JDK-8177657 : certificate parsing error "Invalid RSA public Key" with Java 1.8.121
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8u121
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: other
  • CPU: x86
  • Submitted: 2017-03-24
  • Updated: 2017-03-27
  • Resolved: 2017-03-27
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) Client VM (build 25.121-b13, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Mircosoft Windows 10.0.14393
Windows 6.0.7601
and any other Windows/Linux

EXTRA RELEVANT SYSTEM CONFIGURATION :
no specific configuration. We tried a lot of different systems

A DESCRIPTION OF THE PROBLEM :
After installing java version 1.8.0_121 there is a problem with parsing our certificates. Some of them worked fine but others didn't. We analyzed the certificates and found the difference. 

Some of them have leading 0s at the public key exponent. Since java 121 there is an exception while parsing such certificates. 
Previous java-versions are working fine. Did you tight up checks since version 121 purposely? 

According to the bug (https://bugs.openjdk.java.net/browse/JDK-8175251)
there is a similar problem with parsing the private key. 
Do you plan to revoke this exacerbation? 

We have a lot of certificate that my no longer work (using java).

We can provide one of our certs which won't work anymore using java121. 
The source code of our test-tool won't make sense without such a cert. 
Please give us a mail-address; we will send you the cert immediately.


REGRESSION.  Last worked in version 8u112

ADDITIONAL REGRESSION INFORMATION: 
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) Client VM (build 25.121-b13, mixed mode)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
try to parse a cert with leading 0s in public exponent. You will get an exception (take a look at the sourcecode below)

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
the same behavior as in java 1.8.0.112
ACTUAL -
ParsingEXC : Invalid RSA-Public key

ERROR MESSAGES/STACK TRACES THAT OCCUR :
CertificateFactory Info:
Type = X.509
Provider = SUN version 1.8
toString = java.security.cert.CertificateFactory@1db9742
Exception: java.security.cert.CertificateParsingException: java.io.IOException:
subject key, java.security.InvalidKeyException: Invalid RSA public key

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.*;
import java.security.*;
import java.security.cert.*;


class CertTest {

   public static void main(String[] args) {
      if (args.length<1) {
         System.out.println("Use it that way, dude...:");
         System.out.println("java CertTest <input.crt>");
         return;
      }
      String in = args[0];
      try {
                        testCert(in);
      } catch (Exception e) {
         System.out.println("Exception: "+e);
         return;
      }
   }
   
   private static void testCert(String input)
      throws Exception {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      System.out.println();
      System.out.println("========================================");
              System.out.println("CertificateFactory Info: ");
      System.out.println("Type = "+cf.getType());
      System.out.println("Provider = "+cf.getProvider());
      System.out.println("toString = "+cf.toString());

      FileInputStream fis = new FileInputStream(input);
      java.security.cert.Certificate cert = cf.generateCertificate(fis);
      fis.close();
      System.out.println();
      System.out.println("========================================");
              System.out.println("Certificate Object Info: ");
      System.out.println("Type = "+cert.getType());
      System.out.println("toString = "+cert.toString());

      PublicKey pubKey = cert.getPublicKey();
      System.out.println();
              System.out.println("========================================");
      System.out.println("PublicKey Object Info: ");
      System.out.println("Algorithm = "+pubKey.getAlgorithm());
      System.out.println("Format = "+pubKey.getFormat());
      System.out.println("toString = "+pubKey.toString());
   }
}


---------- END SOURCE ----------


Comments
This is a duplicate of JDK-8175251. The fix for this will be available in the next JDK 8 update.
27-03-2017