java.lang.IllegalArgumentException: Bad sequence size

Question

java.lang.IllegalArgumentException: Bad sequence size

3.9k views Asked by Rajesh Narravula At 20 September 2024 at 07:31

I'm new with certificate thing, I've one scenario, need to read SSL certificate, extract that and validate the email which is specified in the certificate. for that i wrote below code, but I'm getting the java.lang.IllegalArgumentException.

public GenericFormResponse execute(WebRequest wreq, String epName, String ipAddr, boolean useDefault, MultipartFile certFile)throws Exception {
.......//some code
byte[] certBytes = certFile.getBytes();
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certBytes));
NameAdapter subject = CertificateVerifier.getSubject(cert);
if(StringUtils.equalsIgnoreCase(subject.getEmailAddress(), email)){
    ep.setCertData(cert.getSignature());
}else{
    LOGGER.debug("invalid certificates found.");
    response.setSuccess(false);
    response.setGlobalErrorCode("sa_endpoint_invalid_cert");
    return response;
}
......//some code.
}

CertificateVerifier.getSubject(cert); is custom code that is working fine in another scenario. Exception stack trace:

Caused by: java.lang.IllegalArgumentException: Bad sequence size: 6
        at org.bouncycastle.asn1.x509.AlgorithmIdentifier.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.TBSCertificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.TBSCertificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.Certificate.<init>(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.asn1.x509.Certificate.getInstance(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readPEMCertificate(Unknown Source) ~[bcprov-jdk15on-1.51.jar:1.51.0]
        ... 43 common frames omitted

Please help any one, how to read .csr file. The certificate file is below format.

Thanks in advance.

Original Q&A

There are 2 answers

**wgitscht** · Answer 1 · 2014-12-12 06:37:23

X509 is missing the dot use X.509

CertificateFactory cf = CertificateFactory.getInstance("X.509")

**Saqib Rezwan** · Answer 2 · 2014-12-18 10:10:59

First of all, I am confused. You said you need to read SSL certificate. But you are reading a .csr file which contains the "Certificate Signing Request". This is not a certificate. from this request, one can read the public key, validity period, key usage and use all these to create certificate. To do that, please follow the steps.

Convert the file data (byte array) to string.
Remove the following lines using replaceAll method of String (ex. csrString.replaceAll("...."))
Line 1: -----BEGIN CERTIFICATE-----
Line 2: -----END CERTIFICATE-----
Convert the data to Hex. Java 7 has build in library

javax.xml.bind.DatatypeConverter.parseBase64Binary("...")

Use the following method to get PKCS10 format data

PKCS10CertificationRequest pkcs10CertificationRequest = new PKCS10CertificationRequest(csrData);

Now read the data from pkcs10CertificationRequest and create X509Certificate
For more information, read the RFC. https://www.rfc-editor.org/rfc/rfc2986

TechQA.

java.lang.IllegalArgumentException: Bad sequence size

There are 2 answers

Related Questions in JAVA

Related Questions in SSL

Related Questions in X509CERTIFICATE

Related Questions in CER

Popular Questions

Popular Tags

Trending Questions