How do I convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.X509Certificate?

Just a simple question: How do I convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.X509Certificate?

I haveseen that there is a small notice on official JSS FAQ which says i should use: Cryptomanager.importCertPackage()

But this method did not work. I got NoSuchItemException, because the if did not found a matching private Key. But it has to work without a private key.

So is there another way? I need tis because all my Certificates are in and i have to convert it to org.mozilla.jss.crypto.X509Certificate because some JSS functions work only with this type of Certificate.

6/20/2015 4:28:43 PM 2048 articles. 1 followers. Post Follow

2 Replies

Similar Articles

[PageSpeed] 39

Try this:

    /** Convert an NSS certificate to a Java X509Certificate */
	protected X509Certificate convertNssCertificate(org.mozilla.jss.crypto.X509Certificate cert) throws CertificateException {
		InputStream in = null;
		try {
			byte[] encodedCert = cert.getEncoded();
			in = new ByteArrayInputStream(encodedCert);
			X509Certificate x509Cert = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(in);
			return x509Cert;
		} finally {
			if (in != null) try { in.close(); } catch (IOException ignore) {}
5/25/2017 7:55:01 PM
Hi Ernie,

Not sure I fully understand the question. Without additional context is
hard to give a good answer.

Now, in one of the JSS tests I see code quite similar to the snippet you
Hopefully studying that test and how it is invoked will help you.


On Thu, May 25, 2017 at 12:55 PM, Ernie Kovak <> wrote:

> Try this:
>     /** Convert an NSS certificate to a Java X509Certificate */
>         protected X509Certificate convertNssCertificate(org.
> mozilla.jss.crypto.X509Certificate cert) throws CertificateException {
>                 InputStream in = null;
>                 try {
>                         byte[] encodedCert = cert.getEncoded();
>                         in = new ByteArrayInputStream(encodedCert);
>                         X509Certificate x509Cert = (X509Certificate)
> CertificateFactory.getInstance("X.509").generateCertificate(in);
>                         return x509Cert;
>                 } finally {
>                         if (in != null) try { in.close(); } catch
> (IOException ignore) {}
>                 }
>         }
> --
> dev-tech-crypto mailing list
5/26/2017 1:40:32 AM

Similar Artilces:

Does JSS has any crypto ?
Does JSS have any native or java crypto algorithm or just an interface to NSS? Thanks, Gowri Gowri wrote: > Does JSS have any native or java crypto algorithm or just an interface > to NSS? For most classes, JSS is just an interface to NSS, but some JSS classes are implemented in pure Java. However, all crypto algorithms in JSS are implemented in NSS. JSS doesn't have any pure Java implementation of crypto algorithms. Wan-Teh ...

x-posting from dev-tech-crypto: web crypto APIs and resources
Hello Security Enthusiasts: I just started a conversation on Web Crypto APIs (low-level, high-level) and the resources to implement in Gecko.!topic/ Cheers, David ...

Trouble with dev-tech-crypto
I'm having trouble posting to this list. I'm trying to get an announcement posted, but the messages simply disappear without errors. If you end up seeing my messages multiple times, please apologize. This issue is being tracked in bugzilla at mozilla dot org number 839245. (Not including a link, just in case links are the reason why mails are being filtered.) Kai ...

JSS interop with crypto.generateCRMFrequest
I've generated a CRMF request from Firefox with the simplest possible javascript snippet: function showcrmf() { document.write(crmf.request); } crmf = crypto.generateCRMFRequest("cn=frog,ou=frog", "regtoken", "authenticator", null, "showcrmf();", 1024, null, "dsa-nonrepudiation"); I'm trying to load the resultant base64 into JSS using equally simple code: CertReqMsg.Template t = new CertReqMsg.Template(); ASN1Value a = t.decode(new BufferedInputStream(new Base64InputStream(new FileInputStream("/home/dichro/crmf&... versus
The first site is looking very good for a model for a prospective RP. Add in the improved password analysis tool and it would be even better. Why doesn't the original site stay in sync? Best regards, -Tom ...

dev-tech-crypto moderation changes
Since its origin a few months ago, the list has been moderated, in an effort to keep spam out of the list. The rules have been rather simple: mail sent by list members gets right through, the rest goes into a moderation queue where it is reviewed daily. The occasional on-topic message from a non-subscriber address gets manually passed through, and the rest is discarded. Spam filters (are intended to) recognize most spam and discard it outright, so that the moderator need not review hundreds of spams daily to find the occasional rare nuggets. Un...

