Merge

783dfcfe · andrew · 30dc2e64 · 16184010 · 783dfcfe · 783dfcfe
22 changed file
--- a/src/macosx/classes/apple/security/KeychainStore.java
+++ b/src/macosx/classes/apple/security/KeychainStore.java
 /*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -102,6 +102,8 @@ public final class KeychainStore extends KeyStoreSpi {
    private static final int iterationCount = 1024;
    private static final int SALT_LEN = 20;

+    private static final Debug debug = Debug.getInstance("keystore");
+
    static {
        AccessController.doPrivileged(
            new PrivilegedAction<Void>() {
@@ -771,6 +773,10 @@ public final class KeychainStore extends KeyStoreSpi {

            entries.clear();
            _scanKeychain();
+            if (debug != null) {
+                debug.println("KeychainStore load entry count: " +
+                        entries.size());
+            }
        }
    }


--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java
+++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java
 /*
- * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@

 package com.sun.crypto.provider;

+import sun.security.util.Debug;
+
 import java.io.*;
 import java.util.*;
 import java.security.AccessController;
@@ -61,6 +63,7 @@ import sun.misc.ObjectInputFilter;

 public final class JceKeyStore extends KeyStoreSpi {

+    private static final Debug debug = Debug.getInstance("keystore");
    private static final int JCEKS_MAGIC = 0xcececece;
    private static final int JKS_MAGIC = 0xfeedfeed;
    private static final int VERSION_1 = 0x01;
@@ -682,6 +685,7 @@ public final class JceKeyStore extends KeyStoreSpi {
            Hashtable<String, CertificateFactory> cfs = null;
            ByteArrayInputStream bais = null;
            byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0;

            if (stream == null)
                return;
@@ -728,7 +732,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                    tag = dis.readInt();

                    if (tag == 1) { // private-key entry
-
+                        privateKeyCount++;
                        PrivateKeyEntry entry = new PrivateKeyEntry();

                        // read the alias
@@ -788,7 +792,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);

                    } else if (tag == 2) { // trusted certificate entry
-
+                        trustedKeyCount++;
                        TrustedCertEntry entry = new TrustedCertEntry();

                        // read the alias
@@ -827,7 +831,7 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);

                    } else if (tag == 3) { // secret-key entry
-
+                        secretKeyCount++;
                        SecretKeyEntry entry = new SecretKeyEntry();

                        // read the alias
@@ -860,10 +864,18 @@ public final class JceKeyStore extends KeyStoreSpi {
                        entries.put(alias, entry);

                    } else {
-                        throw new IOException("Unrecognized keystore entry");
+                        throw new IOException("Unrecognized keystore entry: " +
+                                tag);
                    }
                }

+                if (debug != null) {
+                    debug.println("JceKeyStore load: private key count: " +
+                        privateKeyCount + ". trusted key count: " +
+                        trustedKeyCount + ". secret key count: " +
+                        secretKeyCount);
+                }
+
                /*
                 * If a password has been provided, we check the keyed digest
                 * at the end. If this check fails, the store has been tampered

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: ApacheNodeSetData.java 1203890 2011-11-18 22:47:56Z mullan $
@@ -47,7 +47,7 @@ public class ApacheNodeSetData implements ApacheData, NodeSetData {
        this.xi = xi;
    }

-    public Iterator iterator() {
+    public Iterator<Node> iterator() {
        // If nodefilters are set, must execute them first to create node-set
        if (xi.getNodeFilters() != null && !xi.getNodeFilters().isEmpty()) {
            return Collections.unmodifiableSet

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMKeyInfo.java 1333869 2012-05-04 10:42:44Z coheigea $
@@ -138,7 +138,7 @@ public final class DOMKeyInfo extends DOMStructure implements KeyInfo {
        return id;
    }

