问题
I have an applet which signes document, and sends a document, sign, and certificate to the server side. On the server side portlet receives these 3 files, all files are stored in base64 format, but when I try to get certificate it raises exception
java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
applet side code:
public static byte[] certificate;
public static String getCertificateString() {
String str = "";
byte[] result = null;
result = Base64.encode(certificate);
for (int i = 0; i < result.length; i++) {
str += (char) (result[i]);
}
return str;
}
//initialization of certificate from the store
Certificate cert = store.getCertificate(aliasKey);
certificate = cert.toString().getBytes();
after this I send certificate to the portlet, where need to verify the sign. But the certificate conversion is failed.
portlet code:
String certificate = request.getParameter("cert");
byte[] cert_array = Base64.decode(certificate.getBytes());
try {
cert = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert_array));
}catch(Exception e){
e.printStackTrace();
}
And at this point, in the try block, Exception is raised
回答1:
Ok, @test1604 you try something like this, is implements X509TrustManager class, ok here we go:
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class YouNameClass implements X509TrustManager {...
public YouNameClass() {
super();
}
}
And add this method,
private static void trustAllHttpsCertificates() throws Exception {
// Create a trust manager that does not validate certificate chains:
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new YouNameClass();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
and methods override:
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return;
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
That's it. :)
回答2:
Do NOT EVER trust all certificates. That is very dangerous. If you do that you may as well not use HTTPS and just use HTTP
来源:https://stackoverflow.com/questions/10594000/when-i-try-to-convert-a-string-with-certificate-exception-is-raised