On 04/11/2013 04:36 AM, Weijun Wang wrote:
Hi All
The KeyStore::setCertificateEntry has
* @exception KeyStoreException if the keystore has not been initialized,
* or the given alias already exists and does not identify an
* entry containing a trusted certificate,
* or this operation fails for some other reason.
which means you cannot overwrite a KeyEntry with a TrustCertEntry. While
setKeyEntry allows a TrustCertEntry been overwritten by a KeyEntry.
This has been true from the beginning, but why?
I'm not sure, but the exact reason is probably now lost in the sands of
time ;)
On the other hand, setEntry mentions no restriction, although the
current implementations (jks, pkcs12) fail when overwriting a KeyEntry
with a TrustCertEntry.
The only thing I can think of is that it protects against accidental
overwriting of your private key, which might be a good thing, if you
haven't backed it up.
--Sean
