Please take a review at http://cr.openjdk.java.net/~weijun/8206189/webrev.00/
When the password is empty, some pkcs12 implementations actually use "new char[1]" internally. Therefore PKCS12KeyStore tries both "new char[0]" and "new char[1]". Occasionally, an encrypted block can be decrypted by both. If the real password is "new char[1]" but we decrypt successfully with "new char[0]", the output will be garbage and will not be parsed correctly. This fix puts the parsing code inside the retry block to "validate" the decrypted data. If it cannot be parsed correctly, the 2nd password will be retried. No new regression test, the failed test will be used to verify the fix. Thanks Max
