6780416: New keytool commands/options: -gencert, -printcertreq, -ext

Reviewed-by: xuelei, mullan

6780416: New keytool commands/options: -gencert, -printcertreq, -ext
Reviewed-by: xuelei, mullan
1f1d9af5 · weijun · 19e17164 · 1f1d9af5 · 1f1d9af5 · 1f1d9af5
13 changed file
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java
--- a/jdk/src/share/classes/sun/security/util/Resources.java
+++ b/jdk/src/share/classes/sun/security/util/Resources.java
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,7 @@ public class Resources extends java.util.ListResourceBundle {
        // keytool
        {"keytool error: ", "keytool error: "},
        {"Illegal option:  ", "Illegal option:  "},
+        {"Illegal value: ", "Illegal value: "},
        {"Try keytool -help","Try keytool -help"},
        {"Command option <flag> needs an argument.", "Command option {0} needs an argument."},
        {"Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified <command> value.",
@@ -281,6 +282,20 @@ public class Resources extends java.util.ListResourceBundle {
        {"keytool usage:\n", "keytool usage:\n"},

        {"Extensions: ", "Extensions: "},
+        {"(Empty value)", "(Empty value)"},
+        {"Extension Request:", "Extension Request:"},
+        {"PKCS #10 Certificate Request (Version 1.0)\n" +
+                "Subject: %s\nPublic Key: %s format %s key\n",
+                "PKCS #10 Certificate Request (Version 1.0)\n" +
+                "Subject: %s\nPublic Key: %s format %s key\n"},
+        {"Unknown keyUsage type: ", "Unknown keyUsage type: "},
+        {"Unknown extendedkeyUsage type: ", "Unknown extendedkeyUsage type: "},
+        {"Unknown AccessDescription type: ", "Unknown AccessDescription type: "},
+        {"Unrecognized GeneralName type: ", "Unrecognized GeneralName type: "},
+        {"This extension cannot be marked as critical. ",
+                 "This extension cannot be marked as critical. "},
+        {"Odd number of hex digits found: ", "Odd number of hex digits found: "},
+        {"command {0} is ambiguous:", "command {0} is ambiguous:"},

        {"-certreq     [-v] [-protected]",
                "-certreq     [-v] [-protected]"},
@@ -322,6 +337,14 @@ public class Resources extends java.util.ListResourceBundle {
        {"\t     [-validity <valDays>] [-keypass <keypass>]",
                "\t     [-validity <valDays>] [-keypass <keypass>]"},
        /** rest is same as -certreq starting from -keystore **/
+        {"-gencert     [-v] [-rfc] [-protected]",
+                "-gencert     [-v] [-rfc] [-protected]"},
+        {"\t     [-infile <infile>] [-outfile <outfile>]",
+                 "\t     [-infile <infile>] [-outfile <outfile>]"},
+        {"\t     [-sigalg <sigalg>]",
+                "\t     [-sigalg <sigalg>]"},
+        {"\t     [-ext <key>[:critical][=<value>]]...",
+                "\t     [-ext <key>[:critical][=<value>]]..."},

        {"-genseckey   [-v] [-protected]",
                "-genseckey   [-v] [-protected]"},
@@ -388,6 +411,8 @@ public class Resources extends java.util.ListResourceBundle {

        {"-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]",
                "-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"},
+        {"-printcertreq   [-v] [-file <cert_file>]",
+                 "-printcertreq   [-v] [-file <cert_file>]"},
        {"No certificate from the SSL server",
                "No certificate from the SSL server"},


--- a/jdk/src/share/classes/sun/security/x509/AccessDescription.java
+++ b/jdk/src/share/classes/sun/security/x509/AccessDescription.java
 /*
- * Copyright 2003-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -48,6 +48,17 @@ public final class AccessDescription {
    public static final ObjectIdentifier Ad_CAISSUERS_Id =
        ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 2});

+    public static final ObjectIdentifier Ad_TIMESTAMPING_Id =
+        ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 3});
+
+    public static final ObjectIdentifier Ad_CAREPOSITORY_Id =
+        ObjectIdentifier.newInternal(new int[] {1, 3, 6, 1, 5, 5, 7, 48, 5});
+
+    public AccessDescription(ObjectIdentifier accessMethod, GeneralName accessLocation) {
+        this.accessMethod = accessMethod;
+        this.accessLocation = accessLocation;
+    }
+
    public AccessDescription(DerValue derValue) throws IOException {
        DerInputStream derIn = derValue.getData();
        accessMethod = derIn.getOID();
@@ -90,7 +101,19 @@ public final class AccessDescription {
    }

