Fix type + improve error message

Author: alextwoods

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.java

@@ -495,7 +495,7 @@ private static byte[] signPolicy(byte[] policyToSign, PrivateKey privateKey) thr
                 // do not attempt to use a generic Signer based on the privateKey algorithm:
                 // future supported key types likely require different hash algorithms (eg, SHA256 or higher instead of SHA1)
                 throw new IllegalArgumentException(
-                    "Unsupported key algorithm for for CloudFront signed URL: " + privateKey.getAlgorithm());
+                    "Unsupported key algorithm for CloudFront signed URL: " + privateKey.getAlgorithm());
         }
     }
 

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/internal/utils/SigningUtils.java

@@ -226,12 +226,14 @@ public static PrivateKey loadPrivateKey(Path keyFile) throws Exception {
     /**
      * Attempt to load a private key from PKCS8 DER
      */
-    public static PrivateKey privateKeyFromPkcs8(byte[] derBytes) throws InvalidKeySpecException {
+    public static PrivateKey privateKeyFromPkcs8(byte[] derBytes) {
         EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(derBytes);
         try {
             return tryKeyLoadFromSpec(privateKeySpec);
         } catch (NoSuchAlgorithmException e) {
             throw new IllegalArgumentException(e);
+        } catch (InvalidKeySpecException e) {
+            throw new IllegalArgumentException("Invalid private key, unable to load as either RSA or ECDSA", e);
         }
     }