check key type before extracting public key for DACs #336
Description
When we're processing DcsrSpecs we must extract the public key from the parent / root certificate for inclusion in the signed DAC. If the cert isn't for an RSA key then the call here will fail. To get better error handling we can check the type of this key before calling this function, or possibly improve the error produced by it: Error: RSA PKCS#1 error: public key error: ASN.1 error: unexpected ASN.1 DER tag: expected SEQUENCE, got OCTET STRING.