CODEWITHSUNDEEP
javacertificatedigital-signaturesaml-2.0opensaml
Gobliins
Gobliins

Reputation: 4026

java.security.cert.CertificateException: Unable to initialize

Hello i try to validate a certifacte against another and getting an error while reading the first Certificate form a file:

//Get Public Key
BasicX509Credential publicCredential = new BasicX509Credential();
File publicKeyFile = new File("keys/azurecert.cer");

if (publicKeyFile.exists()) {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    InputStream fileStream = new FileInputStream(publicKeyFile);
    X509Certificate certificate = (X509Certificate)certificateFactory.generateCertificate(fileStream);
            fileStream.close();

The azurecert.cer was generated by me and its content was copy pasted from azures (adfs) federationmetadata.xml. Is this a Problem?

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
        <X509Certificate>
            MIIC4jCC....
        </X509Certificate>
    </X509Data>
</KeyInfo>

and i put it in this format:

—–--BEGIN CERTIFICATE--—–  
MIIDBTCCAe2gAwIBAgIQPLxWKJFunNyLetteErs/DAtQPLxWKJFunNyLMMFsdioT
MSswKQYDVQQDEyJhY2NvdW50cy5hFunNyLetteErsndpbmRvd3MubmV0XHhsStcm
....
----END CERTIFICATE----

But it results in: 

java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor

at line:

certificateFactory.generateCertificate(inputStream2)

Can someone help?

Upvotes: 0

Views: 11639

Answers (1)

pedrofb
pedrofb

Reputation: 39241

Ensure you have the correct headers. Instead of —–BEGIN CERTIFICATE—– and --END CERTIFICATE-- use

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Alternatively you can read the certificate in binary format: remove BEGIN CERTIFICATE and END CERTIFICATE tags and decode the base64

Upvotes: 1

Related Questions