在Java中读取OCSP签名证书时发生异常_Java_Windows Server 2008_X509certificate_Ocsp

在Java中读取OCSP签名证书时发生异常

java

在Java中读取OCSP签名证书时发生异常,java,windows-server-2008,x509certificate,ocsp,Java,Windows Server 2008,X509certificate,Ocsp,我目前正致力于让Java应用程序（JRE 1.5+）与Windows 2008 OCSP响应程序对话，在尝试读取响应程序的签名证书时，我遇到了一个奇怪的错误我在尝试执行OCSP验证时遇到以下异常 Caused by: java.security.cert.CertificateParsingException: java.io.IOException: short read on DerValue buffer at sun.security.x509.X509CertInfo.<

我目前正致力于让Java应用程序（JRE 1.5+）与Windows 2008 OCSP响应程序对话，在尝试读取响应程序的签名证书时，我遇到了一个奇怪的错误

我在尝试执行OCSP验证时遇到以下异常

Caused by: java.security.cert.CertificateParsingException: java.io.IOException: short read on DerValue buffer
    at sun.security.x509.X509CertInfo.<init>(Unknown Source)
    at sun.security.x509.X509CertImpl.parse(Unknown Source)
    at sun.security.x509.X509CertImpl.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
    at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
    ... 6 more
Caused by: java.io.IOException: short read on DerValue buffer
    at sun.security.util.DerValue.getOctetString(Unknown Source)
    at sun.security.x509.Extension.<init>(Unknown Source)
    at sun.security.x509.CertificateExtensions.init(Unknown Source)
    at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
    at sun.security.x509.X509CertInfo.parse(Unknown Source)
    ... 11 more

我想你的工厂是这样的

  cf = CertificateFactory.getInstance("X509");

默认的X509工厂有许多限制。您的证书似乎包含工厂不知道如何解析的扩展。如果你发布证书，我可以帮助你识别违规的分机

编辑：有问题的扩展名为

1.3.6.1.5.5.7.48.1.5-id pkix ocsp nocheck

唯一的选择是使用Java内置JCE将其从cert中删除。您也可以尝试另一种JCE，如BouncyCastle。

感谢各位的快速响应。我已将问题证书添加到描述中。请参阅我的编辑…………谢谢，我已转到尝试BouncyCastle提供商，该提供商似乎工作正常。

  cf = CertificateFactory.getInstance("X509");