The java.security.KeyStore API supports the storage and retrieval of java.security.cert.Certificate objects. The PKCS12 keystore implementation in JDK supports only X.509 certificates. Any attempt to store a Certificate object that is not a java.security.cert.X509Certificate object currently results in a ClassCastException.

The PKCS12 implementation should detect an attempt to store a non-X.509 certificate and throw the more informative KeyStoreException.