changeset 13823:c8d8a7db4a76

Merge
author andrew
date Thu, 16 Jan 2020 21:27:55 +0000
parents ca9cd4f2e74f 3acd365354fb
children c470e011a56d
files
diffstat 22 files changed, 108 insertions(+), 72 deletions(-) [+]
line wrap: on
line diff
--- a/src/macosx/classes/apple/security/KeychainStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/macosx/classes/apple/security/KeychainStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -102,6 +102,8 @@
     private static final int iterationCount = 1024;
     private static final int SALT_LEN = 20;
 
+    private static final Debug debug = Debug.getInstance("keystore");
+
     static {
         AccessController.doPrivileged(
             new PrivilegedAction<Void>() {
@@ -771,6 +773,10 @@
 
             entries.clear();
             _scanKeychain();
+            if (debug != null) {
+                debug.println("KeychainStore load entry count: " +
+                        entries.size());
+            }
         }
     }
 
--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import sun.security.util.Debug;
+
 import java.io.*;
 import java.util.*;
 import java.security.AccessController;
@@ -61,6 +63,7 @@
 
 public final class JceKeyStore extends KeyStoreSpi {
 
+    private static final Debug debug = Debug.getInstance("keystore");
     private static final int JCEKS_MAGIC = 0xcececece;
     private static final int JKS_MAGIC = 0xfeedfeed;
     private static final int VERSION_1 = 0x01;
@@ -682,6 +685,7 @@
             Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0;
 
             if (stream == null)
                 return;
@@ -728,7 +732,7 @@
                     tag = dis.readInt();
 
                     if (tag == 1) { // private-key entry
-
+                        privateKeyCount++;
                         PrivateKeyEntry entry = new PrivateKeyEntry();
 
                         // read the alias
@@ -788,7 +792,7 @@
                         entries.put(alias, entry);
 
                     } else if (tag == 2) { // trusted certificate entry
-
+                        trustedKeyCount++;
                         TrustedCertEntry entry = new TrustedCertEntry();
 
                         // read the alias
@@ -827,7 +831,7 @@
                         entries.put(alias, entry);
 
                     } else if (tag == 3) { // secret-key entry
-
+                        secretKeyCount++;
                         SecretKeyEntry entry = new SecretKeyEntry();
 
                         // read the alias
@@ -860,10 +864,18 @@
                         entries.put(alias, entry);
 
                     } else {
-                        throw new IOException("Unrecognized keystore entry");
+                        throw new IOException("Unrecognized keystore entry: " +
+                                tag);
                     }
                 }
 
+                if (debug != null) {
+                    debug.println("JceKeyStore load: private key count: " +
+                        privateKeyCount + ". trusted key count: " +
+                        trustedKeyCount + ". secret key count: " +
+                        secretKeyCount);
+                }
+
                 /*
                  * If a password has been provided, we check the keyed digest
                  * at the end. If this check fails, the store has been tampered
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: ApacheNodeSetData.java 1203890 2011-11-18 22:47:56Z mullan $
@@ -47,7 +47,7 @@
         this.xi = xi;
     }
 
-    public Iterator iterator() {
+    public Iterator<Node> iterator() {
         // If nodefilters are set, must execute them first to create node-set
         if (xi.getNodeFilters() != null && !xi.getNodeFilters().isEmpty()) {
             return Collections.unmodifiableSet
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMKeyInfo.java 1333869 2012-05-04 10:42:44Z coheigea $
@@ -138,7 +138,7 @@
         return id;
     }
 
