On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Not sure the reason why a change is needed for the existing logic. > > With a signer, it makes no sense to create a single-cert array at the > beginning. I am suggesting: > X509Certificate newCert = keypair.getSelfCertificate(...); > Certificate[] finalChain; > if (signerFlag) { > finalChain = new ... > finalChain[0] = newCert; > } else { > finalChain = new Certificate[] { newCert }; > } > keyStore.setEntry(..., finalChain); Done. ------------- PR: https://git.openjdk.java.net/jdk/pull/3281