Validating identity unable to find a certificate
The more generic method get Public Key Data has been added and get Public Key now throws an IOException if there is a problem. Note: while the public review period has finished, these algorithms have not yet been standardised, in the event that final standardisation changes the algorithms these implementations will be changed.More classses have been added to the ASN.1 package for dealing with certificate extensions and CRLs including a CRL generator.The issue we have run into is that we probably didn't go far enough in 1.46, but we are now confident that moving from this release to 2.0 should be largely just getting rid of deprecated methods.While this release does change a lot it is relatively straight forward to do a port and we have a porting guide which explains the important ones.
In the case where there was no Authority Key Identifier the PKCS12 store would fail to find certificates further up the signing chain.
When a root certificate had a different issuer id from the subject id, or had it's own Authority Key Extension the PKCS12 key store would drop the root certificate from the certificate chain. A Cert Path implementation that runs under jdk1.1 and jdk1.4 has also being contributed.