On Fri, 5 May 2023 19:43:31 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java line 176: >> >>> 174: >>> 175: // should only have "pk1" now >>> 176: checkEntry(ks, "pk1", pk1Chain); >> >> When the kesytore should only have "pk1” now, how would checkEntry(ks, >> "pk1", pk1Chain) succeed as it expects to have the “ca.cert” in the >> pk1Chain? The “ca.cert” shall not be deleted because “pk1.cert” depends on >> it. I may have missed something here. > > I mean "pk1" entrry, not just "pk1" cert. As you can see, the test checks for > the complete cert chain for "pk1" entry. I've the same understanding of this test. The test looks good to me. I was puzzled by its "pk1" comment. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13743#discussion_r1186485506
