#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2008
    Posts
    1
    Rep Power
    0

    I need to make a https connection on a certificate required page


    So, I need to do the following things and would like to ask the experts the best way to attack this problem. I have tried to connect to the page with no luck

    1. connect to a password protected,https,certificate page and screen scrape a bunch of url's


    i get this error.
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    Ok so i have tried a plethora of things and hope that by showing you these you might be able to help me out. I'm so frustrated, this should not be such a pain in the ***!

    attempt 1:

    I simply tried to take the cert.p12 file and add it to the jre/security folder. This still gave me handshake exception.

    attempt 2

    I tried to go to the commandline and add the cert.p12 to the carcert file located in the jre/security folder. sample is shown below with the exception.

    Steves-Computer:~ $ keytool -import -v -file "/Users/Desktop/steve.p12" -keystore "/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/security/cacerts" -storetype pkcs12 -storepass changeit
    keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.


    attempt 3

    I try to use a java program that is suppose to take my .p12 file and convert it to a jks file and add it. But once again a new exception:


    import java.security.KeyStore;
    import java.security.Key;
    import java.security.cert.Certificate;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    class keyStore{
    public static void main(String[] args) throws Exception {
    KeyStore kspkcs12=KeyStore.getInstance("PKCS12");
    kspkcs12.load(new FileInputStream("/Users/Desktop/steve.p12"),"12345678".toCharArray());
    KeyStore ksjks=KeyStore.getInstance("JKS");
    ksjks.load(new FileInputStream("Users/Desktop/steve.jks"),"123456789".toCharArray());
    Certificate c[]=kspkcs12.getCertificateChain("jrun");
    Key key=kspkcs12.getKey("jrun","12345678".toCharArray());

    ksjks.setKeyEntry("serverkey",key,"12345678".toCharArray(),c);
    ksjks.store(new FileOutputStream("Users/Desktop/steve.jks"),"12345678".toCharArray());


    }
    }


    error:

    Exception in thread "main" java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
    at java.security.KeyStore.load(KeyStore.java:1150)
    at keyStore.main(Keystore.java:9)
    Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    at com.sun.crypto.provider.SunJCE_ac.b(DashoA12275)
    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
    at javax.crypto.Cipher.doFinal(DashoA12275)
    at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1272)
    ... 2 more


    I'm now thinking if i can somehow convert the .p12 file to a jks then go to the commandline and add it that might work? but trying to convert it is another big pain.



    Help!
  2. #2
  3. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2004
    Location
    Brussels
    Posts
    1,001
    Rep Power
    845

    Lightbulb Is the PKCS12 file in good state?


    Judging from the errors you received, I would say either 1) Java does not support directly PKCS#12 format or 2) your PKCS12 file is invalid/corrupted.

    [And by the way, the keytool documentation don't say anything about importing PKCS#12 files into JKS keystores].

    This thread on Sun Developer forums might prove very useful to you.
    "Problem" is just a bleak word for challenge. -- Richard Fish
    Javalanche

IMN logo majestic logo threadwatch logo seochat tools logo