6324292: keytool -help is unhelpful

Reviewed-by: xuelei, mullan

6324292: keytool -help is unhelpful
Reviewed-by: xuelei, mullan
8864bc3c · weijun · 33a0c720 · 8864bc3c · 8864bc3c · 8864bc3c
3 changed file
--- a/src/share/classes/sun/security/tools/KeyTool.java
+++ b/src/share/classes/sun/security/tools/KeyTool.java
@@ -76,6 +76,7 @@ import sun.security.util.DerValue;
 import sun.security.x509.*;

 import static java.security.KeyStore.*;
+import static sun.security.tools.KeyTool.Command.*;

 /**
 * This tool manages keystores.
@@ -92,7 +93,7 @@ import static java.security.KeyStore.*;
 public final class KeyTool {

    private boolean debug = false;
-    private int command = -1;
+    private Command command = null;
    private String sigAlgName = null;
    private String keyAlgName = null;
    private boolean verbose = false;
@@ -146,24 +147,132 @@ public final class KeyTool {

    private List <String> v3ext = new ArrayList <String> ();

-    private static final int CERTREQ = 1;
-    private static final int CHANGEALIAS = 2;
-    private static final int DELETE = 3;
-    private static final int EXPORTCERT = 4;
-    private static final int GENKEYPAIR = 5;
-    private static final int GENSECKEY = 6;
-    // there is no HELP
-    private static final int IDENTITYDB = 7;
-    private static final int IMPORTCERT = 8;
-    private static final int IMPORTKEYSTORE = 9;
-    private static final int KEYCLONE = 10;
-    private static final int KEYPASSWD = 11;
-    private static final int LIST = 12;
-    private static final int PRINTCERT = 13;
-    private static final int SELFCERT = 14;
-    private static final int STOREPASSWD = 15;
-    private static final int GENCERT = 16;
-    private static final int PRINTCERTREQ = 17;
+    enum Command {
+        CERTREQ("Generates a certificate request",
+            "-alias", "-sigalg", "-file", "-keypass", "-keystore",
+            "-storepass", "-storetype", "-providername", "-providerclass",
+            "-providerarg", "-providerpath", "-v", "-protected"),
+        CHANGEALIAS("Changes an entry's alias",
+            "-alias", "-destalias", "-keypass", "-keystore", "-storepass",
+            "-storetype", "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v", "-protected"),
+        DELETE("Deletes an entry",
+            "-alias", "-keystore", "-storepass", "-storetype",
+            "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v", "-protected"),
+        EXPORTCERT("Exports certificate",
+            "-rfc", "-alias", "-file", "-keystore", "-storepass",
+            "-storetype", "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v", "-protected"),
+        GENKEYPAIR("Generates a key pair",
+            "-alias", "-keyalg", "-keysize", "-sigalg", "-destalias",
+            "-startdate", "-ext", "-validity", "-keypass", "-keystore",
+            "-storepass", "-storetype", "-providername", "-providerclass",
+            "-providerarg", "-providerpath", "-v", "-protected"),
+        GENSECKEY("Generates a secret key",
+            "-alias", "-keypass", "-keyalg", "-keysize", "-keystore",
+            "-storepass", "-storetype", "-providername", "-providerclass",
+            "-providerarg", "-providerpath", "-v", "-protected"),
+        GENCERT("Generates certificate from a certificate request",
+            "-rfc", "-infile", "-outfile", "-alias", "-sigalg",
+            "-startdate", "-ext", "-validity", "-keypass", "-keystore",
+            "-storepass", "-storetype", "-providername", "-providerclass",
+            "-providerarg", "-providerpath", "-v", "-protected"),
+        IDENTITYDB("Imports entries from a JDK 1.1.x-style identity database",
+            "-file", "-storetype", "-keystore", "-storepass", "-providername",
+            "-providerclass", "-providerarg", "-providerpath", "-v"),
+        IMPORTCERT("Imports a certificate or a certificate chain",
+            "-noprompt", "-trustcacerts", "-protected", "-alias", "-file",
+            "-keypass", "-keystore", "-storepass", "-storetype",
+            "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v"),
+        IMPORTKEYSTORE("Imports one or all entries from another keystore",
+            "-srckeystore", "-destkeystore", "-srcstoretype",
+            "-deststoretype", "-srcstorepass", "-deststorepass",
+            "-srcprotected", "-srcprovidername", "-destprovidername",
+            "-srcalias", "-destalias", "-srckeypass", "-destkeypass",
+            "-noprompt", "-providerclass", "-providerarg", "-providerpath",
+            "-v"),
+        KEYCLONE("Clones a key entry",
+            "-alias", "-destalias", "-keypass", "-new", "-storetype",
+            "-keystore", "-storepass", "-providername", "-providerclass",
+            "-providerarg", "-providerpath", "-v"),
+        KEYPASSWD("Changes the key password of an entry",
