Skip to main content

VBE 5.2.1: PKCS12 Certificates do not work with JDK 1.4.0, or 1.4.1

  • February 16, 2013
  • 0 replies
  • 1 view
D

Problem:

  • Product Name: VisiBroker
  • Product Version: 5.2.1
  • Product Component: Security Service
  • Platform/OS Version: ALL
  • JDK/Compiler Version: JDK 1.4.0, JDK 1.4.1

When a PKCS12 certificate chain or trust certificate is used in VBJ 5.2.1 in
conjunction with JDK 1.4.0 or 1.4.1, an exception can occur:

java.io.IOException:

DerInputStream.getLength(): lengthTag=109, too big.
...

Why is that?

Resolution:

The VBE 5.2.1 Release Note (Borland Enterprise Server 5.2.1 VisiBroker Release Notes)

said this:

"With JDK 1.4.1 or JDK 1.4.0, when the trustpoint directory contains files that
are in a format other than a valid certificate such as keystore, due to Sun JDK
1.4.1 bug number 4806811 it will throw an IOException when it parses the
keystore. However, this does not affect the behavior. The following is a sample
of the exceptions thrown:

vbj -DORBpropStorage=client_pk.properties com.borland.appclient.Container

cart_beans_client.jar java.io.IOException:

DerInputStream.getLength(): lengthTag=109, too big.

at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)

at sun.security.util.DerValue.init(DerValue.java:333)

at sun.security.util.DerValue.(DerValue.java:289)

at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:340)

at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:240)

at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)

at com.inprise.security.trust.TrustpointsWrapper.addTrustPoint(TrustpointsWrapper.java:211)

at com.inprise.security.trust.TrustpointsWrapper.refresh(TrustpointsWrapper.java:163)

at com.inprise.security.CORBAsec.SecurityCurrentImpl.complete_init(SecurityCurrentImpl.java:179)

at com.borland.security.core.Init.pre_init(Init.java:475)

at com.inprise.vbroker.orb.ORB.initialize(ORB.java:1138)

at com.inprise.vbroker.orb.ORB.set_parameters(ORB.java:1310)

at org.omg.CORBA.ORB.init(ORB.java:337)

at com.inprise.j2ee.Init.orb(Init.java:78)

at com.inprise.j2ee.jndi.CtxFactory.getInitialContext(CtxFactory.java:29)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)

at javax.naming.InitialContext.init(InitialContext.java:219)

at javax.naming.InitialContext.(InitialContext.java:175)

at com.inprise.j2ee.utils.JndiUtils.registerEjbRefsInJndi(JndiUtils.java:328)

at com.inprise.j2ee.utils.JndiUtils.registerInJndi(JndiUtils.java:468)

at com.borland.appclient.Container.main(Container.java:136)"

Note that although this release note specified that a PKCS12 certificate used in
the trustpoint directory can cause this problem, this problem is not limited to
trust certificates, but also to certificate chain in PKCS12 format as well.

The link below shows the content of the bug ID: 4806811 mentioned here.

JDK-4806811 : CertificateFactory.generateCertificates prints unspecified exception to console


#Security
#VisiBroker

Recent badge winners

Explore all badges
Terms & ConditionsAccessibility statement