificate(bais); // exception happend here

. . .
 
 Hi !

If it's framed like that I would guess you need to uuDecode it first,
before you can use it.

Have a look at http://java.sun.com/security/signExample/

That might help you.
 
. . .
 
 Hi,

Another possibility is that the cert is BASE64 encoded, you can base64
decode it using

String pemcert = "..."; // with the lines containing --- stripped off
byte[] certbytes = new sun.misc.BASE64Decoder().decodeBuffer(pemcert);

then create the CertificateFactory as before.

regards

Kevin
 
* * *
 
I hope this answer is helpful to you, and have a good day.
 
Jeff
www.javajeff.net