weblogic.security.X509 certChain [] =
(weblogic.security.X509 []) request.getAttribute("javax.net.ssl.peer_certificates"
);
ByteArrayOutputStream bos;
ByteArrayInputStream bis = null;
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
try {
bos = new ByteArrayOutputStream();
certChain[0].output(bos);
bis = new ByteArrayInputStream(bos.toByteArray());
myCertificate = (X509Certificate)certFactory.generateCertificate(bis);
extractCertificateSubject(myCertificate);
} catch (IOException e) {
throw new CertificateException();
}
This works fine the first time I call this code. After logging out of my application,
but within the same browser window (IE), I re-enter my URL (actually I select
if from the address dropdown and then refresh) that invokes this code and I get
a CertificateException. If the CertificateFactory.getInstance worked once, why
won't it work a second time?
Fri Dec 21 13:29:15 EST 2001:<E> <ServletContext-General> Root cause of ServletException
java.security.cert.CertificateException: X.509 not found
at java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:176)
If I open a new browser, I get the same problem.
If I stop and restart weblogic, it works.
I have created a class that is constructed using the http request and extracts
the X.509 certificate from it so that I can have access to bits of information
in the certificate.
WebLogic provides a SnoopServlet.jsp example. Within that jsp I added a call
to create my CertificateInfo class and then print the email from the certificate.
I can run this jsp multiple times by refreshing within the browser. I can open
a second browser and select a different certificate and refresh that one multiple
times.
Therefore, my class is successfully able to create a CertificateFactory instance
and extract eh X.509 certificate.
However, when I incorporate the same logic into my application, the first time
I can successfully select a certificate, perform my validation and then get to
my home page. However, I cannot performa second logon (in the same browser or
a different browser with a different certificate). Nor can I run the SnoopServlet.jsp.
The failure in all these cases is a Certificate Exception: X.509 not found.
If I can get an instance of the X.509 certificate factory multiple times with
the SnoopServlet and I fail after the first time with my application, I suspect
something in my application is trashing the ability of the CertificateFactory
to get an instance of the X.509 factory.
Anyone have suggestions on where to look?