This bug report mentions PKCS12, but the problem seems
to lie in the DerInputStream parsing routines.
The keystore is loadable under netscape, but not
under JDK/merlin.

###@###.### 2002-02-06


Name: krC82822 Date: 08/06/2001


java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)

I'm writing an SSLSocketFactory for a jndi client, and want to use pkcs12
files for my keystore.

We have a PKI product that produces pkcs12 certificates for us, but code along
the lines of:


KeyStore keyStore = KeyStore.getInstance("pkcs12");
FileInputStream fin = new FileInputStream(new File("myfile.p12"));
keyStore.load(fin, "secret".toCharArray());

fails with the error:

java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.

Since we know that the file is a valid pkcs12 file, it seems that there might
be an error in the ASN1 compiler used in JSSE?

However, the same pkcs12 file 'washed' through Netscape works fine.

REPRODUCING THE PROBLEM:

While this problem first appeared in our code, it can be easily reproduced
using the standard Sun 'keytool' utility.

Take a non-Netscape pkcs12 file (mail ###@###.### if necessary :-) )
and simply use keytool (after having setup jsse of course!).

keytool -list -keystore test1.p12 -storepass secret1 -storetype pkcs12
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=127, t
oo big.
(Review ID: 123958)
======================================================================