malformed certificate in existing store prevents opening the store at all

[janmaesiptor]

A malformed certificate in existing store prevents opening the store at all.
Starting with BouncyCastle version 1.58, stricter ASN1 decoding is enforced.

When opening a store that contains a certificate with malformed ASN1 integer encoding, BC doesn't load the keystore but instead throws an exception.

There's a BC option that can be set in System properties to to allow parsing of malformed ASN.1 integers in a similar fashion to what BC 1.56 did. The option is org.bouncycastle.asn1.allow_unsafe_integer.

Note that BC failing to load a PKCS12 store causes portecle to open it as a JKS store under java8+.
The same problem was shown in issue #57: this causes reduced functionality and possible keystore corruption.

[janmaesiptor]

one-malformed-certificate.zip

Attached a zip containing a PKCS12 store with a malformed certificate as received from a communication partner. The keystore password is: one