Using a java.security.KeyStore results in a memory leak. The last created instance of KeyStore cannot be garbage collected because it is referenced from org.apache.harmony.security.fortress.Engine.
If a new KeyStore instance is created, java.security.KeyStore uses a static Engine instance to create the instance of the class that implements KeyStoreSpi. The reference to this instance is stored in Engine.spi. With the spi reference a new KeyStore instance is created:
new KeyStore((KeyStoreSpi) engine.spi, engine.provider, type);
The engine.spi value is not set to null after the KeyStore is creayed and because Engine is static, the reference to the KeyStoreSpi instance from Engine keeps the KeyStoreSpi instance from being garbage collected. Only if a new KeyStore instance is created will the previous KeyStore be garbage collected.
This is problemetic in cases when the last loaded KeyStoreSpi instance is large (for example a PFX file containing a large number of certificates and keys).
I temporary workaround is to create a new empty KeyStore instance after a large KeyStore was created because now only the small KeyStore gets locked in memory and not the large one.