On Wed, 24 Sep 2025 02:57:12 GMT, Mark Powers <[email protected]> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232) > > Mark Powers has updated the pull request incrementally with one additional > commit since the last revision: > > fix behavior with keytool src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1487: > 1485: int writeIterationCount = macIterationCount; > 1486: > 1487: if (newKeystore) { I cannot see how `newKeystore` is useful. Back when it's set to true, `macAlgorithm` was also set to `defaultMacAlgorithm()`. Therefore there is no need to try `defaultMacAlgorithm()` again below. As for `writeIterationCount`, for a new keystore it is -1, so we can use this to decide whether it should be assigned `defaultMacIterationCount()`. src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1493: > 1491: if (!(kdfHmac.equals("HmacSHA512") || > 1492: kdfHmac.equals("HmacSHA256"))) { > 1493: kdfHmac = pbmac1Hmac; // use value associated with > keystore `kdfHmac` is probably null now. If you decide to reject other algorithms (which I don't find necessary), error out. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2375788823 PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2375791879
