JDK-7133495 : [macosx] KeyChain KeyStore implementation retrieves only one private key entry
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7u4
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: os_x
  • CPU: x86
  • Submitted: 2012-01-26
  • Updated: 2013-09-12
  • Resolved: 2012-03-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u4 b13Fixed 8Fixed
From http://java.net/jira/browse/MACOSX_PORT-464 --

Even if the user KeyChain contains more than one certificate chain with private key the Keychain-based KeyStore implementation is only able to retrieve one single chain.

Step to reproduce:
(1) import 2 or more certificate with private keys in KeyChain (for instance from PKCS#12 files)
(2) list the entries with keytool:
keytool -list -provider apple.security.AppleProvider -storetype KeychainStore -keystore NONE | grep PrivateKeyEntry
(3) only one entry is printed

EVALUATION Ensure all the private keys are extracted from the keychain when creating a KeyStore