Please review the CSR at
https://bugs.openjdk.java.net/browse/JDK-8224891
(Oh, I hate the CSR having a different bug id.)
Basically, with this change, the cacerts file can be loaded with
KeyStore.getInstance("JKS" or "PKCS12").load(stream, null or anything) or
KeyStore.getInstance(new File("cacerts"), null or anything)
so hopefully all your old code should still work.
I've also opened another RFE [1] that intends to find a different way to tag
jdkCA entries in cacerts other than appending "[jdk]" to the alias.
Thanks,
Max
[1] https://bugs.openjdk.java.net/browse/JDK-8225099