-    public List getContent() {
+    public List<XMLStructure> getContent() {
         return keyInfoTypes;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMKeyInfoFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
@@ -48,11 +48,12 @@
 
     public DOMKeyInfoFactory() { }
 
+    @SuppressWarnings("rawtypes")
     public KeyInfo newKeyInfo(List content) {
         return newKeyInfo(content, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public KeyInfo newKeyInfo(List content, String id) {
         return new DOMKeyInfo(content, id);
     }
@@ -78,12 +79,12 @@
         return newPGPData(keyId, null, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public PGPData newPGPData(byte[] keyId, byte[] keyPacket, List other) {
         return new DOMPGPData(keyId, keyPacket, other);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public PGPData newPGPData(byte[] keyPacket, List other) {
         return new DOMPGPData(keyPacket, other);
     }
@@ -92,7 +93,7 @@
         return newRetrievalMethod(uri, null, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public RetrievalMethod newRetrievalMethod(String uri, String type,
         List transforms) {
         if (uri == null) {
@@ -101,7 +102,7 @@
         return new DOMRetrievalMethod(uri, type, transforms);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public X509Data newX509Data(List content) {
         return new DOMX509Data(content);
     }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMKeyValue.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -364,15 +364,16 @@
         }
 
         void getMethods() throws ClassNotFoundException, NoSuchMethodException {
-            Class c  = Class.forName("sun.security.ec.ECParameters");
-            Class[] params = new Class[] { ECPoint.class, EllipticCurve.class };
+            Class<?> c  = Class.forName("sun.security.ec.ECParameters");
+            Class<?>[] params = new Class<?>[] { ECPoint.class,
+                                                 EllipticCurve.class };
             encodePoint = c.getMethod("encodePoint", params);
-            params = new Class[] { ECParameterSpec.class };
+            params = new Class<?>[] { ECParameterSpec.class };
             getCurveName = c.getMethod("getCurveName", params);
-            params = new Class[] { byte[].class, EllipticCurve.class };
+            params = new Class<?>[] { byte[].class, EllipticCurve.class };
             decodePoint = c.getMethod("decodePoint", params);
             c  = Class.forName("sun.security.ec.NamedCurve");
-            params = new Class[] { String.class };
+            params = new Class<?>[] { String.class };
             getECParameterSpec = c.getMethod("getECParameterSpec", params);
         }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java	Thu Jan 16 21:27:55 2020 +0000
@@ -128,7 +128,12 @@
         return id;
     }
 
-    public List getReferences() {
+    @SuppressWarnings("unchecked")
+    static List<Reference> getManifestReferences(Manifest mf) {
+        return mf.getReferences();
+    }
+
+    public List<Reference> getReferences() {
         return references;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMPGPData.java 1203846 2011-11-18 21:18:17Z mullan $
@@ -184,7 +184,7 @@
         return (keyPacket == null ? null : (byte[])keyPacket.clone());
     }
 
-    public List getExternalElements() {
+    public List<XMLStructure> getExternalElements() {
         return externalElements;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java	Thu Jan 16 21:27:55 2020 +0000
@@ -288,7 +288,7 @@
         return type;
     }
 
-    public List getTransforms() {
+    public List<Transform> getTransforms() {
         return Collections.unmodifiableList(allTransforms);
     }
 
@@ -638,7 +638,7 @@
                 try {
                     final Set<Node> s = xsi.getNodeSet();
                     return new NodeSetData() {
-                        public Iterator iterator() { return s.iterator(); }
+                        public Iterator<Node> iterator() { return s.iterator(); }
                     };
                 } catch (Exception e) {
                     // log a warning
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java	Thu Jan 16 21:27:55 2020 +0000
@@ -178,7 +178,7 @@
         return type;
     }
 
-    public List getTransforms() {
+    public List<Transform> getTransforms() {
         return transforms;
     }
 
@@ -247,7 +247,7 @@
         if ((data instanceof NodeSetData) && Utils.secureValidation(context)
             && Policy.restrictRetrievalMethodLoops()) {
             NodeSetData nsd = (NodeSetData)data;
-            Iterator i = nsd.iterator();
+            Iterator<?> i = nsd.iterator();
             if (i.hasNext()) {
                 Node root = (Node)i.next();
                 if ("RetrievalMethod".equals(root.getLocalName())) {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMSignatureProperties.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -125,7 +125,7 @@
         }
     }
 
-    public List getProperties() {
+    public List<SignatureProperty> getProperties() {
         return properties;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMSignatureProperty.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -123,7 +123,7 @@
         }
     }
 
-    public List getContent() {
+    public List<XMLStructure> getContent() {
         return content;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java	Thu Jan 16 21:27:55 2020 +0000
@@ -193,7 +193,7 @@
         return id;
     }
 
-    public List getReferences() {
+    public List<Reference> getReferences() {
         return references;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -54,7 +54,7 @@
         this.excludeComments = excludeComments;
     }
 
-    public Iterator iterator() {
+    public Iterator<Node> iterator() {
         return new DelayedNodeIterator(root, excludeComments);
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMX509Data.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -135,7 +135,7 @@
         this.content = Collections.unmodifiableList(content);
     }
 
-    public List getContent() {
+    public List<Object> getContent() {
         return content;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id: DOMXMLObject.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -139,7 +139,7 @@
         this.objectElem = objElem;
     }
 
-    public List getContent() {
+    public List<XMLStructure> getContent() {
         return content;
     }
 
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java	Thu Jan 16 21:27:55 2020 +0000
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -188,7 +188,7 @@
         return si;
     }
 
-    public List getObjects() {
+    public List<XMLObject> getObjects() {
         return objects;
     }
 
@@ -471,7 +471,8 @@
                     digestReference((DOMReference)xs, signContext);
                 } else if (xs instanceof Manifest) {
                     Manifest man = (Manifest)xs;
-                    List manRefs = man.getReferences();
+                    List<Reference> manRefs =
+                        DOMManifest.getManifestReferences(man);
                     for (int i = 0, size = manRefs.size(); i < size; i++) {
                         digestReference((DOMReference)manRefs.get(i),
                                         signContext);
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java	Thu Jan 16 21:27:55 2020 +0000
@@ -58,7 +58,7 @@
         return new DOMXMLSignature(si, ki, null, null, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki,
         List objects, String id, String signatureValueId) {
         return new DOMXMLSignature(si, ki, objects, id, signatureValueId);
@@ -68,13 +68,13 @@
         return newReference(uri, dm, null, null, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public Reference newReference(String uri, DigestMethod dm, List transforms,
         String type, String id) {
         return new DOMReference(uri, type, dm, transforms, id, getProvider());
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public Reference newReference(String uri, DigestMethod dm,
         List appliedTransforms, Data result, List transforms, String type,
         String id) {
@@ -91,7 +91,7 @@
             (uri, type, dm, appliedTransforms, result, transforms, id, getProvider());
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public Reference newReference(String uri, DigestMethod dm, List transforms,
         String type, String id, byte[] digestValue) {
         if (digestValue == null) {
@@ -101,41 +101,41 @@
             (uri, type, dm, null, null, transforms, id, digestValue, getProvider());
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public SignedInfo newSignedInfo(CanonicalizationMethod cm,
         SignatureMethod sm, List references) {
         return newSignedInfo(cm, sm, references, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public SignedInfo newSignedInfo(CanonicalizationMethod cm,
         SignatureMethod sm, List references, String id) {
         return new DOMSignedInfo(cm, sm, references, id);
     }
 