-    public List getContent() {
+    public List<XMLStructure> getContent() {
        return keyInfoTypes;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMKeyInfoFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
@@ -48,11 +48,12 @@ public final class DOMKeyInfoFactory extends KeyInfoFactory {

    public DOMKeyInfoFactory() { }

+    @SuppressWarnings("rawtypes")
    public KeyInfo newKeyInfo(List content) {
        return newKeyInfo(content, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public KeyInfo newKeyInfo(List content, String id) {
        return new DOMKeyInfo(content, id);
    }
@@ -78,12 +79,12 @@ public final class DOMKeyInfoFactory extends KeyInfoFactory {
        return newPGPData(keyId, null, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public PGPData newPGPData(byte[] keyId, byte[] keyPacket, List other) {
        return new DOMPGPData(keyId, keyPacket, other);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public PGPData newPGPData(byte[] keyPacket, List other) {
        return new DOMPGPData(keyPacket, other);
    }
@@ -92,7 +93,7 @@ public final class DOMKeyInfoFactory extends KeyInfoFactory {
        return newRetrievalMethod(uri, null, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public RetrievalMethod newRetrievalMethod(String uri, String type,
        List transforms) {
        if (uri == null) {
@@ -101,7 +102,7 @@ public final class DOMKeyInfoFactory extends KeyInfoFactory {
        return new DOMRetrievalMethod(uri, type, transforms);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
    public X509Data newX509Data(List content) {
        return new DOMX509Data(content);
    }

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMKeyValue.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -364,15 +364,16 @@ public abstract class DOMKeyValue extends DOMStructure implements KeyValue {
        }

        void getMethods() throws ClassNotFoundException, NoSuchMethodException {
-            Class c  = Class.forName("sun.security.ec.ECParameters");
-            Class[] params = new Class[] { ECPoint.class, EllipticCurve.class };
+            Class<?> c  = Class.forName("sun.security.ec.ECParameters");
+            Class<?>[] params = new Class<?>[] { ECPoint.class,
+                                                 EllipticCurve.class };
            encodePoint = c.getMethod("encodePoint", params);
-            params = new Class[] { ECParameterSpec.class };
+            params = new Class<?>[] { ECParameterSpec.class };
            getCurveName = c.getMethod("getCurveName", params);
-            params = new Class[] { byte[].class, EllipticCurve.class };
+            params = new Class<?>[] { byte[].class, EllipticCurve.class };
            decodePoint = c.getMethod("decodePoint", params);
            c  = Class.forName("sun.security.ec.NamedCurve");
-            params = new Class[] { String.class };
+            params = new Class<?>[] { String.class };
            getECParameterSpec = c.getMethod("getECParameterSpec", params);
        }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java
@@ -128,7 +128,12 @@ public final class DOMManifest extends DOMStructure implements Manifest {
        return id;
    }

-    public List getReferences() {
+    @SuppressWarnings("unchecked")
+    static List<Reference> getManifestReferences(Manifest mf) {
+        return mf.getReferences();
+    }
+
+    public List<Reference> getReferences() {
        return references;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMPGPData.java 1203846 2011-11-18 21:18:17Z mullan $
@@ -184,7 +184,7 @@ public final class DOMPGPData extends DOMStructure implements PGPData {
        return (keyPacket == null ? null : (byte[])keyPacket.clone());
    }

-    public List getExternalElements() {
+    public List<XMLStructure> getExternalElements() {
        return externalElements;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
@@ -288,7 +288,7 @@ public final class DOMReference extends DOMStructure
        return type;
    }

-    public List getTransforms() {
+    public List<Transform> getTransforms() {
        return Collections.unmodifiableList(allTransforms);
    }

@@ -638,7 +638,7 @@ public final class DOMReference extends DOMStructure
                try {
                    final Set<Node> s = xsi.getNodeSet();
                    return new NodeSetData() {
-                        public Iterator iterator() { return s.iterator(); }
+                        public Iterator<Node> iterator() { return s.iterator(); }
                    };
                } catch (Exception e) {
                    // log a warning

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
@@ -178,7 +178,7 @@ public final class DOMRetrievalMethod extends DOMStructure
        return type;
    }

-    public List getTransforms() {
+    public List<Transform> getTransforms() {
        return transforms;
    }

@@ -247,7 +247,7 @@ public final class DOMRetrievalMethod extends DOMStructure
        if ((data instanceof NodeSetData) && Utils.secureValidation(context)
            && Policy.restrictRetrievalMethodLoops()) {
            NodeSetData nsd = (NodeSetData)data;
-            Iterator i = nsd.iterator();
+            Iterator<?> i = nsd.iterator();
            if (i.hasNext()) {
                Node root = (Node)i.next();
                if ("RetrievalMethod".equals(root.getLocalName())) {

