Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

x.509 not found for certificate factory

133 views
Skip to first unread message

mark weitz

unread,
Dec 21, 2001, 2:53:36 PM12/21/01
to

I have incorporated certificate logic into my application running on WL5.1 and
have the following code (not my code, provided by someone else).

weblogic.security.X509 certChain [] =
(weblogic.security.X509 []) request.getAttribute("javax.net.ssl.peer_certificates"
);

ByteArrayOutputStream bos;
ByteArrayInputStream bis = null;

CertificateFactory certFactory = CertificateFactory.getInstance("X.509");

try {
bos = new ByteArrayOutputStream();
certChain[0].output(bos);

bis = new ByteArrayInputStream(bos.toByteArray());

myCertificate = (X509Certificate)certFactory.generateCertificate(bis);

extractCertificateSubject(myCertificate);

} catch (IOException e) {
throw new CertificateException();
}


This works fine the first time I call this code. After logging out of my application,
but within the same browser window (IE), I re-enter my URL (actually I select
if from the address dropdown and then refresh) that invokes this code and I get
a CertificateException. If the CertificateFactory.getInstance worked once, why
won't it work a second time?

Fri Dec 21 13:29:15 EST 2001:<E> <ServletContext-General> Root cause of ServletException
java.security.cert.CertificateException: X.509 not found
at java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:176)

If I open a new browser, I get the same problem.

If I stop and restart weblogic, it works.


mark weitz

unread,
Dec 28, 2001, 11:42:03 AM12/28/01
to

Additional information for the above problem.

I have created a class that is constructed using the http request and extracts
the X.509 certificate from it so that I can have access to bits of information
in the certificate.

WebLogic provides a SnoopServlet.jsp example. Within that jsp I added a call
to create my CertificateInfo class and then print the email from the certificate.
I can run this jsp multiple times by refreshing within the browser. I can open
a second browser and select a different certificate and refresh that one multiple
times.

Therefore, my class is successfully able to create a CertificateFactory instance
and extract eh X.509 certificate.

However, when I incorporate the same logic into my application, the first time
I can successfully select a certificate, perform my validation and then get to
my home page. However, I cannot performa second logon (in the same browser or
a different browser with a different certificate). Nor can I run the SnoopServlet.jsp.

The failure in all these cases is a Certificate Exception: X.509 not found.

If I can get an instance of the X.509 certificate factory multiple times with
the SnoopServlet and I fail after the first time with my application, I suspect
something in my application is trashing the ability of the CertificateFactory
to get an instance of the X.509 factory.

Anyone have suggestions on where to look?

0 new messages