On Wed, 24 Sep 2025 15:58:16 GMT, Mark Powers <mpow...@openjdk.org> wrote:
>> `newKeystore` and `macAlgorithm` are not always set together. When creating >> a keystore, they are both set, but when reading a keystore only >> `macAlgorithm` is set. So if I read first and then write (no create), >> `newKeystore` will not be set. Therefore, I can't remove `newKeystore` and >> only use `macAlgorithm` if that's what you're suggesting. >> >> I agree that `defaultMacAlgorithm()` can be replaced by `macAlgorithm` on >> lines 1489 and 1490. >> >> `writeIterationCount` is initialized to `defaultMacIterationCount()` on. >> line 1253 so it is never -1 when `calculateMac` is entered. >> `writeIterationCount` is also set when a keystore is read (lines 2209 and >> 2220). I probably shouldn't be doing that. > > Maybe `macAlgorithm` shouldn't be set when reading a keystore. There is no difference whether `newKeystore` is true or false. Yes, I can see `writeIterationCount` has already been set to `defaultMacIterationCount()` before, but then there is no need to set it to the same value again here. `macAlgorithm` needs to be set when reading a keystore. This ensures when `store` is called, the original algorithm is used. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2376395823