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMSignatureProperties.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -125,7 +125,7 @@ public final class DOMSignatureProperties extends DOMStructure
        }
    }

-    public List getProperties() {
+    public List<SignatureProperty> getProperties() {
        return properties;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMSignatureProperty.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -123,7 +123,7 @@ public final class DOMSignatureProperty extends DOMStructure
        }
    }

-    public List getContent() {
+    public List<XMLStructure> getContent() {
        return content;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
@@ -193,7 +193,7 @@ public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
        return id;
    }

-    public List getReferences() {
+    public List<Reference> getReferences() {
        return references;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id$
@@ -54,7 +54,7 @@ public class DOMSubTreeData implements NodeSetData {
        this.excludeComments = excludeComments;
    }

-    public Iterator iterator() {
+    public Iterator<Node> iterator() {
        return new DelayedNodeIterator(root, excludeComments);
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMX509Data.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -135,7 +135,7 @@ public final class DOMX509Data extends DOMStructure implements X509Data {
        this.content = Collections.unmodifiableList(content);
    }

-    public List getContent() {
+    public List<Object> getContent() {
        return content;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMXMLObject.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -139,7 +139,7 @@ public final class DOMXMLObject extends DOMStructure implements XMLObject {
        this.objectElem = objElem;
    }

-    public List getContent() {
+    public List<XMLStructure> getContent() {
        return content;
    }


--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * ===========================================================================
@@ -188,7 +188,7 @@ public final class DOMXMLSignature extends DOMStructure
        return si;
    }

-    public List getObjects() {
+    public List<XMLObject> getObjects() {
        return objects;
    }

@@ -471,7 +471,8 @@ public final class DOMXMLSignature extends DOMStructure
                    digestReference((DOMReference)xs, signContext);
                } else if (xs instanceof Manifest) {
                    Manifest man = (Manifest)xs;
-                    List manRefs = man.getReferences();
+                    List<Reference> manRefs =
+                        DOMManifest.getManifestReferences(man);
                    for (int i = 0, size = manRefs.size(); i < size; i++) {
                        digestReference((DOMReference)manRefs.get(i),
                                        signContext);

--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
@@ -58,7 +58,7 @@ public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
        return new DOMXMLSignature(si, ki, null, null, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki,
        List objects, String id, String signatureValueId) {
        return new DOMXMLSignature(si, ki, objects, id, signatureValueId);
@@ -68,13 +68,13 @@ public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
        return newReference(uri, dm, null, null, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public Reference newReference(String uri, DigestMethod dm, List transforms,
        String type, String id) {
        return new DOMReference(uri, type, dm, transforms, id, getProvider());
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public Reference newReference(String uri, DigestMethod dm,
        List appliedTransforms, Data result, List transforms, String type,
        String id) {
@@ -91,7 +91,7 @@ public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
            (uri, type, dm, appliedTransforms, result, transforms, id, getProvider());
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public Reference newReference(String uri, DigestMethod dm, List transforms,
        String type, String id, byte[] digestValue) {
        if (digestValue == null) {
@@ -101,41 +101,41 @@ public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
            (uri, type, dm, null, null, transforms, id, digestValue, getProvider());
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
    public SignedInfo newSignedInfo(CanonicalizationMethod cm,
        SignatureMethod sm, List references) {
        return newSignedInfo(cm, sm, references, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public SignedInfo newSignedInfo(CanonicalizationMethod cm,
        SignatureMethod sm, List references, String id) {
        return new DOMSignedInfo(cm, sm, references, id);
    }

    // Object factory methods
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public XMLObject newXMLObject(List content, String id, String mimeType,
        String encoding) {
        return new DOMXMLObject(content, id, mimeType, encoding);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
    public Manifest newManifest(List references) {
        return newManifest(references, null);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public Manifest newManifest(List references, String id) {
        return new DOMManifest(references, id);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public SignatureProperties newSignatureProperties(List props, String id) {
        return new DOMSignatureProperties(props, id);
    }