    public String toString() {
-        return ("accessMethod: " + accessMethod.toString() +
-                "\n   accessLocation: " + accessLocation.toString());
+        String method = null;
+        if (accessMethod.equals(Ad_CAISSUERS_Id)) {
+            method = "caIssuers";
+        } else if (accessMethod.equals(Ad_CAREPOSITORY_Id)) {
+            method = "caRepository";
+        } else if (accessMethod.equals(Ad_TIMESTAMPING_Id)) {
+            method = "timeStamping";
+        } else if (accessMethod.equals(Ad_OCSP_Id)) {
+            method = "ocsp";
+        } else {
+            method = accessMethod.toString();
+        }
+        return ("accessMethod: " + method +
+                "\n   accessLocation: " + accessLocation.toString() + "\n");
    }
 }
--- a/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
+++ b/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
@@ -43,8 +43,9 @@ import sun.security.util.DerValue;
 * certificate that identifies the specific OCSP Responder to use when
 * performing on-line validation of that certificate.
 * <p>
- * This extension is defined in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile</a>. The profile permits
+ * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * Internet X.509 PKI Certificate and Certificate Revocation List
+ * (CRL) Profile</a>. The profile permits
 * the extension to be included in end-entity or CA certificates,
 * and it must be marked as non-critical. Its ASN.1 definition is as follows:
 * <pre>

--- a/jdk/src/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java
+++ b/jdk/src/share/classes/sun/security/x509/AuthorityKeyIdentifierExtension.java
 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -198,7 +198,7 @@ implements CertAttrSet<String> {
    public String toString() {
        String s = super.toString() + "AuthorityKeyIdentifier [\n";
        if (id != null) {
-            s += id.toString() + "\n";
+            s += id.toString();     // id already has a newline
        }
        if (names != null) {
            s += names.toString() + "\n";

--- a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java
+++ b/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java
 /*
- * Copyright 1996-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -276,12 +276,6 @@ public final class CertAndKeyGen {
            info.set(X509CertInfo.ISSUER,
                     new CertificateIssuerName(issuer.getSigner()));

-            CertificateExtensions ext = new CertificateExtensions();
-                ext.set(SubjectKeyIdentifierExtension.NAME,
-                        new SubjectKeyIdentifierExtension(
-                            new KeyIdentifier(publicKey).getIdentifier()));
-            info.set(X509CertInfo.EXTENSIONS, ext);
-
            cert = new X509CertImpl(info);
            cert.sign(privateKey, this.sigAlg);


--- a/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java
+++ b/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java
 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -231,6 +231,15 @@ public class CertificateExtensions implements CertAttrSet<Extension> {
        map.remove(name);
    }

+    public String getNameByOid(ObjectIdentifier oid) throws IOException {
+        for (String name: map.keySet()) {
+            if (map.get(name).getExtensionId().equals(oid)) {
+                return name;
+            }
+        }
+        return null;
+    }
+
    /**
     * Return an enumeration of names of attributes existing within this
     * attribute.

--- a/jdk/src/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java
+++ b/jdk/src/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java
 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -89,6 +89,22 @@ extends Extension implements CertAttrSet<String> {
        encodeThis();
    }

+    /**
+     * Create a IssuerAlternativeNameExtension with the passed criticality
+     * and GeneralNames.
+     *
+     * @param critical true if the extension is to be treated as critical.
+     * @param names the GeneralNames for the issuer.
+     * @exception IOException on error.
+     */
+    public IssuerAlternativeNameExtension(Boolean critical, GeneralNames names)
+    throws IOException {
+        this.names = names;
+        this.extensionId = PKIXExtensions.IssuerAlternativeName_Id;
+        this.critical = critical.booleanValue();
+        encodeThis();
+    }
+
    /**
     * Create a default IssuerAlternativeNameExtension.
     */

--- a/jdk/src/share/classes/sun/security/x509/OIDMap.java
+++ b/jdk/src/share/classes/sun/security/x509/OIDMap.java
 /*
- * Copyright 1997-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -90,6 +90,8 @@ public class OIDMap {

    private static final String CERT_ISSUER = ROOT + "." +
                                        CertificateIssuerExtension.NAME;
+    private static final String SUBJECT_INFO_ACCESS = ROOT + "." +
+                                          SubjectInfoAccessExtension.NAME;
    private static final String AUTH_INFO_ACCESS = ROOT + "." +
                                          AuthorityInfoAccessExtension.NAME;
    private static final String ISSUING_DIST_POINT = ROOT + "." +
@@ -148,6 +150,8 @@ public class OIDMap {
                    "sun.security.x509.CRLDistributionPointsExtension");
        addInternal(CERT_ISSUER, PKIXExtensions.CertificateIssuer_Id,
                    "sun.security.x509.CertificateIssuerExtension");
+        addInternal(SUBJECT_INFO_ACCESS, PKIXExtensions.SubjectInfoAccess_Id,
+                    "sun.security.x509.SubjectInfoAccessExtension");
        addInternal(AUTH_INFO_ACCESS, PKIXExtensions.AuthInfoAccess_Id,
                    "sun.security.x509.AuthorityInfoAccessExtension");
        addInternal(ISSUING_DIST_POINT,

