According to [1], KeyStore.load(InputStream, char[]) method should throw an IOException, and the cause of the IOException should be an UnrecoverableKeyException:
...
Throws:
IOException - if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException
...
But in case of PKCS11 keystore it throws an IOException, and the cause is javax.security.auth.login.FailedLoginException:
java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:761)
at java.security.KeyStore.load(KeyStore.java:1459)
at LoadKeystore.main(LoadKeystore.java:73)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:504)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:92)
at java.lang.Thread.run(Thread.java:746)
Caused by: javax.security.auth.login.FailedLoginException
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1253)
at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:847)
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:751)
... 8 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1241)
... 10 more
Please use attached LoadKeystore.java test to reproduce the problem.
The implementation should follow the spec in all cases. Need to check other keystore types listed in [2].
[1] http://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#load-java.io.InputStream-char:A-
[2] http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore