On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Not sure the reason why a change is needed for the existing logic.
>
> With a signer, it makes no sense to create a single-cert array at the
> beginning. I am suggesting:
> X509Certificate newCert = keypair.getSelfCertificate(...);
> Certificate[] finalChain;
> if (signerFlag) {
> finalChain = new ...
> finalChain[0] = newCert;
> } else {
> finalChain = new Certificate[] { newCert };
> }
> keyStore.setEntry(..., finalChain);
Done.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3281