-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
    public SignatureProperty newSignatureProperty
        (List info, String target, String id) {
        return new DOMSignatureProperty(info, target, id);

--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -773,6 +773,8 @@ final class P11KeyStore extends KeyStoreSpi {
            }
            if (debug != null) {
                dumpTokenMap();
+                debug.println("P11KeyStore load. Entry count: " +
+                        aliasMap.size());
            }
        } catch (KeyStoreException | PKCS11Exception e) {
            throw new IOException("load failed", e);

--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -2152,18 +2152,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        }

        if (debug != null) {
-            if (privateKeyCount > 0) {
-                debug.println("Loaded " + privateKeyCount +
-                    " protected private key(s)");
-            }
-            if (secretKeyCount > 0) {
-                debug.println("Loaded " + secretKeyCount +
-                    " protected secret key(s)");
-            }
-            if (certificateCount > 0) {
-                debug.println("Loaded " + certificateCount +
-                    " certificate(s)");
-            }
+            debug.println("PKCS12KeyStore load: private key count: " +
+                    privateKeyCount + ". secret key count: " + secretKeyCount +
+                    ". certificate count: " + certificateCount);
        }

        certEntries.clear();

--- a/src/share/classes/sun/security/provider/JavaKeyStore.java
+++ b/src/share/classes/sun/security/provider/JavaKeyStore.java
 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import java.util.*;
 import sun.misc.IOUtils;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.pkcs12.PKCS12KeyStore;
+import sun.security.util.Debug;

 /**
 * This class provides the keystore implementation referred to as "JKS".
@@ -73,6 +74,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
        }
    }

+    private static final Debug debug = Debug.getInstance("keystore");
    private static final int MAGIC = 0xfeedfeed;
    private static final int VERSION_1 = 0x01;
    private static final int VERSION_2 = 0x02;
@@ -642,6 +644,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
            Hashtable<String, CertificateFactory> cfs = null;
            ByteArrayInputStream bais = null;
            byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0;

            if (stream == null)
                return;
@@ -680,7 +683,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                tag = dis.readInt();

                if (tag == 1) { // private key entry
-
+                    privateKeyCount++;
                    KeyEntry entry = new KeyEntry();

                    // Read the alias
@@ -729,7 +732,7 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                    entries.put(alias, entry);

                } else if (tag == 2) { // trusted certificate entry
-
+                    trustedKeyCount++;
                    TrustedCertEntry entry = new TrustedCertEntry();

                    // Read the alias
@@ -764,10 +767,16 @@ abstract class JavaKeyStore extends KeyStoreSpi {
                    entries.put(alias, entry);

                } else {
-                    throw new IOException("Unrecognized keystore entry");
+                    throw new IOException("Unrecognized keystore entry: " +
+                            tag);
                }
            }

+            if (debug != null) {
+                debug.println("JavaKeyStore load: private key count: " +
+                    privateKeyCount + ". trusted key count: " + trustedKeyCount);
+            }
+
            /*
             * If a password has been provided, we check the keyed digest
             * at the end. If this check fails, the store has been tampered

--- a/src/windows/classes/sun/security/mscapi/KeyStore.java
+++ b/src/windows/classes/sun/security/mscapi/KeyStore.java
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@ import java.util.*;

 import sun.security.action.GetPropertyAction;

+import sun.security.util.Debug;
+
 /**
 * Implementation of key store for Windows using the Microsoft Crypto API.
 *
@@ -186,6 +188,7 @@ abstract class KeyStore extends KeyStoreSpi {
    private static final String KEYSTORE_COMPATIBILITY_MODE_PROP =
        "sun.security.mscapi.keyStoreCompatibilityMode";
    private final boolean keyStoreCompatibilityMode;
+    private static final Debug debug = Debug.getInstance("keystore");

    /*
     * The keystore entries.
@@ -728,6 +731,11 @@ abstract class KeyStore extends KeyStoreSpi {
        } catch (KeyStoreException e) {
            throw new IOException(e);
        }
+
+        if (debug != null) {
+            debug.println("MSCAPI keystore load: entry count: " +
+                    entries.size());
+        }
    }

    /**