The default implementation for KeyStoreSpi.engineSetEntry(String, KeyStore.Entry, KeyStore.ProtectionParameter) ignores the password protection algorithm if it is specified as a parameter in a KeyStore.PasswordProtection object. It extracts the password and calls the older engineSetKeyEntry method that takes a char[] parameter for the password. This causes the underlying KeyStore provider to ignore the specified password protection algorithm and instead use whatever it defaults to.

This method should throw a KeyStoreException if a specific protection algorithm is specified in the PasswordProtection object, since it does not know if the underlying provider supports it, and there is no way to pass it to the underlying provider (the provider must override the engineSetEntry method).