Did that Lawrence. Missing pad bytes! Works fine now.
thanks,
Alistair
On 18 Jan 2006, at 19:38, Lawrence Jones wrote:
Hi Alistair
Well I would try the quick test I suggested first. The fact that
you can read some of the certs but not others leads me to think
that the incoming document just didn't follow the rules for base64
encoding closely enough or you inadvertantly removed one of the
padding bytes during the copy and paste or some such thing (some
base64 decoders are more forgiving than others which could explain
why your cert is passing another base64 test but not ours). If you
follow the test I described you'll be able to see precisely which
rule XmlBeans thinks it's failing to follow and hence probably fix
it yourself.
But if you've had a go at that and it still doesn't work then by
all means post the XML (and some pointers to which cert is failing)
and I'll see what I can do.
Cheers,
Lawrence
-----Original Message-----
From: Alistair Young [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 11:19 AM
To: Lawrence Jones
Cc: [email protected]
Subject: RE: X509 XmlValueOutOfRangeException
Thanks for that Lawrence, I'll give it a try. I strongly suspect a
dud
cert as well. I copied each of the 3 certs from the XML file and
pasted
each one into a BEGIN/END block for used CertificateFactory to
open them.
2 opened fine but the 1st had insufficient data to be read.
That would explain why XMLBeans was having trouble with it but it
doesn't
help with why the bean can't read the other cert that
CertificateFactory
could.
Would it help if I posted the XML with the signature and X509s?
many thanks for your help,
Alistair
--
Alistair Young
Senior Software Engineer
[EMAIL PROTECTED] Mòr Ostaig
Isle of Skye
Scotland
Hi Alistair
Without seeing the cert it's difficult to tell.
According to the schema the X509CertificateArray type within
X509DataType
is of type base64Binary. So your error is coming from
org.apache.xmlbeans.impl.values.JavaBase64Holder in the public
method
lex() at line 77. I apologise that the error message is not very
helpful
-
there's even a note in the code right there to say we should
update it
when we get time.
But the reason you're getting this is that it is unable to decode
the
String that's being passed in. JavaBase64Holder.lex() simply
converts
the
String to UTF-8 bytes and then passes those bytes into
Base64.decode()
which must be returning null for you to see this error.
Base64.decode() is a public static method. So if I were you I'd just
write
a quick test harness to get the String that's causing you problems,
convert it to UTF-8 bytes and call Base64.decode() yourself. Then
you
can
just step through the code and see which line is returning null.
Then
you'll know what in particular it is objecting to (there are several
places in Base64.decode() where it can return null).
If you do this make sure that the String is correct when you set
it up
i.e. that you convert it from whatever byte format you are using for
input
(a File, an InputStream ...) using the correct encoding (usually
UTF-8
for
XML - but you might be overriding it). Otherwise your String will be
wrong
and then the UTF-8 bytes will be wrong which will throw you off.
Cheers,
Lawrence
-----Original Message-----
From: Alistair Young [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 3:18 AM
To: [email protected]
Subject: X509 XmlValueOutOfRangeException
I have a signed xml packet that contains 4 X509 certs. Two of them
produce:
"XmlValueOutOfRangeException Invalid value: not encoded properly"
when using X509DataType.getX509CertificateArray(). The other 2
certs
are
fine.
Is there anything in the cert that could cause this exception?
many thanks,
Alistair
--
Alistair Young
Senior Software Engineer
[EMAIL PROTECTED] Mòr Ostaig
Isle of Skye
Scotland
-------------------------------------------------------------------
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
