jscep client

372 views
Skip to first unread message

ramengo

unread,
Mar 1, 2011, 7:06:14 AM3/1/11
to jSCEP Support
Hi all,
I setup a local CA with OpenCa and now I'm trying to implement a
simple test client to enroll a certificate.
When I call:

client.enrol(new CertificationRequest(...));

The CA receive correctly a new request, but unfortunately the program
exits with the following exception:

java.lang.NoSuchFieldError: data
at
org.jscep.message.PkiMessageDecoder.decode(PkiMessageDecoder.java:65)
at
org.jscep.transaction.EnrolmentTransaction.send(EnrolmentTransaction.java:
103)

Any help is appreciated.
Thanks in advance.

David Grant

unread,
Mar 1, 2011, 7:23:21 AM3/1/11
to jSCEP Support
Hi,

Can you make sure you're using the latest version of Bouncy Castle?

Dave

ramengo

unread,
Mar 1, 2011, 7:43:07 AM3/1/11
to jSCEP Support
Hi, I use:

1.bcprov-jdk16-146.jar
2.bcmail-jdk16-146.jar

Thanks in advance.
Sergio.

David Grant

unread,
Mar 1, 2011, 7:55:24 AM3/1/11
to jscep-...@googlegroups.com
Hi Sergio,

Your stack trace indicates that the interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers no longer has a field called data.  However, having checked both the Javadocs and class file for the 146 release, I can confirm that the field definitely does exist.

How are you invoking your application?

Dave

ramengo

unread,
Mar 1, 2011, 8:14:43 AM3/1/11
to jSCEP Support
Hi, thank you for the quick response.
This is what I did:

Client client = new Client(url_to_server, temp_x509_cert,
temp_private_key, this, profile);
Transaction trs = client.enrol(new CertificationRequest(...));
Transaction.State state = trs.send(); //HERE I GET AN EXCEPTION

I fill the CertificationRequest object following the indication of
ClientTest class.

Regards
Sergio

On Mar 1, 1:55 pm, David Grant <da...@grant.org.uk> wrote:
> Hi Sergio,
>
> Your stack trace indicates that the
> interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers no longer has a
> field called data.  However, having checked both the Javadocs and class file
> for the 146 release, I can confirm that the field definitely does exist.
>
> How are you invoking your application?
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 8:20:27 AM3/1/11
to jscep-...@googlegroups.com
Hi Sergio,

I mean, are you invoking it through Maven, on the command line, through Eclipse, etc.

Dave

ramengo

unread,
Mar 1, 2011, 8:26:53 AM3/1/11
to jSCEP Support
Hi Dave,
I use Netbeans 6.9.

Sergio

On Mar 1, 2:20 pm, David Grant <da...@grant.org.uk> wrote:
> Hi Sergio,
>
> I mean, are you invoking it through Maven, on the command line, through
> Eclipse, etc.
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 8:29:09 AM3/1/11
to jscep-...@googlegroups.com
Can you inspect the source of your Bouncy Castle JARs to check if the data field is present?

Dave

ramengo

unread,
Mar 1, 2011, 8:40:36 AM3/1/11
to jSCEP Support
Yes, there is a data field in
org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.
Thanks, Sergio

On Mar 1, 2:29 pm, David Grant <da...@grant.org.uk> wrote:
> Can you inspect the source of your Bouncy Castle JARs to check if the data
> field is present?
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 8:45:29 AM3/1/11
to jscep-...@googlegroups.com
For some reason, when you're running your application, it isn't using the JAR you think it is.  Can you debug your application?

Dave

ramengo

unread,
Mar 1, 2011, 8:50:07 AM3/1/11
to jSCEP Support
Hi Dave,
The jar used should be correct because Netbeans when you write a
program autocompletes the path of a class only if you load it in the
project libraries.
Sergio.

