Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.jce.PKCS10CertificationReq
223 views
Skip to first unread message
carlskii
Aug 18, 2012, 8:20:14 AM8/18/12
to jscep-...@googlegroups.com
Hi Dave,
I'm trying to read in a CSR from an external .PEM file using the following code:
PEMReader in2 = null;
in2 = new PEMReader(new InputStreamReader(new FileInputStream("csr.pem")));
PKCS10CertificationRequest csr2 = (PKCS10CertificationRequest) in2.readObject();
However whenever this code is called a get the following exception:
Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.jce.PKCS10CertificationRequest cannot be cast to org.bouncycastle.pkcs.PKCS10CertificationRequest
If I move the code snippet and run it in a separate project it works fine!
Also if I use this:
PEMReader in2 = null;
in2 = new PEMReader(new InputStreamReader(new FileInputStream("/Users/CarlBourne/Downloads/PEMTest/csr.pem")));
CertificationRequest csr2 = (CertificationRequest) in2.readObject();
It works fine with regards to reading in the .PEM file but it's not then compatible with JSEP which uses PKCS10CertificationRequest.
I also noticed that PKCS10CertificationRequest is deprecated in favour of CertificationRequest, so I was wondering if I should change my code to use this instead?
Regards,
Carl
carlskii
Aug 18, 2012, 8:21:39 AM8/18/12
to jscep-...@googlegroups.com
BTW - I'm using BC 1.47.
David Grant
Aug 20, 2012, 4:20:54 PM8/20/12
to jscep-...@googlegroups.com
Hi Carl,
The PEMReader returns an older version of the PKCS10CertificationRequest. You should call getEncoded() on that object, and pass the byte array into the org.bouncycastle.pkcs.PKCS10CertificationRequest constructor.
Dave
> --
>
>
>
The PEMReader returns an older version of the PKCS10CertificationRequest. You should call getEncoded() on that object, and pass the byte array into the org.bouncycastle.pkcs.PKCS10CertificationRequest constructor.
Dave
>
>
>
carlskii
Aug 21, 2012, 4:25:58 AM8/21/12
to jscep-...@googlegroups.com
Thanks very much Dave. I'll try this now!
carlskii
Aug 21, 2012, 11:05:29 AM8/21/12
to jscep-...@googlegroups.com
Dave,
Thanks - that seems to have worked and I now have a new PKCS10CertificationRequest object from the external .pem file.
I'm guessing this now needs to be signed using the clients private key and the pkcs_9_at_challengePassword attribute added before it can be sent to SCEP server for enrolment.
Can you explain how I could do this?
Regards,
Carl
David Grant
Aug 21, 2012, 11:30:46 AM8/21/12
to jscep-...@googlegroups.com
The CSR is already signed at this point, and should ideally have the
challengePassword added already. If you have the private key of the
entity requesting certification, then you could rebuild the CSR using
the same methods from the keystore example.
Dave
> --
>
>
>
challengePassword added already. If you have the private key of the
entity requesting certification, then you could rebuild the CSR using
the same methods from the keystore example.
Dave
>
>
>
Reply all
Reply to author
Forward
0 new messages