--- a/jdk/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
+++ b/jdk/src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.security.x509;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import java.util.*;
+
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+/**
+ * The Subject Information Access Extension (OID = 1.3.6.1.5.5.7.1.11).
+ * <p>
+ * The subject information access extension indicates how to access
+ * information and services for the subject of the certificate in which
+ * the extension appears.  When the subject is a CA, information and
+ * services may include certificate validation services and CA policy
+ * data.  When the subject is an end entity, the information describes
+ * the type of services offered and how to access them.  In this case,
+ * the contents of this extension are defined in the protocol
+ * specifications for the supported services.  This extension may be
+ * included in end entity or CA certificates.  Conforming CAs MUST mark
+ * this extension as non-critical.
+ * <p>
+ * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * Internet X.509 PKI Certificate and Certificate Revocation List
+ * (CRL) Profile</a>. The profile permits
+ * the extension to be included in end-entity or CA certificates,
+ * and it must be marked as non-critical. Its ASN.1 definition is as follows:
+ * <pre>
+ *   id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+ *
+ *   SubjectInfoAccessSyntax  ::=
+ *          SEQUENCE SIZE (1..MAX) OF AccessDescription
+ *
+ *   AccessDescription  ::=  SEQUENCE {
+ *          accessMethod          OBJECT IDENTIFIER,
+ *          accessLocation        GeneralName  }
+ * </pre>
+ * <p>
+ * @see Extension
+ * @see CertAttrSet
+ */
+
+public class SubjectInfoAccessExtension extends Extension
+        implements CertAttrSet<String> {
+
+    /**
+     * Identifier for this attribute, to be used with the
+     * get, set, delete methods of Certificate, x509 type.
+     */
+    public static final String IDENT =
+                                "x509.info.extensions.SubjectInfoAccess";
+
+    /**
+     * Attribute name.
+     */
+    public static final String NAME = "SubjectInfoAccess";
+    public static final String DESCRIPTIONS = "descriptions";
+
+    /**
+     * The List of AccessDescription objects.
+     */
+    private List<AccessDescription> accessDescriptions;
+
+    /**
+     * Create an SubjectInfoAccessExtension from a List of
+     * AccessDescription; the criticality is set to false.
+     *
+     * @param accessDescriptions the List of AccessDescription
+     * @throws IOException on error
+     */
+    public SubjectInfoAccessExtension(
+            List<AccessDescription> accessDescriptions) throws IOException {
+        this.extensionId = PKIXExtensions.SubjectInfoAccess_Id;
+        this.critical = false;
+        this.accessDescriptions = accessDescriptions;
+        encodeThis();
+    }
+
+    /**
+     * Create the extension from the passed DER encoded value of the same.
+     *
+     * @param critical true if the extension is to be treated as critical.
+     * @param value Array of DER encoded bytes of the actual value.
+     * @exception IOException on error.
+     */
+    public SubjectInfoAccessExtension(Boolean critical, Object value)
+            throws IOException {
+        this.extensionId = PKIXExtensions.SubjectInfoAccess_Id;
+        this.critical = critical.booleanValue();
+
+        if (!(value instanceof byte[])) {
+            throw new IOException("Illegal argument type");
+        }
+
+        extensionValue = (byte[])value;
+        DerValue val = new DerValue(extensionValue);
+        if (val.tag != DerValue.tag_Sequence) {
+            throw new IOException("Invalid encoding for " +
+                                  "SubjectInfoAccessExtension.");
+        }
+        accessDescriptions = new ArrayList<AccessDescription>();
+        while (val.data.available() != 0) {
+            DerValue seq = val.data.getDerValue();
+            AccessDescription accessDescription = new AccessDescription(seq);
+            accessDescriptions.add(accessDescription);
+        }
+    }
+
+    /**
+     * Return the list of AccessDescription objects.
+     */
+    public List<AccessDescription> getAccessDescriptions() {
+        return accessDescriptions;
+    }
+
+    /**
+     * Return the name of this attribute.
+     */
+    public String getName() {
+        return NAME;
+    }
+
+    /**
+     * Write the extension to the DerOutputStream.
+     *
+     * @param out the DerOutputStream to write the extension to.
+     * @exception IOException on encoding errors.
+     */
+    public void encode(OutputStream out) throws IOException {
+        DerOutputStream tmp = new DerOutputStream();
+        if (this.extensionValue == null) {
+            this.extensionId = PKIXExtensions.SubjectInfoAccess_Id;
+            this.critical = false;
+            encodeThis();
+        }
+        super.encode(tmp);
+        out.write(tmp.toByteArray());
+    }
+
+    /**
+     * Set the attribute value.
+     */
+    public void set(String name, Object obj) throws IOException {
+        if (name.equalsIgnoreCase(DESCRIPTIONS)) {
+            if (!(obj instanceof List)) {
+                throw new IOException("Attribute value should be of type List.");
+            }
+            accessDescriptions = (List<AccessDescription>)obj;
+        } else {
+            throw new IOException("Attribute name [" + name +
+                                "] not recognized by " +
+                                "CertAttrSet:SubjectInfoAccessExtension.");
+        }
+        encodeThis();
+    }
+
+    /**
+     * Get the attribute value.
+     */
+    public Object get(String name) throws IOException {
+        if (name.equalsIgnoreCase(DESCRIPTIONS)) {
+            return accessDescriptions;
+        } else {
+            throw new IOException("Attribute name [" + name +
+                                "] not recognized by " +
+                                "CertAttrSet:SubjectInfoAccessExtension.");
+        }
+    }
+
+    /**
+     * Delete the attribute value.
+     */
+    public void delete(String name) throws IOException {
+        if (name.equalsIgnoreCase(DESCRIPTIONS)) {
+            accessDescriptions = new ArrayList<AccessDescription>();
+        } else {
+            throw new IOException("Attribute name [" + name +
+                                "] not recognized by " +
+                                "CertAttrSet:SubjectInfoAccessExtension.");
+        }
+        encodeThis();
+    }
+
+    /**
+     * Return an enumeration of names of attributes existing within this
+     * attribute.
+     */
+    public Enumeration<String> getElements() {
+        AttributeNameEnumeration elements = new AttributeNameEnumeration();
+        elements.addElement(DESCRIPTIONS);
+        return elements.elements();
+    }
+
+     // Encode this extension value
+    private void encodeThis() throws IOException {
+        if (accessDescriptions.isEmpty()) {
+            this.extensionValue = null;
+        } else {
+            DerOutputStream ads = new DerOutputStream();
+            for (AccessDescription accessDescription : accessDescriptions) {
+                accessDescription.encode(ads);
+            }
+            DerOutputStream seq = new DerOutputStream();
+            seq.write(DerValue.tag_Sequence, ads);
+            this.extensionValue = seq.toByteArray();
+        }
+    }
+
+    /**
+     * Return the extension as user readable string.
+     */
+    public String toString() {
+        return super.toString() + "SubjectInfoAccess [\n  "
+               + accessDescriptions + "\n]\n";
+    }
+
+}
--- a/jdk/test/sun/security/tools/keytool/KeyToolTest.java
+++ b/jdk/test/sun/security/tools/keytool/KeyToolTest.java
--- a/jdk/test/sun/security/tools/keytool/autotest.sh
+++ b/jdk/test/sun/security/tools/keytool/autotest.sh
 #
-# Copyright 2006-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2006-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 # @summary (almost) all keytool behaviors
 # @author Weijun Wang
 #
+# This test is only executed on several platforms
+#
 # set a few environment variables so that the shell-script can run stand-alone
 # in the source directory
 if [ "${TESTSRC}" = "" ] ; then
@@ -88,7 +90,7 @@ cp ${NSS}${FS}db${FS}secmod.db .
 chmod u+w key3.db
 chmod u+w cert8.db

