On 4/11/2013 7:47 AM, Sean Mullan wrote:
On 04/11/2013 04:36 AM, Weijun Wang wrote:
Hi All
The KeyStore::setCertificateEntry has
* @exception KeyStoreException if the keystore has not been initialized,
* or the given alias already exists and does not identify an
* entry containing a trusted certificate,
* or this operation fails for some other reason.
which means you cannot overwrite a KeyEntry with a TrustCertEntry. While
setKeyEntry allows a TrustCertEntry been overwritten by a KeyEntry.
This has been true from the beginning, but why?
I'm not sure, but the exact reason is probably now lost in the sands of
time ;)
On the other hand, setEntry mentions no restriction, although the
current implementations (jks, pkcs12) fail when overwriting a KeyEntry
with a TrustCertEntry.
The only thing I can think of is that it protects against accidental
overwriting of your private key, which might be a good thing, if you
haven't backed it up.
That was added in April 1998.
4129553: KeyStore should store any type of "Key", not just "PrivateKey"
I *THINK* what Sean states was the reason, but before my time.
Brad
