I’ve updated the webrev to also check for X509Certificate in both engineSetKeyEntry methods and in engineSetEntry: http://cr.openjdk.java.net/~vinnie/8068290/webrev.01/
> On 4 Jul 2016, at 10:25, Vincent Ryan <vincent.x.r...@oracle.com> wrote: > > Good catch Max. I’ll add the check there too. > > >> On 2 Jul 2016, at 02:04, Wang Weijun <weijun.w...@oracle.com> wrote: >> >> Should engineSetKeyEntry make the same check? >> >> --Max >> >>> On Jul 2, 2016, at 5:52 AM, Vincent Ryan <vincent.x.r...@oracle.com> wrote: >>> >>> Please review this change to correct two failing JCK tests. >>> >>> Bug: https://bugs.openjdk.java.net/browse/JDK-8068290 >>> Webrev: http://cr.openjdk.java.net/~vinnie/8068290/webrev.00/ >>> >>> PKCS12 is the default keystore type in JDK 9 and its implementation stores >>> only X.509 certificates >>> although the KeyStore API allows any Certificate object to be stored. >>> This fix checks that the supplied certificate is an X509Certificate object >>> before storing it. >>> >>> Thanks. >>> >> >
