Troubleshooting certificate exceptions #98
Description
This issue is just for the documentation in case old/bad certificates are used. One question at the end though.
We tried using existing old certificates with keys and could import them via the "cert import" command.
This worked fine, however, on restart, we got the exception:
Exception in thread "main" org.openas2.WrappedException: Error creating component: org.openas2.cert.PKCS12CertificateFactory
at org.openas2.util.XMLUtil.getComponent(XMLUtil.java:80)
...
Caused by: java.lang.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey.populateFromPublicKeyInfo(BCRSAPublicKey.java:71)
...
Also, we tried importing the certificates with keys in the existing default "as2_certs.p12" keystore using the "Portecle" tool (mentioned in the manual) but that failed immediatly with the message "could not load keystore".
The problems go away when the BouncyCastle option "org.bouncycastle.asn1.allow_unsafe_integer" is used. E.g. start Portecle with:
start "portecle" /B C:\java\jdk8\bin\javaw -Dorg.bouncycastle.asn1.allow_unsafe_integer=true -jar portecle.jar
The documentation/manual should probably mention this problem and BouncyCastle option since the error messages are not really helpful.
I am not sure if using these old/bad certificates with keys is going to give problems down the line, e.g. in bad signatures / MDNs. Apparenlty there is a bad number in there and that might corrupt/fail to verify generated signatures / MDNs?