01 for keytool enhancements
diff --git a/src/share/classes/sun/security/tools/KeyTool.java b/src/share/classes/sun/security/tools/KeyTool.java
--- a/src/share/classes/sun/security/tools/KeyTool.java
+++ b/src/share/classes/sun/security/tools/KeyTool.java
@@ -1901,7 +1901,24 @@
}
}
PKCS10 req = new PKCS10(new BASE64Decoder().decodeBuffer(new String(sb)));
- out.println(req.toString());
+
+ PublicKey pkey = req.getSubjectPublicKeyInfo();
+ out.printf(rb.getString("PKCS #10 Certificate Request (Version 1.0)\n" +
+ "Subject: %s\nPublic Key: %s format %s key\n"),
+ req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
+ for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
+ ObjectIdentifier oid = attr.getAttributeId();
+ if (oid.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
+ printExtensions(rb.getString("Extension Request:"), exts, out);
+ } else {
+ out.println(attr.getAttributeId());
+ out.println(attr.getAttributeValue());
+ }
+ }
+ if (debug) {
+ out.println(req); // Just to see more, say, public key length...
+ }
}
/**
@@ -2471,50 +2488,40 @@
};
out.println(form.format(source));
- int extnum = 0;
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
- if (cert.getCriticalExtensionOIDs() != null) {
- for (String extOID : cert.getCriticalExtensionOIDs()) {
- if (extnum == 0) {
- out.println();
- out.println(rb.getString("Extensions: "));
- out.println();
- }
- Extension ext = impl.getExtension(new ObjectIdentifier(extOID));
- out.print("#"+(++extnum)+": "+ ext);
- // The base class Extension prints out only a header
- // with no value. These codes cannot be added into
- // Extension.toString() since the method is called by
- // all its children.
- if (ext.getClass() == Extension.class) {
- new sun.misc.HexDumpEncoder().encode(ext.getExtensionValue(), out);
- out.println();
- }
+ X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME
+ + "." +
+ X509CertImpl.INFO);
+ CertificateExtensions exts = (CertificateExtensions)
+ certInfo.get(X509CertInfo.EXTENSIONS);
+ printExtensions(rb.getString("Extensions: "), exts, out);
+ }
+ }
+
+ private static void printExtensions(String title, CertificateExtensions exts, PrintStream out)
+ throws Exception {
+ int extnum = 0;
+ Iterator<Extension> i1 = exts.getAllExtensions().iterator();
+ Iterator<Extension> i2 = exts.getUnparseableExtensions().values().iterator();
+ while (i1.hasNext() || i2.hasNext()) {
+ Extension ext = i1.hasNext()?i1.next():i2.next();
+ if (extnum == 0) {
+ out.println();
+ out.println(title);
+ out.println();
+ }
+ out.print("#"+(++extnum)+": "+ ext);
+ if (ext.getClass() == Extension.class) {
+ byte[] v = ext.getExtensionValue();
+ if (v.length == 0) {
+ out.println(rb.getString("(Empty value)"));
+ } else {
+ new sun.misc.HexDumpEncoder().encode(ext.getExtensionValue(), out);
out.println();
}
}
- if (cert.getNonCriticalExtensionOIDs() != null) {
- for (String extOID : cert.getNonCriticalExtensionOIDs()) {
- if (extnum == 0) {
- out.println();
- out.println(rb.getString("Extensions: "));
- out.println();
- }
- Extension ext = impl.getExtension(new ObjectIdentifier(extOID));
- if (ext != null) {
- out.print("#"+(++extnum)+": "+ ext);
- if (ext.getClass() == Extension.class) {
- new sun.misc.HexDumpEncoder().encode(ext.getExtensionValue(), out);
- out.println();
- }
- out.println();
- } else {
- out.println("#"+(++extnum)+": "+
- impl.getUnparseableExtension(new ObjectIdentifier(extOID)));
- }
- }
- }
+ out.println();
}
}
@@ -3731,7 +3738,7 @@
System.err.println(rb.getString
("\t [-startdate <startdate>]"));
System.err.println(rb.getString
- ("\t [-ext <ext>]..."));
+ ("\t [-ext key[:critical][=value]]..."));
