rsa - Could not parse certificate: java.io.IOException: Empty input X509Certificate -

i getting error given below when parsing signature. has idea why error showing?

note that:

using same certificate signed own xml , verified working fine. mean there no issue certificate.
client provided signed document not able validate.

errors:

exception in thread "main" javax.xml.crypto.marshalexception: cannot create x509certificate @ org.jcp.xml.dsig.internal.dom.domx509data.unmarshalx509certificate(domx509data.java:225) @ org.jcp.xml.dsig.internal.dom.domx509data.<init>(domx509data.java:116) @ org.jcp.xml.dsig.internal.dom.domkeyinfo.<init>(domkeyinfo.java:116) @ org.jcp.xml.dsig.internal.dom.domxmlsignature.<init>(domxmlsignature.java:150) @ org.jcp.xml.dsig.internal.dom.domxmlsignaturefactory.unmarshal(domxmlsignaturefactory.java:173) @ org.jcp.xml.dsig.internal.dom.domxmlsignaturefactory.unmarshalxmlsignature(domxmlsignaturefactory.java:137) @ com.signing.validatesignedxml.main(validatesignedxml.java:126) caused by: java.security.cert.certificateexception: not parse certificate: java.io.ioexception: empty input @ sun.security.provider.x509factory.enginegeneratecertificate(x509factory.java:104) @ java.security.cert.certificatefactory.generatecertificate(certificatefactory.java:339) @ org.jcp.xml.dsig.internal.dom.domx509data.unmarshalx509certificate(domx509data.java:223) ... 6 more caused by: java.io.ioexception: empty input @ sun.security.provider.x509factory.enginegeneratecertificate(x509factory.java:101)

adding code here reference

package com.signing;  import java.io.fileinputstream; import java.security.keystore; import java.security.cert.x509certificate; import java.util.iterator;  import javax.xml.crypto.dsig.reference; import javax.xml.crypto.dsig.xmlsignature; import javax.xml.crypto.dsig.xmlsignaturefactory; import javax.xml.crypto.dsig.dom.domvalidatecontext; import javax.xml.parsers.documentbuilderfactory;  import org.w3c.dom.document; import org.w3c.dom.node; import org.w3c.dom.nodelist;  public class validatesignedxml {      /**      * @param args      * @throws exception       */ /**      * @param args      * @throws exception       */     public static void main(string[] args) throws exception {         // todo auto-generated method stub          // load keystore , signing key , certificate.         keystore ks = keystore.getinstance(keystore.getdefaulttype());         ks.load(new fileinputstream("c:\\program files\\java\\jre1.8.0_31\\bin\\newstore8.jks"), "changeit7".tochararray());           keystore.privatekeyentry keyentry =             (keystore.privatekeyentry) ks.getentry                 ("newkey8", new keystore.passwordprotection("changeit7".tochararray()));         x509certificate cert = (x509certificate) keyentry.getcertificate();         xmlsignaturefactory fac = xmlsignaturefactory.getinstance("dom");           //load signed document.         documentbuilderfactory dbf = documentbuilderfactory.newinstance();         dbf.setnamespaceaware(true);         document doc = dbf.newdocumentbuilder().parse             (new fileinputstream("c:\\src\\com\\signing\\signed.xml"));           // find signature element.         nodelist nl =             doc.getelementsbytagnamens(xmlsignature.xmlns, "signature");         if (nl.getlength() == 0) {             throw new exception("cannot find signature element");         }else{             /*system.out.println("---- start of print tag ----\n");             for(int k=0;k<nl.getlength();k++){                  printtags((node)nl.item(k));              }             system.out.println("---- end of print tag ----\n");*/         }          // create domvalidatecontext , specify keyselector         // , document context.         domvalidatecontext valcontext = new domvalidatecontext             (new x509keyselector(), nl.item(0));          // unmarshal xmlsignature.         xmlsignature signatures = fac.unmarshalxmlsignature(valcontext);          // validate xmlsignature.         boolean corevalidity = signatures.validate(valcontext);          system.out.println("signature validate :"+corevalidity);          // check core validation status.         if (corevalidity == false) {             string validateerror;             validateerror = "signature core validation status:false";             boolean sv = signatures.getsignaturevalue().validate(valcontext);             validateerror = validateerror + " | signature validation status:" + sv;             if (sv == false || true) {                 validateerror = validateerror + " | references: ";                 // check validation status of each reference.                 iterator g = signatures.getsignedinfo().getreferences().iterator();                 (int j = 0; g.hasnext(); j++) {                      reference r = (reference) g.next();                     boolean refvalid = r.validate(valcontext);                     validateerror = validateerror + "{ref[" + r.geturi() + "] validity status: " + refvalid + "}";                 }             }             throw new exception(validateerror);         } else {             system.out.println("signature passed core validation");         }      }  }

it's been while since post came here looking issue. in case, key certificate in base64-string.getbytes[] instead of decoded-base64-string.getbytes[].

hope helps :)

Search This Blog

JVParth

rsa - Could not parse certificate: java.io.IOException: Empty input X509Certificate -

Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

linux - disk space limitation when creating war file -

How to provide Authorization & Authentication using Asp.net, C#? -