Hi Max,I did not look into the detailed implementation of findIssuer() yet. Have you considered to use java.security.cert.X509CertSelector?
Thanks, Xuelei On 1/9/2019 6:59 AM, Weijun Wang wrote:
Please take a review at https://cr.openjdk.java.net/~weijun/8215776/webrev.00/ PKCS12KeyStore now can find certificate issuers more precisely using SubjectKeyIdentifier and AuthorityKeyIdentifier. I thought about using CertPath builder or checking signatures but those changes are too much. Thanks, Max