On Mar 1, 2:45 pm, David Grant <da...@grant.org.uk> wrote:
> For some reason, when you're running your application, it isn't using the
> JAR you think it is.  Can you debug your application?
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 9:05:22 AM3/1/11
to jscep-...@googlegroups.com
Hi Sergio,

So what happens when you try to access the data field in your application?

Dave

ramengo

unread,
Mar 1, 2011, 9:06:52 AM3/1/11
to jSCEP Support
Maybe should be useful this warning I get when I create a Client
object:

org.jscep.content.CaCapabilitiesContentHandler getContent
WARNING: GetCACaps response has media type of text/html;
charset=utf-8, expected text/plain.
usePost false

Thanks, Sergio.

David Grant

unread,
Mar 1, 2011, 9:09:49 AM3/1/11
to jscep-...@googlegroups.com
These look like two different problems.  What do you get when you visit the URL in your browser?

Dave

ramengo

unread,
Mar 1, 2011, 9:09:59 AM3/1/11
to jSCEP Support
I don't access directly the field 'data'. The exception gets up when I
call:

Transaction.State state = trs.send();

Thanks

ramengo

unread,
Mar 1, 2011, 9:19:31 AM3/1/11
to jSCEP Support
Dave, sorry for the overlapping messages...
About the other problem when I connect to the scep web interface my
browser show the error:

General Error
Error Code: 700
This interface is only for SCEP.

But I think this is normal.
Thanks in advance

David Grant

unread,
Mar 1, 2011, 9:20:20 AM3/1/11
to jscep-...@googlegroups.com
Can you try using a command line tool, like wget or curl?

Dave

David Grant

unread,
Mar 1, 2011, 9:20:33 AM3/1/11
to jscep-...@googlegroups.com
Hi Sergio,

I understand that, but something doesn't really add up here.  You state that you are using a version of BC that contains the data field, yet it doesn't exist when jscep attempts to access it in the same application.  So can you attempt to access it in your code before you invoke any jscep code?

Dave

ramengo

unread,
Mar 1, 2011, 10:03:28 AM3/1/11
to jSCEP Support
Ok, I ran my program with calling:
System.out.println(PKCSObjectIdentifiers.data);
and it printed out:
1.2.840.113549.1.7.1
Regards
Sergio


On Mar 1, 3:20 pm, David Grant <da...@grant.org.uk> wrote:
> Hi Sergio,
>
> I understand that, but something doesn't really add up here.  You state that
> you are using a version of BC that contains the data field, yet it doesn't
> exist when jscep attempts to access it in the same application.  So can you
> attempt to access it in your code before you invoke any jscep code?
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 10:41:43 AM3/1/11
to jscep-...@googlegroups.com
I'm at a loss as to what is causing your problems.  Can you debug you application?

Dave

ramengo

unread,
Mar 1, 2011, 12:09:35 PM3/1/11
to jSCEP Support
Hi Dave,
I 'm trying to debug my program, but I don't see anything about the
error I told you.
Can you give me a step-by-step client example of how to enrolls a csr
into a PKI?
Thank you so much.

Sergio.

On Mar 1, 4:41 pm, David Grant <da...@grant.org.uk> wrote:
> I'm at a loss as to what is causing your problems.  Can you debug you
> application?
>
> Dave
>

David Grant

unread,
Mar 1, 2011, 2:28:27 PM3/1/11
to jscep-...@googlegroups.com

ramengo

unread,
Mar 2, 2011, 5:57:26 AM3/2/11
to jSCEP Support
Hi Dave,
I read the guide you sent me yesterday, but unfortunately my program
doesn't work.
Please can you take a look to my code? Thank you in advance.

