Quantcast

Bouncy Castle JCE : Error validating certificate trustanchor

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bouncy Castle JCE : Error validating certificate trustanchor

dani-18
I get next error when I try to validate a certificate trust anchor:

java.lang.RuntimeException: unable to instantiate X500Principal
    at java.security.cert.X509Certificate.getIssuerX500Principal(X509Certificate.java:229)
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.findTrustAnchor(PKIXCertPathValidatorSpi.java:1881)
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:644)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:353)
    at com.steria.cet.smime.cert.FDIGmailCertUtil.validateCert(FDIGmailCertUtil.java:203)
    at com.steria.cet.smime.validation.FDIGmailVerifier.validaMail(FDIGmailVerifier.java:158)
    at com.steria.cet.WebMail.smime.WMsignedMail.validaMail(WMsignedMail.java:110)
    at _templates._cet__wrk__msg__view.printPart(_cet__wrk__msg__view.java:3263)
    at _templates._cet__wrk__msg__view.printPart(_cet__wrk__msg__view.java:3221)
    at _templates._cet__wrk__msg__view._jspService(_cet__wrk__msg__view.java:6807)
    at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
    at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317)
    at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465)
    at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:721)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:797)
    at java.lang.Thread.run(Thread.java:536)
Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=ACE Class 1 Consumer Individual Subscriber CA,OU=Terms of use at https://www.ace.es/rpa (c)01,OU=VeriSign Trust Network,O=Agencia de Certificacion Electronica, S.A.
    at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:94)
    at java.security.cert.X509Certificate.getIssuerX500Principal(X509Certificate.java:227)
    ... 21 more
Caused by: java.io.IOException: Incorrect AVA format
    at sun.security.x509.AVA.<init>(AVA.java:122)
    at sun.security.x509.AVA.<init>(AVA.java:100)
    at sun.security.x509.RDN.<init>(X500Name.java:1353)
    at sun.security.x509.X500Name.parseDN(X500Name.java:800)
    at sun.security.x509.X500Name.<init>(X500Name.java:128)
    at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:92)
    ... 22 more

Any idea?
thanks,

dani.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Bouncy Castle JCE : Error validating certificate trustanchor

MACKO Roman
Hi,
 
If you have created X500Principal object from string
 
CN=ACE Class 1 Consumer Individual Subscriber CA,OU=Terms of use at https://www.ace.es/rpa (c)01,OU=VeriSign Trust Network,O=Agencia de Certificacion Electronica, S.A.
 
you have to escape comma at the end of this string just before S.A. substring
 
CN=ACE Class 1 Consumer Individual Subscriber CA,OU=Terms of use at https://www.ace.es/rpa (c)01,OU=VeriSign Trust Network,O=Agencia de Certificacion Electronica\\, S.A.
 
comma is separator between distinguish names
 
roman


From: Dani [mailto:[hidden email]]
Sent: Tuesday, May 31, 2005 6:56 PM
To: [hidden email]; [hidden email]
Subject: [dev-crypto] Bouncy Castle JCE : Error validating certificate trustanchor

I get next error when I try to validate a certificate trust anchor:

java.lang.RuntimeException: unable to instantiate X500Principal
    at java.security.cert.X509Certificate.getIssuerX500Principal(X509Certificate.java:229)
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.findTrustAnchor(PKIXCertPathValidatorSpi.java:1881)
    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:644)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:353)
    at com.steria.cet.smime.cert.FDIGmailCertUtil.validateCert(FDIGmailCertUtil.java:203)
    at com.steria.cet.smime.validation.FDIGmailVerifier.validaMail(FDIGmailVerifier.java:158)
    at com.steria.cet.WebMail.smime.WMsignedMail.validaMail(WMsignedMail.java:110)
    at _templates._cet__wrk__msg__view.printPart(_cet__wrk__msg__view.java:3263)
    at _templates._cet__wrk__msg__view.printPart(_cet__wrk__msg__view.java:3221)
    at _templates._cet__wrk__msg__view._jspService(_cet__wrk__msg__view.java:6807)
    at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
    at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317)
    at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465)
    at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:721)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:259)
    at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:106)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:797)
    at java.lang.Thread.run(Thread.java:536)
Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=ACE Class 1 Consumer Individual Subscriber CA,OU=Terms of use at https://www.ace.es/rpa (c)01,OU=VeriSign Trust Network,O=Agencia de Certificacion Electronica, S.A.
    at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:94)
    at java.security.cert.X509Certificate.getIssuerX500Principal(X509Certificate.java:227)
    ... 21 more
Caused by: java.io.IOException: Incorrect AVA format
    at sun.security.x509.AVA.<init>(AVA.java:122)
    at sun.security.x509.AVA.<init>(AVA.java:100)
    at sun.security.x509.RDN.<init>(X500Name.java:1353)
    at sun.security.x509.X500Name.parseDN(X500Name.java:800)
    at sun.security.x509.X500Name.<init>(X500Name.java:128)
    at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:92)
    ... 22 more

Any idea?
thanks,

dani.

Loading...