Parsing certificate .cer certificate issued by Symantec
I am trying to parse a .cer certificate(find it attached) issued by Symantec with the following code snippet.
FileInputStream fin = new FileInputStream(filePath);
BufferedInputStream bf = new BufferedInputStream(fin);
CertificateFactory cf = null;
cf = CertificateFactory.getInstance("X.509");
while (bf.available() > 0) {
X509Certificate cert = (X509Certificate) cf.generateCertificate(bf);
}
Eventually I am running into a org.apache.harmony.security.asn1.ASN1Exception: ASN.1 Sequence caused by null pointer exception.
I have disuused the issue with many android developers.They said the reason behind this may be Symantec certificate is not cmpletely valid.As this is a trail certificate it may be something wrong with its signature or Algorithm.They are not very much sure because upon comparing the tree structure (using openSSL) of different valid certificates ,they found its tree structure very different.I would like to know the trial certificate issued by Symantec contain some invalid data like signature,Algorithm or anything else.
But also I was able to parse other certificates(.cer) issued to some authority without any issue.Any help would be gratly appreciated.
Comments 4 Comments • Jump to latest comment
What you have is a PKCS#7 file. This is a standard way of distributing certificates, especially when you want to distribute not only the single end entity/user certificate but also other certificates in the issuing chain. This file contains two certificates, an end entity certificate for
C=IN, ST=Maharastra, L=Pune, O=Factory Ltd., OU=ITY, OU=Terms of use at www.verisign.com/cps/testca (c)05, CN=AppsFactory
as well as the certificate for the CA that issued this certificate.
Regards,
--------
David Finkelstein
Symantec R&D
Hey David,
I am already aware of with the information you have provided.But the issue is I am unable to parse this cerificate and many other trial certificates with the above java code snippet.
Using the same code snippet I was able to get certificate details for http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html(sample code).
So I am bothered about why I am unable to get detials for trial certificates.Are these certificates containing some invalid cerdentials like signature,algorithm etc.Some developers said trial certificates looks like original certificates but they were unable to figure out right reason why this code snippet is not working fine with trial certificates.According to them code snippet is totally fine.
Could you please verify what exactly is wrong with trail certificates.because none of them are working with above code.
Thanks in advance.
You cannot parse the PKCS#7 file as if it were a certificate. You need to extract your end entity certificate from it. E.g., run the following:
openssl pkcs7 -print_certs -in Symantec.txt
Then copy the printed certificate information for your certificate (not the issuing CA certificate) and use that. Or, modify your code so instead of parsing an X.509 you are parsing a PKCS7; see for example
http://www.docjar.com/docs/api/sun/security/pkcs/P...
--------
David Finkelstein
Symantec R&D
I assume this issue is now resolved for you? Or are you still having some sort of issue with either the PKCS#7 file or the certificates it contains?
--------
David Finkelstein
Symantec R&D
Would you like to reply?
Login or Register to post your comment.