A DESCRIPTION OF THE PROBLEM :
Relates to JDK-8194702

Currently, when a PKCS12 keystore containing encrypted certificates is loaded without a keystore password, the certificates are silently omitted, see:
https://github.com/openjdk/jdk/blob/7cb368b34df97614f0d208b8b0b93aa714a49282/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#L2056-L2078

This behavior is quite error-prone and can make it difficult to troubleshoot keystore issues. Since that default behavior can most likely not be changed, it would be good to introduce a new method for KeyStore.LoadStoreParameter, for example `failForUnencryptableCertificates` (or similar). It could be implemented as an interface default method which returns `false` (for backward compatibility).
This way users could choose to fail fast to detect early when certificates would be missing from a keystore.

Depending on whether other keystore types have the same or similar problems, maybe the KeyStore.LoadStoreParameter method could also be more general.