views:

91

answers:

1

Hello experts,

I need to get serial number of x509 certificate. The result of usage "certificate.getSerialNumber()" differs from the expected. As I see X509 certificate file specs, it should go in following format:

    Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version shall be v2 or v3
        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version shall be v2 or v3
        extensions      [3]  EXPLICIT Extensions OPTIONAL
                             -- If present, version shall be v3
        }

And I couldn't find in the begining of the file the value that is provided by certificate.getSerialNumber() method.

And related question: When trying to display the serial with openssl it takes right value from file but adds '3' after each number.

So my question is: How can I get the stored serial value? And where to read why and how openssl and java modifies this data.

OPENSSL

Run with:

openssl x509 -serial -noout -inform DER -in mycert.cer

Result:

serial=3030303031303030303030313030373439323639

JAVA

Code:

InputStream in = new FileInputStream("mycert.cer");
BouncyCastleProvider provider = new BouncyCastleProvider();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", provider);
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(in);
BigInteger serialNum = certificate.getSerialNumber();
System.out.println(serialNum);

Output:

275106190557734483187066766755592068430195471929

FILE

And viewing the file, I see:

0...0..r.......000010000001007492690
.   *.H..
..

which seems to be the serial, provided by openssl but openssl mix it with '3'(after each number).

A: 

Java doesn't modify this data. I'd be amazed if openssl did either. Presumably your expectations are incorrect.

EJP
Hello, I modified my question. I know that I am wrong somewhere, please, help me find where. The number from file is required as result.
Denis
OpenSSL is just printing the hex values. '0' is 0x30, '1' is 0x31, etc. No idea what Java is doing, but I can't see all your code from the iPad at the moment, I'll have a proper look tomorrow.
EJP
Your Java code looks OK to me, provided it is reading the same file.
EJP
Yes it is the same file. You can also help voting for this question to make it more markable.
Denis