portecle icon indicating copy to clipboard operation
portecle copied to clipboard

Published 20 hours ago verified publisher icon scop

malformed certificate in existing store prevents opening the store at all

Open janmaesiptor opened this issue 5 years ago • 1 comments

A malformed certificate in existing store prevents opening the store at all. Starting with BouncyCastle version 1.58, stricter ASN1 decoding is enforced.

When opening a store that contains a certificate with malformed ASN1 integer encoding, BC doesn't load the keystore but instead throws an exception.

There's a BC option that can be set in System properties to to allow parsing of malformed ASN.1 integers in a similar fashion to what BC 1.56 did. The option is org.bouncycastle.asn1.allow_unsafe_integer.

Note that BC failing to load a PKCS12 store causes portecle to open it as a JKS store under java8+. The same problem was shown in issue #57: this causes reduced functionality and possible keystore corruption.

janmaesiptor avatar Mar 05 '19 11:03 janmaesiptor

one-malformed-certificate.zip

Attached a zip containing a PKCS12 store with a malformed certificate as received from a communication partner. The keystore password is: one

janmaesiptor avatar Mar 05 '19 19:03 janmaesiptor