-echo | ${TESTJAVA}${FS}bin${FS}java -Dfile -Dnss \
+echo | ${TESTJAVA}${FS}bin${FS}java -Dnss \
   -Dnss.lib=${NSS}${FS}lib${FS}${PF}${FS}${LIBNAME} \
   KeyToolTest
 status=$?
@@ -99,8 +101,8 @@ rm -f key3.db
 rm -f secmod.db

 rm HumanInputStream*.class
-rm KeyToolTest.class
-rm TestException.class 
+rm KeyToolTest*.class
+rm TestException.class

 exit $status

--- a/jdk/test/sun/security/tools/keytool/standard.sh
+++ b/jdk/test/sun/security/tools/keytool/standard.sh
+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @summary (almost) all keytool behaviors
+# @author Weijun Wang
+#
+# This test is always excecuted.
+#
+# set a few environment variables so that the shell-script can run stand-alone
+# in the source directory
+if [ "${TESTSRC}" = "" ] ; then
+  TESTSRC="."
+fi
+if [ "${TESTCLASSES}" = "" ] ; then
+  TESTCLASSES="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  Windows_* )
+    FS="\\"
+    ;;
+  * )
+    FS="/"
+    ;;
+esac
+
+${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}KeyToolTest.java || exit 10
+
+echo | ${TESTJAVA}${FS}bin${FS}java -Dfile KeyToolTest
+status=$?
+
+rm HumanInputStream*.class
+rm KeyToolTest*.class
+rm TestException.class
+
+exit $status
+