Bug in KeyStoreUtil (due to new bouncycastle version)

[ThomasKamm]

The Switch to the new bouncycastle included using org.bouncycastle.util.io.pem.PemReader as a replacement for PEMReader in KeyStoreUtils.java. The objects returns by this reader are not Certificates or Keys themselves, leading to the instanceof checks never evaluating to true. Therefore e.g. loadCertificateFromPEM always returns null.

The PemReader should probably be replaced with org.bouncycastle.openssl.PEMParser.

The following sample seems to solve the problem:

public static X509Certificate loadCertificateFromPEM(InputStream in, final char[] pwd) throws Exception
{
        loadBC();
        JcaX509CertificateConverter certConv = new JcaX509CertificateConverter();
        PEMParser pemParser = new PEMParser(new InputStreamReader(in));

        Object obj;
        while ((obj = pemParser.readObject()) != null)
        {
                if (obj instanceof X509CertificateHolder)
                {
                        return certConv.getCertificate((X509CertificateHolder) obj);
                }
        }

        return null;
}

[pphaal]

Thanks for pointing me in the right direction. Similar changes are required to the loadKeyManager method, see KeyStoreUtils.java.