<div dir="ltr"><div><div><div>I noticed there is a bug (8177657,etc) about stricter DER checking on JDK Certificate code. I have an JKS Keystore which no longer can be opened because of that.<br><br></div><div>I understand that the strict parsing has to stay for public keys, however I wonder if anything can be done about loading the other keys from the keystore or at least reporting the alias of the unparseable entry.<br><br></div></div></div>The Problem was introduced with 8u121, 8u112 can open the file and it exists in 7u131 as well.<br><br>Exception in thread "main" java.security.cert.CertificateParsingException: java.io.IOException: subject key, java.security.InvalidKeyException: Invalid RSA public key<br>    at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)<br>    at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)<br>    at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)<br>    at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)<br>    at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)<br>    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755)<br>    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)<br>    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)<br>    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)<br>    at java.security.KeyStore.load(KeyStore.java:1445)<br>    at net.eckenfels.test.certpath.KeystoreImport.main(KeystoreImport.java:29)<br>Caused by: java.io.IOException: subject key, java.security.InvalidKeyException: Invalid RSA public key<br>    at sun.security.x509.X509Key.parse(X509Key.java:174)<br>    at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)<br>    at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:667)<br>    at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)<br>    ... 10 more<br>Caused by: java.security.InvalidKeyException: java.security.InvalidKeyException: Invalid RSA public key<br>    at sun.security.x509.X509Key.buildX509Key(X509Key.java:227)<br>    at sun.security.x509.X509Key.parse(X509Key.java:170)<br>    ... 13 more<br>Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA public key<br>    at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)<br>    at java.security.KeyFactory.generatePublic(KeyFactory.java:334)<br>    at sun.security.x509.X509Key.buildX509Key(X509Key.java:223)<br>    ... 14 more<br>Caused by: java.security.InvalidKeyException: Invalid RSA public key<br>    at sun.security.rsa.RSAPublicKeyImpl.parseKeyBits(RSAPublicKeyImpl.java:120)<br>    at sun.security.x509.X509Key.decode(X509Key.java:391)<br>    at sun.security.x509.X509Key.decode(X509Key.java:403)<br>    at sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:84)<br>    at sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:298)<br>    at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:201)<br>    ... 16 more<br>Caused by: java.io.IOException: Invalid encoding: redundant leading 0s<br>    at sun.security.util.DerInputBuffer.getBigInteger(DerInputBuffer.java:152)<br>    at sun.security.util.DerInputStream.getBigInteger(DerInputStream.java:207)<br>    at sun.security.rsa.RSAPrivateCrtKeyImpl.getBigInteger(RSAPrivateCrtKeyImpl.java:214)<br>    at sun.security.rsa.RSAPublicKeyImpl.parseKeyBits(RSAPublicKeyImpl.java:115)<br>    ... 21 more<br><br></div>