Why cannot overwrite a KeyEntry with a TrustCertEntry?
Weijun Wang
weijun.wang at oracle.com
Thu Apr 11 08:36:54 UTC 2013
Hi All
The KeyStore::setCertificateEntry has
* @exception KeyStoreException if the keystore has not been initialized,
* or the given alias already exists and does not identify an
* entry containing a trusted certificate,
* or this operation fails for some other reason.
which means you cannot overwrite a KeyEntry with a TrustCertEntry. While
setKeyEntry allows a TrustCertEntry been overwritten by a KeyEntry.
This has been true from the beginning, but why?
On the other hand, setEntry mentions no restriction, although the
current implementations (jks, pkcs12) fail when overwriting a KeyEntry
with a TrustCertEntry.
Thanks
Max
More information about the security-dev
mailing list