     // Object factory methods
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public XMLObject newXMLObject(List content, String id, String mimeType,
         String encoding) {
         return new DOMXMLObject(content, id, mimeType, encoding);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public Manifest newManifest(List references) {
         return newManifest(references, null);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public Manifest newManifest(List references, String id) {
         return new DOMManifest(references, id);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public SignatureProperties newSignatureProperties(List props, String id) {
         return new DOMSignatureProperties(props, id);
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "rawtypes" })
     public SignatureProperty newSignatureProperty
         (List info, String target, String id) {
         return new DOMSignatureProperty(info, target, id);
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -773,6 +773,8 @@
             }
             if (debug != null) {
                 dumpTokenMap();
+                debug.println("P11KeyStore load. Entry count: " +
+                        aliasMap.size());
             }
         } catch (KeyStoreException | PKCS11Exception e) {
             throw new IOException("load failed", e);
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -2152,18 +2152,9 @@
         }
 
         if (debug != null) {
-            if (privateKeyCount > 0) {
-                debug.println("Loaded " + privateKeyCount +
-                    " protected private key(s)");
-            }
-            if (secretKeyCount > 0) {
-                debug.println("Loaded " + secretKeyCount +
-                    " protected secret key(s)");
-            }
-            if (certificateCount > 0) {
-                debug.println("Loaded " + certificateCount +
-                    " certificate(s)");
-            }
+            debug.println("PKCS12KeyStore load: private key count: " +
+                    privateKeyCount + ". secret key count: " + secretKeyCount +
+                    ". certificate count: " + certificateCount);
         }
 
         certEntries.clear();
--- a/src/share/classes/sun/security/provider/JavaKeyStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/share/classes/sun/security/provider/JavaKeyStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@
 import sun.misc.IOUtils;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.pkcs12.PKCS12KeyStore;
+import sun.security.util.Debug;
 
 /**
  * This class provides the keystore implementation referred to as "JKS".
@@ -73,6 +74,7 @@
         }
     }
 
+    private static final Debug debug = Debug.getInstance("keystore");
     private static final int MAGIC = 0xfeedfeed;
     private static final int VERSION_1 = 0x01;
     private static final int VERSION_2 = 0x02;
@@ -642,6 +644,7 @@
             Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
+            int trustedKeyCount = 0, privateKeyCount = 0;
 
             if (stream == null)
                 return;
@@ -680,7 +683,7 @@
                 tag = dis.readInt();
 
                 if (tag == 1) { // private key entry
-
+                    privateKeyCount++;
                     KeyEntry entry = new KeyEntry();
 
                     // Read the alias
@@ -729,7 +732,7 @@
                     entries.put(alias, entry);
 
                 } else if (tag == 2) { // trusted certificate entry
-
+                    trustedKeyCount++;
                     TrustedCertEntry entry = new TrustedCertEntry();
 
                     // Read the alias
@@ -764,10 +767,16 @@
                     entries.put(alias, entry);
 
                 } else {
-                    throw new IOException("Unrecognized keystore entry");
+                    throw new IOException("Unrecognized keystore entry: " +
+                            tag);
                 }
             }
 
+            if (debug != null) {
+                debug.println("JavaKeyStore load: private key count: " +
+                    privateKeyCount + ". trusted key count: " + trustedKeyCount);
+            }
+
             /*
              * If a password has been provided, we check the keyed digest
              * at the end. If this check fails, the store has been tampered
--- a/src/windows/classes/sun/security/mscapi/KeyStore.java	Thu Jul 18 07:25:17 2019 -0700
+++ b/src/windows/classes/sun/security/mscapi/KeyStore.java	Thu Jan 16 21:27:55 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@
 
 import sun.security.action.GetPropertyAction;
 
+import sun.security.util.Debug;
+
 /**
  * Implementation of key store for Windows using the Microsoft Crypto API.
  *
@@ -186,6 +188,7 @@
     private static final String KEYSTORE_COMPATIBILITY_MODE_PROP =
         "sun.security.mscapi.keyStoreCompatibilityMode";
     private final boolean keyStoreCompatibilityMode;
+    private static final Debug debug = Debug.getInstance("keystore");
 
     /*
      * The keystore entries.
@@ -728,6 +731,11 @@
         } catch (KeyStoreException e) {
             throw new IOException(e);
         }
+
+        if (debug != null) {
+            debug.println("MSCAPI keystore load: entry count: " +
+                    entries.size());
+        }
     }
 
     /**