Sergio

public class ScepClient implements CallbackHandler {

private java.security.PrivateKey key = null;
private java.security.cert.X509Certificate cert = null;
private URL server = null;
private Client client = null;
private String password = "secret";
private KeyPair keyPair = null;

public ScepClient() throws MalformedURLException,
GeneralSecurityException, IOException, Exception {


//Server Connection
server = new URL("http://localhost/cgi-bin/pki/scep/
pkiclient.exe");

KeyPair keyPair =
KeyPairGenerator.getInstance("RSA").generateKeyPair();
X509Certificate cert = X509Util.createEphemeralCertificate(new
X500Principal("CN=sergio"), keyPair);
//Start a new SCEP Client

String profile = "PublicCA";
client = new Client(server, cert, this.keyPair.getPrivate(),
this, profile);
Capabilities caps = client.getCaCapabilities();
String digest = caps.getStrongestMessageDigest();
System.out.println("digest " + digest);
CertificationRequest csr =
this.getCsr(cert.getIssuerX500Principal(), this.keyPair.getPublic(),
this.keyPair.getPrivate(), this.password.toCharArray());

Transaction trs = client.enrol(csr);
System.out.println(PKCSObjectIdentifiers.data);
Transaction.State state = trs.send();
switch (state) {
case CERT_ISSUED:
CertStore store = trs.getCertStore();
try {
System.out.println(store.getCertificates(null));
} catch (CertStoreException ex) {

Logger.getLogger(ScepClient.class.getName()).log(Level.SEVERE, null,
ex);
}
break;
case CERT_REQ_PENDING:

System.out.println("Stato REQ_PENDING");
break;
case CERT_NON_EXISTANT:
System.out.println("Stato NON_EXISTANT");
break;
}

}

private char[] readPassword(InputStream in) throws IOException {
return "secret".toCharArray();
}

public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {

// display the message according to the specified type
TextOutputCallback toc = (TextOutputCallback)
callbacks[i];
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.out.println(toc.getMessage());
break;
case TextOutputCallback.ERROR:
System.out.println("ERROR: " +
toc.getMessage());
break;
case TextOutputCallback.WARNING:
System.out.println("WARNING: " +
toc.getMessage());
break;
default:
throw new IOException("Unsupported message
type: "
+ toc.getMessageType());
}

} else if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
System.err.print(nc.getPrompt());
System.err.flush();
nc.setName((new BufferedReader(new
InputStreamReader(System.in))).readLine());

} else if (callbacks[i] instanceof PasswordCallback) {

// prompt the user for sensitive information
PasswordCallback pc = (PasswordCallback) callbacks[i];
System.err.print(pc.getPrompt());
System.err.flush();
pc.setPassword(readPassword(System.in));

} else if (callbacks[i] instanceof
CertificateVerificationCallback) {
// Cast the callback
CertificateVerificationCallback callback =
(CertificateVerificationCallback) callbacks[i];
// Check the certificate
callback.setVerified(true);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback " + callbacks[i].toString());
}
}
}

private CertificationRequest getCsr(X500Principal subject,
PublicKey pubKey, PrivateKey priKey, char[] password) throws
GeneralSecurityException, IOException {
AlgorithmIdentifier sha1withRsa = new
AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);

ASN1Set cpSet = new DERSet(new DERPrintableString(new
String(password)));
Attribute challengePassword = new
Attribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, cpSet);
ASN1Set attrs = new DERSet(challengePassword);

SubjectPublicKeyInfo pkInfo = new
SubjectPublicKeyInfo((ASN1Sequence)
ASN1Object.fromByteArray(pubKey.getEncoded()));

X500Name name = new X500Name(subject.toString());
CertificationRequestInfo requestInfo = new
CertificationRequestInfo(name, pkInfo, attrs);

Signature signer = Signature.getInstance("SHA1withRSA");
signer.initSign(priKey);
signer.update(requestInfo.getEncoded());
byte[] signatureBytes = signer.sign();
DERBitString signature = new DERBitString(signatureBytes);

return new CertificationRequest(requestInfo, sha1withRsa,
signature);
}
}

On Mar 1, 8:28 pm, David Grant <da...@grant.org.uk> wrote:
> Please see the guide here:
>
> http://code.google.com/p/jscep/wiki/ClientUsage
>

David Grant

unread,
Mar 2, 2011, 6:12:43 AM3/2/11
to jscep-...@googlegroups.com
Hi Sergio,

If the cause of your program not working is down to the NoSuchFieldError, then I'm afraid I really can't help you.  When you debugged your program, where did it fail?

