Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Other Java > BOOK: Beginning Cryptography with Java
Reload this Page Error on chapter 6 Creating a certificate example
|
BOOK: Beginning Cryptography with Java
This is the forum to discuss the Wrox book Beginning Cryptography with Java by David Hook; ISBN: 9780764596339
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Cryptography with Java section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 6th, 2013, 11:57 PM
Registered User
  
Join Date: Nov 2012
Posts: 8
Thanks: 2
Thanked 0 Times in 0 Posts
Default Error on chapter 6 Creating a certificate example
Hello.

I modified a chapter 6 code, Try it Out: Creating a Certificate from a Certification request example.

It shows following error
"Error 2: java.lang.IllegalStateException: not all mandatory fields set in V3 TBScertificate generator "


on the line that contains "certGen.setSubjectDN(request.getCertificationRequ estInfo().getSubject());" shows "The method setSubjectDN(X500Principal) in the type X509V3CertificateGenerator is not applicable for the arguments (X500Name)" error on my eclipse (JDK 1.6.0_12)

A weird things is that it works properly on another machine with same JDK version.

what would be a problem?

public static X509Certificate[] buildChain() throws Exception
{
//20130430
ByteArrayInputStream userPKCS10req_new = new ByteArrayInputStream(userPKCS10req.getBytes("UTF-8"));
ByteArrayInputStream rootCert_new = new ByteArrayInputStream(rootCert.getBytes("UTF-8"));
ByteArrayInputStream rootPrivate_new = new ByteArrayInputStream(rootPrivate.getBytes("UTF-8"));



PEMReader pRd = new PEMReader(
new InputStreamReader(userPKCS10req_new));

PKCS10CertificationRequest request = (PKCS10CertificationRequest)pRd.readObject();

PEMReader rootCertificate = new PEMReader(
new InputStreamReader(rootCert_new));

X509Certificate rootCert = (X509Certificate)rootCertificate.readObject();

PEMReader rootPrivatekey = new PEMReader(
new InputStreamReader(rootPrivate_new));

KeyPair rootPrivate = (KeyPair)rootPrivatekey.readObject();



//create a root certificate
//KeyPair rootPair=chapter6.Utils.generateRSAKeyPair();
//X509Certificate rootCert = X509V1CreateExample.generateV1Certificate(rootPair );

System.out.println(rootCert);

//validate the certification request
if(!request.verify("BC"))
{
System.out.println("request failed to verify!");
System.exit(1);
}

//create the certificate using the information in the request
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

certGen.setSerialNumber(BigInteger.valueOf(System. currentTimeMillis()));
certGen.setIssuerDN(rootCert.getSubjectX500Princip al());
certGen.setNotBefore(new Date(System.currentTimeMillis()));
certGen.setNotAfter(new Date(System.currentTimeMillis()+ (7 * 24 * 60 * 60 * 1000))); // 1 week
//20130429
certGen.setSubjectDN(request.getCertificationReque stInfo().getSubject());

//certGen.setSubjectDN(request.getCertificationReque stInfo().getSubject());
certGen.setPublicKey(request.getPublicKey("BC"));
certGen.setSignatureAlgorithm("SHA256WithRSAEncryp tion");

certGen.addExtension(X509Extensions.AuthorityKeyId entifier, false, new AuthorityKeyIdentifierStructure(rootCert));
certGen.addExtension(X509Extensions.SubjectKeyIden tifier, false, new SubjectKeyIdentifierStructure(request.getPublicKey ("BC")));
certGen.addExtension(X509Extensions.BasicConstrain ts, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certGen.addExtension(X509Extensions.ExtendedKeyUsa ge, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));

//extract the extension request attribute
ASN1Set attributes = request.getCertificationRequestInfo().getAttribute s();

for(int i=0;i!=attributes.size();i++)
{
Attribute attr = Attribute.getInstance(attributes.getObjectAt(i));

//process extension request
if(attr.getAttrType().equals(PKCSObjectIdentifiers .pkcs_9_at_extensionRequest))
{
X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().ge tObjectAt(0));

Enumeration<?> e = extensions.oids();
while(e.hasMoreElements())
{
DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
X509Extension ext = extensions.getExtension(oid);

certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
}
}
}
X509Certificate issuedCert = certGen.generateX509Certificate(rootPrivate.getPri vate());
return new X509Certificate[]{issuedCert, rootCert};
}

public static void pemEncodeToFile(String filename, Object obj, char[] password) throws Exception{
PEMWriter pw = new PEMWriter(new FileWriter("C://Users//Lara//workspace_ee//TestCA_server//WebContent//" + filename));
if (password != null && password.length > 0) {
pw.writeObject(obj, "DESEDE", password, new SecureRandom());
} else {
pw.writeObject(obj);
}
pw.flush();
pw.close();
}
 
Old May 7th, 2013, 12:17 AM
dgh dgh is offline
Wrox Author
  
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default
It will probably be because you are using different versions of BC on the two machines. In the latest release the code you are writing will not work as the getSubject() method will return an X500Name not and X509Name. The X509V3CertificateGenerator class is now deprecated.

I'd recommend using the new builder classes for making certificates, they are similar enough and there is some additional documentation available off the BC resources page.

Regards,

David
The Following User Says Thank You to dgh For This Useful Post:
konqueror (May 7th, 2013)
 
Old May 7th, 2013, 12:07 PM
Registered User
  
Join Date: Nov 2012
Posts: 8
Thanks: 2
Thanked 0 Times in 0 Posts
Default
Thanks. Wrox.

Is there any way to use "certGen.setSubjectDN(request.getCertificationRequ e stInfo().getSubject());", I need to use the above code since now I working on some procject regarding the X.509 protocol. The code is related to another software including android app(spongy castle library), thus, I want to use the 'X509V3CertificateGenerator class'.

Otherwise, I have to modify huge part of another codes.
 
Old May 7th, 2013, 09:18 PM
dgh dgh is offline
Wrox Author
  
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default
X509Name.getInstance(request.getCertificationReque stInfo().getSubject().toASN1Primitive())

I would strongly recommend moving away from the deprecated classes though, they will be removed eventually and in some cases actually do the wrong thing.

Regards,

David





Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 4 - Error Creating StoreManager jkennedy BOOK: Professional ASP.NET MVC 4 7 June 23rd, 2014 05:29 AM
Certificate Problem lerdpoo Book: Professional Flash Mobile Development: Creating Android and iPhone Applications 1 December 8th, 2011 10:47 AM
unable to find the manifest signing certificate in the certificate store kgmmurugesh Visual Studio 2008 0 November 16th, 2011 07:31 AM
Chapter 4. Creating User Interfaces example code error henrylu BOOK: Professional Android 2 Application Development 0 March 14th, 2011 09:57 AM
Error when using client certificate over SSL subraman00 .NET Web Services 0 October 2nd, 2003 01:50 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.