Summary
-------

Upgrade the default algorithms used in PKCS 12 to use a new PBES2-based stronger Mac algorithm. The Crypto roadmap team decided to delay this change for over a year to help interoperability in JDK updates releases where older releases didn't have the new MAC algorithms that we're now using by default. Previous CSR history at JDK-8267701

Problem
-------

PKCS12 is the default keystore format since JDK 9, but we have been using weak Mac algorithm which was the standard of 1990s. 

Solution
--------

Upgrade the algorithm used in certificate integrity protection to the value as described in the specification below.

Specification
-------------

First, make the following change in java.security.

    diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
    index 0d3d3babe8..65c1f0f829 100644
    --- a/src/java.base/share/conf/security/java.security
    +++ b/src/java.base/share/conf/security/java.security
    @@ -1217,12 +1217,12 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
     # The algorithm used to calculate the optional MacData at the end of a PKCS12
     # file. This can be any HmacPBE algorithm defined in the Mac section of the
     # Java Security Standard Algorithm Names Specification. When set to "NONE",
    -# no Mac is generated. The default value is "HmacPBESHA1".
    -#keystore.pkcs12.macAlgorithm = HmacPBESHA1
    +# no Mac is generated. The default value is "HmacPBESHA256".
    +#keystore.pkcs12.macAlgorithm = HmacPBESHA256
     
     # The iteration count used by the MacData algorithm. This value must be a
    -# positive integer. The default value is 100000.
    -#keystore.pkcs12.macIterationCount = 100000
    +# positive integer. The default value is 10000.
    +#keystore.pkcs12.macIterationCount = 10000
     
     #
     # Enhanced exception message information