f



DerInputStream.getLength(): lengthTag=127, too big. / CertificateFactory

Hi all...

I need some help for certificate.

I currently develop a project for my job and we use certificate
authentification.

So I generate a PKCS10 from IE( Xenroll.createPKCS10 ).
I send it to a CA who deliver me a CertificateChain.
I can import it with Xenroll.acceptPKCS7. The certchain is good...

But i need to make some Operation in Java and try to use
certificateFactory.getCertificate() to have an X509Certificate Object
but i have this :

ERROR --> DerInputStream.getLength(): lengthTag=127, too big. 

ByteArrayInputStream bis = new ByteArrayInputStream(
certificat.getBytes() );
CertificateFactory   cf;
cf = CertificateFactory.getInstance( "X.509" );
->X509Certificate x509Certif =
(X509Certificate)cf.generateCertificate( bis );


Can someone help me ??? I really need a X509Certificate Object and i
have only the certChain.

Thx for all reply.
U can mail my at florian.proch@accenture.com

Cheers
Florian Proch
0
florian
4/13/2004 4:48:11 PM
comp.lang.java.security 1502 articles. 0 followers. Post Follow

6 Replies
7074 Views

Similar Articles

[PageSpeed] 42

On 13 Apr 2004 09:48:11 -0700, florian.proch@accenture.com (Florian
Proch) wrote or quoted :

>ERROR --> DerInputStream.getLength(): lengthTag=127, too big. 

The Americans have a strange law designed to cripple their encryption
software industry.  They cannot export code that does industrial
strength encryption.  Are you possibly running afoul of that? You have
only the weak version?

You have to get a JCE replacement from a non American, such as
BouncyCastle.org.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming. 
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
0
Roedy
4/14/2004 1:00:02 AM
Roedy Green <look-at-the-website@mindprod.com> wrote in message news:<k43p70dcgkasei368rblc9gu7vb09oqvpf@4ax.com>...
> On 13 Apr 2004 09:48:11 -0700, florian.proch@accenture.com (Florian
> Proch) wrote or quoted :
> 
> >ERROR --> DerInputStream.getLength(): lengthTag=127, too big. 
> 
> The Americans have a strange law designed to cripple their encryption
> software industry.  They cannot export code that does industrial
> strength encryption.  Are you possibly running afoul of that? You have
> only the weak version?
> 
> You have to get a JCE replacement from a non American, such as
> BouncyCastle.org.

Thx for ur answer...
But i'm new to certificate :)
I generated the PKCS10Request via Internet Explorer ...
I Use EjbCA to create my certChain...
The certChain is PEM encoded.

Hmmm... I havn't precise that i use java J2re1.4.1.

import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

I use this classes to obtain my X509Certificate.

I don't know why he try to use DERInputStream cause i never found it...
What can i do... 

Have u more details ? 
Cheers
0
florian
4/14/2004 11:17:05 AM
THe error

ERROR --> DerInputStream.getLength(): lengthTag=127, too big.

means that there is some ASN.1 decoding problem. It could be that there 
are some optional fields in the certificate that  are not supported.
You can use an ASN1 util or Keytool and any other certificate parser and 
check the certificate.

If you are convinced that the certificate is valid try sending an error 
report to Sun.

Thanks
       

Florian Proch wrote:

>Hi all...
>
>I need some help for certificate.
>
>I currently develop a project for my job and we use certificate
>authentification.
>
>So I generate a PKCS10 from IE( Xenroll.createPKCS10 ).
>I send it to a CA who deliver me a CertificateChain.
>I can import it with Xenroll.acceptPKCS7. The certchain is good...
>
>But i need to make some Operation in Java and try to use
>certificateFactory.getCertificate() to have an X509Certificate Object
>but i have this :
>
>ERROR --> DerInputStream.getLength(): lengthTag=127, too big. 
>
>ByteArrayInputStream bis = new ByteArrayInputStream(
>certificat.getBytes() );
>CertificateFactory   cf;
>cf = CertificateFactory.getInstance( "X.509" );
>->X509Certificate x509Certif =
>(X509Certificate)cf.generateCertificate( bis );
>
>
>Can someone help me ??? I really need a X509Certificate Object and i
>have only the certChain.
>
>Thx for all reply.
>U can mail my at florian.proch@accenture.com
>
>Cheers
>Florian Proch
>  
>

0
sickofspam
4/14/2004 5:57:57 PM
sickofspam@spam.com wrote:
> THe error
> 
> ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
> 
> means that there is some ASN.1 decoding problem. It could be that there 
> are some optional fields in the certificate that  are not supported.
> You can use an ASN1 util or Keytool and any other certificate parser and 
> check the certificate.

   And be sure the certificate being supplied is indeed in DER format, 
and not, for instance, PEM format.

> 
> If you are convinced that the certificate is valid try sending an error 
> report to Sun.
>>
>> ERROR --> DerInputStream.getLength(): lengthTag=127, too big.
>> ByteArrayInputStream bis = new ByteArrayInputStream(
>> certificat.getBytes() );
>> CertificateFactory   cf;
>> cf = CertificateFactory.getInstance( "X.509" );
>> ->X509Certificate x509Certif =
>> (X509Certificate)cf.generateCertificate( bis );

--Mike Amling

0
Michael
4/15/2004 1:29:24 AM
On Thu, 15 Apr 2004 01:29:24 GMT, Michael Amling <nospam@nospam.com>
wrote or quoted :

>   And be sure the certificate being supplied is indeed in DER format, 
>and not, for instance, PEM format.

I have done by best to catalog the various certificate formats and
their common extensions.  See
http://mindprod.com/jgloss/certificate.html

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming. 
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
0
Roedy
4/16/2004 5:14:32 AM
Thx for all... 
I have found my prob : The Povider :)

EjbCA use BouncyCastle Provider to encode. and i havn't it in Security
Provider when i try to get the Certificate...
I just need to add :

Provider provBC = Security.getProvider("BC");
cf = CertificateFactory.getInstance( "X.509", provBC );
1
florian
4/20/2004 4:08:58 PM
Reply: