1

I'm having trouble with reading a PEM file of a certificate that I generated and wrote to disk with SpongyCastle.

I'm saving my certificate with the following function

private static void saveCertificate(Context context, X509CertificateHolder certificateHolder) throws Exception {

    JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(new File(context.getFilesDir(), "certificate.pem")));

    PEMEncryptor encryptor = new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider("BC").build("myPass".toCharArray());

    pemWriter.writeObject(certificate, encryptor);
    pemWriter.close();
}

This seems to be working like it should.

Now when I try to read this file using `PEMParser, an exception gets raised. I'm using the following function to read the file.

private static X509CertificateHolder loadCertificate(Context context) throws Exception {
    PEMParser pemParser = new PEMParser(new FileReader(new File(context.getFilesDir(), "certificate.pem")));
    Object object = pemParser.readObject(); // -- exception raised here --

    JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");

    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build("myPass".toCharArray());

    X509CertificateHolder certificateHolder;
    //still need to convert 'object' to my certificate
    pemParser.close();

    return (X509CertificateHolder) object;
}

Most of the time the reason for the exception is 

org.spongycastle.openssl.PEMException: problem parsing cert: org.spongycastle.cert.CertIOException: malformed data: unknown object in getInstance: org.spongycastle.asn1.DERApplicationSpecific

But sometimes I get this

org.spongycastle.openssl.PEMException: problem parsing cert: java.io.IOException: DER length more than 4 bytes: 25

I don't have a clue about what I'm doing wrong. The file output looks OK. It's formatted like this

-----BEGIN CERTIFICATE-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3C6C...

2mFGwwz...
-----END CERTIFICATE-----

What am I doing wrong?

EDIT

If I read the file into a String using BufferedReader, this is the output

-----BEGIN CERTIFICATE-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3C6C...

2mFGwwz...
-----END CERTIFICATE-----

So I suppose the data which is read is correct.

SnyersK
  • 1,296
  • 8
  • 23
  • 1
    On Android, use spongy castle - which has provider "SC" - use BouncyCastleProvider.PROVIDER_NAME – EpicPandaForce Jul 13 '15 at 16:04
  • Then I get `java.security.NoSuchProviderException: Provider not available: SC` – SnyersK Jul 13 '15 at 16:09
  • Did you forget the static initializer block to add the provider to the Security class? Are you sure you imported the spongy castle provider instead of the Bc provider? – EpicPandaForce Jul 13 '15 at 16:10
  • I was adding the provider at a wrong time. It's working with `BouncyCastleProvider.PROVIDER_NAME` now. But that did not fix my original problem – SnyersK Jul 13 '15 at 16:16
  • I think you are not setting the provider for the decryption provider builder. Should also be the provider name. – EpicPandaForce Jul 13 '15 at 16:24
  • The exception gets raised sooner, I don't even get to that part of the code. The exception occurs when I do `PEMParser.readObject()` – SnyersK Jul 14 '15 at 07:46
  • Can you check with a buffered reader to see what you are actually reading in? Maybe try loading it into a string and read pem from that. – EpicPandaForce Jul 14 '15 at 08:23
  • Something like the result of `IOUtils.toString(new FileInputStream(new File(context.getFilesDir(), "certificate.pem")));` with `commons-io` – EpicPandaForce Jul 14 '15 at 10:04
  • I added the result to the question. – SnyersK Jul 14 '15 at 10:48

0 Answers0