On Thu, 1 Apr 2021 16:25:49 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1941: >> >>> 1939: signerFlag = true; >>> 1940: >>> 1941: if (keyStore.containsAlias(signerAlias) == false) { >> >> It's probably more precise to make sure the entry is a `PrivateKeyEntry` >> because we have other entries like `TrustedCertificateEntry` and >> `SecretKeyEntry`. Or you can double check this below to ensure both >> `signerPrivateKey` and `signerCert` are non null. > > As `RecoveryKey()` will make sure if the entry exists in the keystore and is > a `PrivateKeyEntry`, removed this checking and updated to check for if > `signerCert` is null. Yes, it must be a private key entry. On the other hand, I think it's unnecessary to check about the `signerCert`. I don't think it'll be ever null. ------------- PR: https://git.openjdk.java.net/jdk/pull/3281