Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Parsing certificate .cer certificate issued by Symantec

Created: 23 Mar 2012 • Updated: 18 Apr 2012 | 4 comments
This issue has been solved. See solution.

I am trying to parse a .cer certificate(find it attached) issued by Symantec with the following code snippet.

FileInputStream fin = new FileInputStream(filePath);

BufferedInputStream bf = new BufferedInputStream(fin);

CertificateFactory cf = null;

cf = CertificateFactory.getInstance("X.509");

 while (bf.available() > 0) {

X509Certificate cert = (X509Certificate) cf.generateCertificate(bf);

}

Eventually I am running into a org.apache.harmony.security.asn1.ASN1Exception: ASN.1 Sequence caused by null pointer exception.

 

I have disuused the issue with many android developers.They said the reason behind this may be Symantec certificate is not cmpletely valid.As this is a trail certificate it may be something wrong with its signature or Algorithm.They are not very much sure because upon comparing the tree structure (using openSSL) of different valid certificates ,they found its tree structure very different.I would like to know the trial certificate issued by Symantec contain some invalid data like signature,Algorithm or anything else.

But also I was able to parse other certificates(.cer) issued to some authority without any issue.Any help would be gratly appreciated.

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

dfinkelstein's picture

What you have is a PKCS#7 file.  This is a standard way of distributing certificates, especially when you want to distribute not only the single end entity/user certificate but also other certificates in the issuing chain.  This file contains two certificates, an end entity certificate for 

C=IN, ST=Maharastra, L=Pune, O=Factory Ltd., OU=ITY, OU=Terms of use at www.verisign.com/cps/testca (c)05, CN=AppsFactory

as well as the certificate for the CA that issued this certificate.

Regards,

--------

David Finkelstein

Symantec R&D

john723's picture

Hey David,

I am already aware of with the information you have provided.But the issue is I am unable to parse this cerificate and many other trial certificates with the above java code snippet.

                                                       Using the same code snippet I was able to get certificate details for http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html(sample code).

So I am bothered about why I am unable to get detials for trial certificates.Are these certificates containing some invalid cerdentials like signature,algorithm etc.Some developers said trial certificates looks like original certificates but they were unable to figure out right reason why this code snippet is not working fine with trial certificates.According to them code snippet is totally fine.

Could you please verify what exactly is wrong with trail certificates.because none of them are working with above code.

Thanks in advance.

dfinkelstein's picture

You cannot parse the PKCS#7 file as if it were a certificate.  You need to extract your end entity certificate from it.  E.g., run the following:

openssl pkcs7 -print_certs -in Symantec.txt

Then copy the printed certificate information for your certificate (not the issuing CA certificate) and use that.  Or, modify your code so instead of parsing an X.509 you are parsing a PKCS7; see for example

http://www.docjar.com/docs/api/sun/security/pkcs/P...

--------

David Finkelstein

Symantec R&D

dfinkelstein's picture

I assume this issue is now resolved for you?  Or are you still having some sort of issue with either the PKCS#7 file or the certificates it contains?

 

--------

David Finkelstein

Symantec R&D

SOLUTION