[moderator] testing dev-tech-crypto
I haven't seen any mail on this list for about two weeks. I'm wondering if subscribers have been trying to send mail and have been seeing it fail. If you ever send emails to the list and find that they don't go through, please send an email to me, the moderator. -- Nelson B ...

Amazon SES enabled on and fixed on
When was migrated from Zerigo to AWS Route53 we lost the TXT record that authorizes AWS SES to send email as users @personatest.organd SES was going to be disabled in a few days. I've recreated the TXT record to re-enable SES. I've also created the TXT record needed for to enable SES (which was failed due to the missing record). -Gene ...

problem with jss sha1withrsa verify raising exceptions (works in jss 3.3, jss 3.4 but not jss 4.2.5)
Hi, can someone please confirm the following bug. It seems to be regression in jss. signatureValue & publicKey & validData1 == valid signature (verify return true in every version of jss) signatureValue & publicKey & validData2 == invalid signature (verify should return false, since signatureValue is still in the same correct format, but validData2 is different). Jss 3.3 and Jss 3.4 return true and false ... Jss 4.2.5 returns true and exception (instead of false) Failed to complete verification operation ...

[meta] mail,, and so on...
In the next hour or so we will be moving the box hosting,, (perl|cpan).org mail,, and so on to the rack next to the one it's in now. The downtime should be less than 10 minutes, but now you are forewarned in case I hit the 110V/230V switch while we move it or something. :-) - ask -- ask bjoern hansen, !try; do(); ...

Systm Org / The Broken Org
Torrent links for & Episodes 1-3: Episode 4: Winamp TV stream Episodes 1-3: ...

Anti-spam changes to dev-tech-crypto mailing list
Dear readers of dev-tech-crypto mailing list, and newsgroup: As you have probably noticed, in the past 7 days we've seen a number of emails that have gotten through the list's meager grep-based spam filters. I have been increasing the rules trying to trap more spam, but the spam grows faster than I can create rules for it. I apologize for that. The situation has simply become intolerable, so as your list moderator, I have taken steps to cut it off, and am prepared to take more steps. Consequently, there are some changes to the list moderation that h...

window.crypto/crypto documentation
Howdy! I'm having a hard time finding out if there is an ETA on window.crypto in F= irefox (the API recently added to webkit, not the weird Mozilla specific on= e that is currently implemented). Also some documentation on the browser level crypto (current limitations, s= ecurity concerns a la ript-crypto, etc) would be helpful. I see a bunch of Tom Wu's libraries as = well as sjcl have been included. Some more info on webkit's window.crypto API (from http://html5-demos.appsp=

dev-tech-crypto News->email gateway re-enabled
I have not seen any new spam in the newsgroup since May 1, and in the last week, there have been numerous on-topic messages posted to the newsgroup that have not been gatewayed to the list, so today I have re-enabled the News->email gateway between and the dev-tech-crypto mailing list. If the spam resumes, I will disable the gateway again, but hopefully that will not happen soon. I invite any comments you may have about the relative merits of keeping all spam out of the mailing list (which closing the news->mail gateway accompl...

Casey On 02/11/2010 17:39, Casey419 wrote: > Casey Congrats, that was successfully encrypted beyond my ability to analyse.... ...

Web resources about - How do I convert org.mozilla.jss.pkix.cert to org.mozilla.jss.crypto.X509Certificate? -

All Packages from java.applet.* to*
com.* java.* javax.* org.* all new plug-in Quick Search Search Deep Home >> All Page 1 2 3 4 java.applet.* (4) java.awt.* (328) java.beans.* ...

blommegard/APNS-Pusher · GitHub
APNS-Pusher - A simple cocoa app to send pushes via APNS

Issues - chromium - An open-source project to help move the web forward. - Google Project Hosting
My favorites ▼ - Sign in chromium An open-source project to help move the web forward. Project Home Downloads Wiki Issues Code Search New issue ...

Wesabe makes Financial Data available programmatically - Scott Hanselman
Scott Hanselman on Programming, User Experience, The Zen of Computers and Life in General

Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services
A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" ...

Get the Credential Context used by the Active Profile
The following steps describe how to retrieve the credentials (client and root certificates) used in a profile to identify the user against the ...

Wade Wegner's personal blog. Conversations about programming, technology and cloud computing, especially Salesforce,, and Windows Azure. ...

No-quota push notifications using a root Certificate Authority
... // set appropriate instance variables for request object if (certificate != null ) { request.ClientCertificates.Add( new X509Certificate(certificate); ...

Gallery - MyGet - NuGet server hosting your packages
MyGet - NuGet server hosting your packages

Resources last updated: 12/6/2015 11:30:09 AM