The collections of identical keys are almost always due to hardware devices that generate a key on first boot, before they have any entropy. I doubt the JDK will ever be backdoored given the scrutiny it gets, but using Zulu or compiling OpenJDK yourself is not a bad mitigation if you're worried about it.