Bouncycastle: X509CertificateHolder to X509Certificate?

Question

In versions prior to r146 it was possible to create X509Certificate objects directly. Now that API is deprecated and the new one only deliveres a X509CertificateHolder object.

I cannot find a way to transform a X509CertificateHolder to X509Certificate.

How can this be done?

@SteffenHeil, You should put the answer in the answer section so we can mark it as answered. — Ben, Jan 20 '12 at 12:55

score 98 · Accepted Answer · edited Aug 22 '22 at 16:36

98

I will answer to my own questions, but not delete it, in case someone else got the same problems:

return new JcaX509CertificateConverter().getCertificate(certificateHolder);

And for attribute certificates:

return new X509V2AttributeCertificate(attributeCertificateHolder.getEncoded());

Not nice, as it is encoding and decoding, but it works.

edited Aug 22 '22 at 16:36

OrangeDog

36,653
12
122
207

answered Jan 22 '12 at 12:04

Steffen Heil

4,286
3
32
35

Excelent reference. Thanks. – HMM Dec 11 '12 at 15:08
1

X509V2AttributeCertificate is now deprecated. I'm not sure what to use or how to parse. X509AttrCertParser is not deprecated, but engineRead() returns an X509V2AttributeCertificate which is deprecated. – Stealth Rabbi Feb 24 '16 at 12:14
I like this becausue it uses pure java methods. Steffen Heil's solution uses BC again and the class names are looking so that it could be changed in future. – Maik Apr 07 '23 at 04:43

score 5 · Answer 2 · answered Jun 29 '17 at 14:48

5

Another option is this one :)

CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(certificateHolder.getEncoded());
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);

answered Jun 29 '17 at 14:48

Diego Palomar

6,958
2
31
42

1

Too verbose, @SteffenHeil answer seems to be the most "standard" method. – Jaime Hablutzel Sep 13 '17 at 18:02

Paul · Answer 3 · 2017-06-30T10:59:49.747

-1

This is an possibility to get the X509CertificateHolder to X509Certificate and toString. (first sentence of the code is irrelevant)

X509CertificateHolder selfSignedCertificate = CertificateUtils.selfSignCertificate(certificationRequest, keyPair.getPrivate());
byte[] content = selfSignedCertificate.getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(content));
logger.debug("cert: {}", cert.toString());

........

edited Jun 30 '17 at 10:59

answered Jun 30 '17 at 10:03

Paul

1
3

You should add some explanation. – Cà phê đen Jun 30 '17 at 10:22

Bouncycastle: X509CertificateHolder to X509Certificate?

3 Answers3

Linked