You’re right. This same issue had been reported as an obscure JCK test failure. I created this new bug to clarify the issue.
I’ve updated the webrev to include your suggestion: http://cr.openjdk.java.net/~vinnie/8163503/webrev.01/ Thanks. > On 10 Aug 2016, at 01:38, Weijun Wang <weijun.w...@oracle.com> wrote: > > I thought I've seen this webrev before. > > Why not just throw a KeyStoreException in validateChain()? > > --Max > > On 8/10/2016 2:14, Vincent Ryan wrote: >> Please review this fix to improve the error handling for attempts to store a >> Certificate object in PKCS12 keystore. >> The PKCS12 keystore implementation supports storing only X509Certificate >> objects but the KeyStore API allows Certificate objects. >> This fix rejects attempts to store non-X.509 certificates and throws a >> KeyStoreException. >> >> Thanks. >> >> Bug: https://bugs.openjdk.java.net/browse/JDK-8163503 >> Webrev: http://cr.openjdk.java.net/~vinnie/8163503/webrev.00/ >> >>
