RFR: 8373690: Unexpected Keystore message using jdk.crypto.disabledAlgorithms
Sean Mullan
mullan at openjdk.org
Wed Feb 11 15:58:03 UTC 2026
On Fri, 6 Feb 2026 23:12:49 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> This PR changes the `KeyStore.getInstance(File, ...) method` to use a different exception message when the keystore type is found but disabled through the "jdk.crypto.disabledAlgorithms" property.
>
> Thanks in advance for the review~
> Valerie
src/java.base/share/classes/java/security/KeyStore.java line 1869:
> 1867: break;
> 1868: } else {
> 1869: possibleMatch = ksAlgo;
If we get this far, then I think it is a definite match, and not a possible match, because the implProbe method has passed and the KeyStore ctor on line 1866 does not throw any exceptions. So I would remove the "Possible" word from the exception message and also break out of the loop here.
src/java.base/share/classes/java/security/KeyStore.java line 1906:
> 1904: throw new KeyStoreException("Possible keystore format " +
> 1905: possibleMatch +
> 1906: " disabled by jce.crypto.disabledAlgrithms property");
s/jce/jdk/
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29619#discussion_r2794068054
PR Review Comment: https://git.openjdk.org/jdk/pull/29619#discussion_r2794054541
More information about the security-dev
mailing list