Hi Alistair Well I would try the quick test I suggested first. The fact that you can read some of the certs but not others leads me to think that the incoming document just didn't follow the rules for base64 encoding closely enough or you inadvertantly removed one of the padding bytes during the copy and paste or some such thing (some base64 decoders are more forgiving than others which could explain why your cert is passing another base64 test but not ours). If you follow the test I described you'll be able to see precisely which rule XmlBeans thinks it's failing to follow and hence probably fix it yourself.
But if you've had a go at that and it still doesn't work then by all means post the XML (and some pointers to which cert is failing) and I'll see what I can do. Cheers, Lawrence > -----Original Message----- > From: Alistair Young [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 18, 2006 11:19 AM > To: Lawrence Jones > Cc: [email protected] > Subject: RE: X509 XmlValueOutOfRangeException > > Thanks for that Lawrence, I'll give it a try. I strongly suspect a dud > cert as well. I copied each of the 3 certs from the XML file and pasted > each one into a BEGIN/END block for used CertificateFactory to open them. > 2 opened fine but the 1st had insufficient data to be read. > > That would explain why XMLBeans was having trouble with it but it doesn't > help with why the bean can't read the other cert that CertificateFactory > could. > > Would it help if I posted the XML with the signature and X509s? > > many thanks for your help, > > Alistair > > > -- > Alistair Young > Senior Software Engineer > [EMAIL PROTECTED] Mòr Ostaig > Isle of Skye > Scotland > > > Hi Alistair > > > > Without seeing the cert it's difficult to tell. > > > > According to the schema the X509CertificateArray type within > X509DataType > > is of type base64Binary. So your error is coming from > > org.apache.xmlbeans.impl.values.JavaBase64Holder in the public method > > lex() at line 77. I apologise that the error message is not very helpful > - > > there's even a note in the code right there to say we should update it > > when we get time. > > > > But the reason you're getting this is that it is unable to decode the > > String that's being passed in. JavaBase64Holder.lex() simply converts > the > > String to UTF-8 bytes and then passes those bytes into Base64.decode() > > which must be returning null for you to see this error. > > > > Base64.decode() is a public static method. So if I were you I'd just > write > > a quick test harness to get the String that's causing you problems, > > convert it to UTF-8 bytes and call Base64.decode() yourself. Then you > can > > just step through the code and see which line is returning null. Then > > you'll know what in particular it is objecting to (there are several > > places in Base64.decode() where it can return null). > > > > If you do this make sure that the String is correct when you set it up > > i.e. that you convert it from whatever byte format you are using for > input > > (a File, an InputStream ...) using the correct encoding (usually UTF-8 > for > > XML - but you might be overriding it). Otherwise your String will be > wrong > > and then the UTF-8 bytes will be wrong which will throw you off. > > > > Cheers, > > > > Lawrence > > > >> -----Original Message----- > >> From: Alistair Young [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, January 18, 2006 3:18 AM > >> To: [email protected] > >> Subject: X509 XmlValueOutOfRangeException > >> > >> I have a signed xml packet that contains 4 X509 certs. Two of them > >> produce: > >> > >> "XmlValueOutOfRangeException Invalid value: not encoded properly" > >> > >> when using X509DataType.getX509CertificateArray(). The other 2 certs > are > >> fine. > >> > >> Is there anything in the cert that could cause this exception? > >> > >> many thanks, > >> > >> Alistair > >> > >> > >> -- > >> Alistair Young > >> Senior Software Engineer > >> [EMAIL PROTECTED] Mòr Ostaig > >> Isle of Skye > >> Scotland > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
