Relates :
|
When a customer application which connects to ActiveDirectory in TLS connection faces with a problem related to X509 certificates. PROBLEM : The customer plans to adopt OCSP in Windows Server 2008. They found some errors when they tried to import OCSP certificates to CertStore of JKS in keytool command. Also, they found some exception when they tried to view the certificates in java.security.cert.CertificateFactory.generateCertificate(). CONFIGURATION: OS : Windows Server 2008/Windows Vista Business(Japanese) JDK : jdk6u21/u22 REPRODUCE : 1. Keytool error (1) invoke the comand line (ocspcert_der.cer is attached to this CR file) C:\Users\licensees\ocsp-cert-exception> keytool -import -file ocspcert_der.cer Input Keystore password : Input new password again : Keytool Error : java.lang.Exception: Not X509 certificates C:\Users\licensees\ocsp-cert-exception> keytool -printcert -file ocspcert_der.cer keytool error : java.lang.Exception: fails to parse input NOTE: The above messages are just translated into English. So, those might not be different from the actual message in Windows (English). 2. Exception in java.security.cert.CertificateFactory.generateCertificate() (1) Compile the attached CertView.java and invoke the command line C:\Users\licensees\ocsp-cert-exception>java CertView ocspcert_der.cer java.security.cert.CertificateParsingException: java.io.IOException: short read on DerValue buffer at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:154) at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1729) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305) at CertView.<init>(CertView.java:23) at CertView.main(CertView.java:13) Caused by: java.io.IOException: short read on DerValue buffer at sun.security.util.DerValue.getOctetString(DerValue.java:459) at sun.security.x509.Extension.<init>(Extension.java:73) at sun.security.x509.CertificateExtensions.init(CertificateExtensions.ja va:69) at sun.security.x509.CertificateExtensions.<init>(CertificateExtensions. java:60) at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:723) at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:152) ... 6 more NOTE: This problems don't occur in jdk7b99.