karlipoppins karlipoppins - 4 months ago 44
Java Question

PKCS#12 : DerInputStream.getLength() exception

I generate a certificate using the keytool command:

keytool -genkeypair -alias myRSAKey -keyalg RSA -keysize 1024 -keystore test.p12 -storepass test -storetype pkcs12

Then if I try to load it using java security API, after getting the file as a byte[] :

KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new ByteArrayInputStream(data), "test".toCharArray())
} catch (Exception e){

I get a DerInputStream.getLength(): lengthTag=127, too big exception.

What is wrong?


I had this problem and I've searched the depths of google and still couldn't find the answer. After some days battling with a terrible quality legacy code, I found what was causing this error.

KeyStore.load(InputStream is, String pass);

this method takes an InputStream and if there's any problem with such InputStream, this exception is thrown, some problems that I've encountered:

  • The InputStream points to the wrong / blank / just created file
  • The InputStream is already open or something else is holding the resource
  • The InputStream was already used and read, thus the position of the next byte of InputStream is it's end

The last one was the responsible for my problem. The code was creating an InputStream from a certificate, and proceeding to use it in two KeyStore.load() calls, the first one was successful, the second one always got me this error.