Please take a review at JBS: https://bugs.openjdk.java.net/browse/JDK-8202837 Fix: http://cr.openjdk.java.net/~weijun/8202837/webrev.00/
The redundant encoding/decoding of the extra PBES2 OID is removed. The encoding/decoding of keyLength and prf in PBKDF2-params is also made optional-aware. In PKCS12KeyStore, the decrypting of cert is fixed. See line 404 for the correct usage when decrypting the key. The new test contains a hardcoded PKCS 12 file, but I've included the exact commands to create it. Thanks Max
