Re: [android-developers] Android fails converting p12 file's certificates to x509; converts properly using java

On Thu, Oct 18, 2012 at 3:03 AM, Ab <abe.oppenheim@gmail.com> wrote:
.
>
> Is due to java.security implementation on Android, or is my code incorrect?
>
> java.security.cert.CertificateException:
> org.apache.harmony.security.asn1.ASN1Exception: ASN.1 boolean: wrong content
> at [4]. DER allows only 0x00 or 0xFF values
>

Your code is mostly OK and works on Android 4.1.

> https://www.dropbox.com/s/al1415o4kdycmqs/test.p12
>

I hope you are not going to use this anymore...


>
> private X509Certificate[] convertCertificates(Certificate[] certsIn)
> throws CertificateException
> {
> X509Certificate[] certsOut = new X509Certificate[certsIn.length];
>
> for (int iCnt = 0; iCnt < certsIn.length; iCnt++)
> {
> CertificateFactory cf = CertificateFactory.getInstance("X.509");
> ByteArrayInputStream bais = new
> ByteArrayInputStream(certsIn[iCnt].getEncoded());
> certsOut[iCnt] = (X509Certificate) cf.generateCertificate(bais);
> }
>
> return certsOut;
> }
>

What you get here is already an X509Certificate, so there is really no
need to parse it again, just cast it. If for some reason you really need to,
try CertificateFactory.getInstance("X.509", "BC"). This will use the
BouncyCastle parser and might work even if the Harmony one is broken
on your device.

BTW, you are not 'converting' anything here, you are just accessing
the certificate(s) that are already in the PKCS#12 file.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en