SPARK-2187: Do not offer to add a cert to truststore on unrelated error
The go-to response for Spark is to add a certificate that failed validation to the truststore. That's fine for certs that it does not recognize, but if validation failed because of another reason, Spark should not (re)add the certificate. Instead, an error should be shown that explains what the issue is.
SPARK-2188: Exclude TrustAnchor from Certification Path to not confuse validation
As documented in its javadoc, the CertPath instance should not include the root CA certificate. If it does, validation errors can occur.
SPARK-2185: Add safeguard against validating an empty chain
This exposes an issue with the existing code (which unintentionally validates an empty object, instead of a properly populated CarthPath object).