System.err.println(rb.getString
("\t [-validity <valDays>] [-keypass <keypass>]"));
System.err.println(rb.getString
@@ -3755,7 +3762,7 @@
System.err.println(rb.getString
("\t [-startdate <startdate>]"));
System.err.println(rb.getString
- ("\t [-ext <ext>]..."));
+ ("\t [-ext key[:critical][=value]]..."));
System.err.println(rb.getString
("\t [-validity <valDays>] [-keypass <keypass>]"));
System.err.println(rb.getString
diff --git a/src/share/classes/sun/security/util/Resources.java b/src/share/classes/sun/security/util/Resources.java
--- a/src/share/classes/sun/security/util/Resources.java
+++ b/src/share/classes/sun/security/util/Resources.java
@@ -282,6 +282,12 @@
{"keytool usage:\n", "keytool usage:\n"},
{"Extensions: ", "Extensions: "},
+ {"(Empty value)", "(Empty value)"},
+ {"Extension Request:", "Extension Request:"},
+ {"PKCS #10 Certificate Request (Version 1.0)\n" +
+ "Subject: %s\nPublic Key: %s format %s key\n",
+ "PKCS #10 Certificate Request (Version 1.0)\n" +
+ "Subject: %s\nPublic Key: %s format %s key\n"},
{"Unknown keyUsage type: ", "Unknown keyUsage type: "},
{"Unknown extendedkeyUsage type: ", "Unknown extendedkeyUsage type: "},
{"Unknown AccessDescription type: ", "Unknown AccessDescription type: "},
@@ -337,7 +343,7 @@
"\t [-infile <infile>] [-outfile <outfile>]"},
{"\t [-sigalg <sigalg>]",
"\t [-sigalg <sigalg>]"},
- {"\t [-ext <ext>]...", "\t [-ext <ext>]..."},
+ {"\t [-ext key[:critical][=value]]...", "\t [-ext key[:critical][=value]]..."},
{"-genseckey [-v] [-protected]",
"-genseckey [-v] [-protected]"},
diff --git a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
--- a/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
+++ b/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
@@ -47,7 +47,7 @@
* included in end entity or CA certificates. Conforming CAs MUST mark
* this extension as non-critical.
* <p>
- * This extension is defined in <a href="http://www.ietf.org/rfc/rfc5280.txt">
+ * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
* Internet X.509 PKI Certificate and Certificate Revocation List
* (CRL) Profile</a>. The profile permits
* the extension to be included in end-entity or CA certificates,
diff --git a/test/sun/security/tools/keytool/KeyToolTest.java b/test/sun/security/tools/keytool/KeyToolTest.java
--- a/test/sun/security/tools/keytool/KeyToolTest.java
+++ b/test/sun/security/tools/keytool/KeyToolTest.java
@@ -59,6 +59,8 @@
import sun.security.tools.KeyTool;
import sun.security.x509.*;
import java.io.*;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
import java.util.*;
import java.security.cert.X509Certificate;
import sun.security.util.ObjectIdentifier;
@@ -837,10 +839,11 @@
remove("mykey.cert");
}
- void v3extTest() throws Exception {
+ void v3extTest(String keyAlg) throws Exception {
KeyStore ks;
remove("x.jks");
- String pre = "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=Olala -noprompt -alias ";
+ String simple = "-keystore x.jks -storepass changeit -keypass changeit -noprompt -keyalg " + keyAlg + " ";
+ String pre = simple + "-genkeypair -dname CN=Olala -alias ";
// Version and SKID
testOK("", pre + "o1");
@@ -1136,7 +1139,6 @@
coid.check(ks, "oid12", "1.2.4", new byte[]{1,2,3});
// honored
- String simple = "-keystore x.jks -storepass changeit -keypass changeit -noprompt ";
testOK("", pre+"ca");
testOK("", pre+"a");
// request: BC,KU,1.2.3,1.2.4,1.2.5
@@ -1284,7 +1286,14 @@
t.sqeTest();
t.testAll();
t.i18nTest();
- t.v3extTest();
+ t.v3extTest("RSA");
+ t.v3extTest("DSA");
+ try {
+ KeyPairGenerator.getInstance("EC");
+ t.v3extTest("EC");
+ } catch (NoSuchAlgorithmException nae) {
+ // OK
+ }
}
if (System.getProperty("nss") != null) {