JDK-8179191 : keystore.load() fails to load a certificate
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8u121
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2017-04-18
  • Updated: 2017-04-24
  • Resolved: 2017-04-24
Related Reports
Duplicate :  
JDK-8175251 - Failed to load RSA private key from pkcs12
Description
FULL PRODUCT VERSION :
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
macOS Sierra Version 10.12.4 (16E195)


A DESCRIPTION OF THE PROBLEM :
CANNOT LOAD PKCS12 KEYSTORE FILE . KeyStore.load() fails to load RSA 1024 key length certificate. 

REGRESSION.  Last worked in version 8u112

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the attached source code to reproduce this error.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
it should load the certificate. 
ACTUAL -
CertificateException thrown by KeyStroe.load() API call .  

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
	at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:198)
	at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
	at sun.security.pkcs12.PKCS12KeyStore.loadSafeContents(PKCS12KeyStore.java:2189)
	at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2025)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at KeyStoreTest.main(KeyStoreTest.java:35)
Caused by: java.io.IOException: DerInputStream.getLength(): Redundant length bytes found
	at sun.security.util.DerInputStream.getLength(DerInputStream.java:606)
	at sun.security.util.DerValue.<init>(DerValue.java:252)
	at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:451)
	at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1784)
	at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
	... 6 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import java.security.cert.CertificateException;


public class KeyStoreTest {

	/**
	 * @param args
	 * @throws java.security.cert.CertificateException 
	 * @throws NoSuchAlgorithmException 
	 * @throws IOException 
	 */
	public static void main(String[] args)throws KeyStoreException, NoSuchAlgorithmException, java.security.cert.CertificateException, IOException {
		// TODO Auto-generated method stub
		KeyStore keystore = null;
		FileInputStream fip = null;
		try{
			keystore = KeyStore.getInstance("pkcs12");
		}catch(KeyStoreException ex){
			ex.printStackTrace();
		}
		try{
			fip = new FileInputStream("/home/Downloads/cert_1024.p12");
		}catch(FileNotFoundException ex){
			ex.printStackTrace();
		}
		
		try{	
			keystore.load(fip, "1024".toCharArray());
		}catch(CertificateException e){
			e.printStackTrace();
		}
	}

}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
this issue was not reproducible in Java8u112 so the only workaround is to change JRE to java8u112
Comments
This is a duplicate of JDK-8175251.
24-04-2017