I
iksrazal
I am creating a X509Certificate class from a JKS type keystore, then
storing those in LDAP. I am now trying to read the cert out of
openldap and convert it back to X509Certificate. I am having problems
on the last step. I have tried several different ways.
This gives me the notorious 'lengthTag=127, too big' error. My search
is turning up userCertificate;binary - and when I find that I try to
convert like this:
final static String newContext = "cn=Robert,o=Magna,c=US";
final static String who = "cn=Robert";
NamingEnumeration results = ctx.search(newContext, who, constraints);
if (results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
javax.naming.directory.Attributes xanswer =
sr.getAttributes();
javax.naming.directory.Attribute attribute =
xanswer.get("userCertificate;binary");
// check if userCertificate attribute missing
if (attribute!=null)
{
// retrieve cert as binary object
Object bin = attribute.get();
// convert to byte array
byte[] buf = (byte[])bin;
// convert to X.509 class
X509Certificate cert = null;
CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
if (null == cf)
{
throw new Exception ("no provider found");
}
ByteArrayInputStream bais = new ByteArrayInputStream(buf);
while (bais.available() > 0)
{
cert = (X509Certificate) cf.generateCertificate( bais );
}
System.out.println ("It works!!!");
}
It throws right before the last println.
Alternatively I am trying via CertStore. This code cant seem to find
the subject:
final static String newContext = "cn=Robert,o=Magna,c=US";
LDAPCertStoreParameters lcsp = new
LDAPCertStoreParameters("localhost", 389);
CertStore cs = CertStore.getInstance("LDAP", lcsp);
X509CertSelector xcs = new X509CertSelector();
xcs.setSubject(newContext);
Collection certs = cs.getCertificates(xcs);
if (certs.isEmpty())
{
throw new Exception("can't find cert");
}
else
{
System.out.println("Yes!!!!!!!");
}
When searching I get the following results:
Distinguished Name is
userCertificate;binary:
[B@b66cc
objectClass:
person
organizationalPerson
inetOrgPerson
sn:
Lazarski
cn:
Robert
Please help,
iksrazal
storing those in LDAP. I am now trying to read the cert out of
openldap and convert it back to X509Certificate. I am having problems
on the last step. I have tried several different ways.
This gives me the notorious 'lengthTag=127, too big' error. My search
is turning up userCertificate;binary - and when I find that I try to
convert like this:
final static String newContext = "cn=Robert,o=Magna,c=US";
final static String who = "cn=Robert";
NamingEnumeration results = ctx.search(newContext, who, constraints);
if (results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
javax.naming.directory.Attributes xanswer =
sr.getAttributes();
javax.naming.directory.Attribute attribute =
xanswer.get("userCertificate;binary");
// check if userCertificate attribute missing
if (attribute!=null)
{
// retrieve cert as binary object
Object bin = attribute.get();
// convert to byte array
byte[] buf = (byte[])bin;
// convert to X.509 class
X509Certificate cert = null;
CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
if (null == cf)
{
throw new Exception ("no provider found");
}
ByteArrayInputStream bais = new ByteArrayInputStream(buf);
while (bais.available() > 0)
{
cert = (X509Certificate) cf.generateCertificate( bais );
}
System.out.println ("It works!!!");
}
It throws right before the last println.
Alternatively I am trying via CertStore. This code cant seem to find
the subject:
final static String newContext = "cn=Robert,o=Magna,c=US";
LDAPCertStoreParameters lcsp = new
LDAPCertStoreParameters("localhost", 389);
CertStore cs = CertStore.getInstance("LDAP", lcsp);
X509CertSelector xcs = new X509CertSelector();
xcs.setSubject(newContext);
Collection certs = cs.getCertificates(xcs);
if (certs.isEmpty())
{
throw new Exception("can't find cert");
}
else
{
System.out.println("Yes!!!!!!!");
}
When searching I get the following results:
Distinguished Name is
userCertificate;binary:
[B@b66cc
objectClass:
person
organizationalPerson
inetOrgPerson
sn:
Lazarski
cn:
Robert
Please help,
iksrazal