(I haven’t found a way to register on bugs.openjdk.java.net and file a bug, therefore posting it here).
There is a bug in the native KeystoreImpl that it only searches for identities that have a key usage of “Any” using CSSM_KEYUSE_ANY instead of passing `0` to the SecIdentitySearchCreate keychain function. Refer to line 282 in [1]. This will exclude all identities that have a specific key usage set such as “Encrypt, Verify, Wrap, Derive”. [1] http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/macosx/native/apple/security/KeystoreImpl.m I have also found issues with instances of KeyEntry that have an empty array for the “chain” property causing index out of bounds exceptions. See attached patch.
- David