Dave

jsm174

unread,
May 4, 2011, 11:20:36 PM5/4/11
to jscep-...@googlegroups.com

Hello. This is funny because I am having the same identical issue. Was
anyone ever able to resolve it?

I'm trying to use this as a servlet running under JBoss 5.1 and jre
1.5. I've been using much of the test ServletImpl in my own servlet.

I make it through the GetCACert and GetCACaps. In PKIOperation, it
gets to the line:

PkiMessage msg = decoder.decode(sd);

When I step into that it blows up on
PKCSObjectIdentifiers.data.toString().equals(contentType).

When I inspect data with eclipse, it shows up as an
ASN1ObjectIdentifier with and identifier="1.2.840.113549.1.7.1". Being
that eclipse can inspect it, its hard to believe the exception

java.lang.noSuchFieldError: data
  at
org.jscep.message.PkiMessageDecoder.decode(PkiMessageDecoder.java:65)

I just noticed that others are having this same issue with BouncyCastle and other projects such as iText.


Thanks,
-- Jason

David Grant

unread,
May 5, 2011, 3:30:47 AM5/5/11
to jscep-...@googlegroups.com
Hi Jason,

jscep is compiled against v1.45 of BC.  Can you check your application classpath to ensure that JBoss isn't using PKCSObjectIdentifiers from an earlier version of BC?  Sergio, can you do the same please?

Dave

jsm174

unread,
May 5, 2011, 9:52:57 AM5/5/11
to jscep-...@googlegroups.com
Hello. That was it! 

First I went into JBoss 5.1 and looked through the libs and they do not provide BouncyCastle. 

I then went to BouncyCastle's release page, which just had version 1.46. Their FTP was down, so I couldn't get 1.45 from their.

I took a guess, and copied the 1.46 jar URLs and just changed the name to 1.45 and they downloaded fine.

I redeployed my web app, and it is working great. 

In retrospect, I should have known better since Eclipse was showing everything in the ScepServlet as deprecated. X509Name, etc. Usually when you're building new stuff, you wouldn't be using so many deprecated classes.  

Awesome.

Again thank you,
-- Jason

David Grant

unread,
May 5, 2011, 10:05:17 AM5/5/11
to jscep-...@googlegroups.com
Hi Jason,

I don't understand.  How were you providing the BC JARs before?

Dave

Jason Millard

unread,
May 5, 2011, 10:11:07 AM5/5/11
to jscep-...@googlegroups.com
My app was a web app, so I put the 1.45 libs in the apps WEB-INF/lib directory.

I was thinking you were asking if the BouncyCastle JARs are included
as a standard part of JBoss's libs.

-- Jason

David Grant

unread,
May 5, 2011, 10:16:19 AM5/5/11
to jscep-...@googlegroups.com
You're right - that was my original question.  So you're saying that the data field is not present in 1.45, but is in 1.46?

Dave

Jason Millard

unread,
May 5, 2011, 10:28:58 AM5/5/11
to jscep-...@googlegroups.com
I switched everything over to 1.45 and their is no more
noSuchFieldError exceptions.

-- Jason

David Grant

unread,
May 5, 2011, 10:34:41 AM5/5/11
to jscep-...@googlegroups.com
I see.  What were you using before?

Jason Millard

unread,
May 5, 2011, 10:48:50 AM5/5/11
to jscep-...@googlegroups.com
1.46 because I just started development, and its the only release
listed on BouncyCastle's website.

-- Jason

da...@grant.org.uk

unread,
May 5, 2011, 11:46:12 AM5/5/11
to jscep-...@googlegroups.com
Would you mind creating a new issue for this problem please?
Reply all
Reply to author
Forward
0 new messages