+            "-alias", "-keypass", "-new", "-keystore", "-storepass",
+            "-storetype", "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v"),
+        LIST("Lists entries in a keystore",
+            "-rfc", "-alias", "-keystore", "-storepass", "-storetype",
+            "-providername", "-providerclass", "-providerarg",
+            "-providerpath", "-v", "-protected"),
+        PRINTCERT("Prints the content of a certificate",
+            "-rfc", "-file", "-sslserver", "-v"),
+        PRINTCERTREQ("Prints the content of a certificate request",
+            "-file", "-v"),
+        SELFCERT("Generates a self-signed certificate",
+            "-alias", "-sigalg", "-dname", "-startdate", "-validity", "-keypass",
+            "-storetype", "-keystore", "-storepass", "-providername",
+            "-providerclass", "-providerarg", "-providerpath", "-v"),
+        STOREPASSWD("Changes the store password of a keystore",
+            "-new", "-keystore", "-storepass", "-storetype", "-providername",
+            "-providerclass", "-providerarg", "-providerpath", "-v");
+
+        final String description;
+        final String[] options;
+        Command(String d, String... o) {
+            description = d;
+            options = o;
+        }
+        @Override
+        public String toString() {
+            return "-" + name().toLowerCase(Locale.ENGLISH);
+        }
+    };
+
+    private static String[][] options = {
+        // name, arg, description
+        {"-alias", "<alias>", "alias name of the entry to process"},
+        {"-destalias", "<destalias>", "destination alias"},
+        {"-destkeypass", "<arg>", "destination key password"},
+        {"-destkeystore", "<destkeystore>", "destination keystore name"},
+        {"-destprotected", null, "destination keystore password protected"},
+        {"-destprovidername", "<destprovidername>", "destination keystore provider name"},
+        {"-deststorepass", "<arg>", "destination keystore password"},
+        {"-deststoretype", "<deststoretype>", "destination keystore type"},
+        {"-dname", "<dname>", "distinguished name"},
+        {"-ext", "<value>", "X.509 extension"},
+        {"-file", "<filename>", "output file name"},
+        {"-file", "<filename>", "input file name"},
+        {"-infile", "<filename>", "input file name"},
+        {"-keyalg", "<keyalg>", "key algorithm name"},
+        {"-keypass", "<arg>", "key password"},
+        {"-keysize", "<keysize>", "key bit size"},
+        {"-keystore", "<keystore>", "keystore name"},
+        {"-new", "<arg>", "new password"},
+        {"-noprompt", null, "do not prompt"},
+        {"-outfile", "<filename>", "output file name"},
+        {"-protected", null, "password through protected mechanism"},
+        {"-providerarg", "<arg>", "provider argument"},
+        {"-providerclass", "<providerclass>", "provider class name"},
+        {"-providername", "<providername>", "provider name"},
+        {"-providerpath", "<pathlist>", "provider classpath"},
+        {"-rfc", null, "output in RFC style"},
+        {"-sigalg", "<sigalg>", "signature algorithm name"},
+        {"-srcalias", "<srcalias>", "source alias"},
+        {"-srckeypass", "<arg>", "source keystore password"},
+        {"-srckeystore", "<srckeystore>", "source keystore name"},
+        {"-srcprotected", null, "source keystore password protected"},
+        {"-srcprovidername", "<srcprovidername>", "source keystore provider name"},
+        {"-srcstorepass", "<arg>", "source keystore password"},
+        {"-srcstoretype", "<srcstoretype>", "source keystore type"},
+        {"-sslserver", "<server[:port]>", "SSL server host and port"},
+        {"-startdate", "<startdate>", "certificate validity start date/time"},
+        {"-storepass", "<arg>", "keystore password"},
+        {"-storetype", "<storetype>", "keystore type"},
+        {"-trustcacerts", null, "trust certificates from cacerts"},
+        {"-v", null, "verbose output"},
+        {"-validity", "<valDays>", "validity number of days"},
+    };

    private static final Class[] PARAM_STRING = { String.class };

@@ -192,7 +301,7 @@ public final class KeyTool {
    private void run(String[] args, PrintStream out) throws Exception {
        try {
            parseArgs(args);
-            if (command != -1) {
+            if (command != null) {
                doCommands(out);
            }
        } catch (Exception e) {
@@ -224,59 +333,50 @@ public final class KeyTool {
     */
    void parseArgs(String[] args) {

-        if (args.length == 0) {
-            usage();
-            return;
-        }
-
        int i=0;
+        boolean help = args.length == 0;

        for (i=0; (i < args.length) && args[i].startsWith("-"); i++) {

            String flags = args[i];
+
+            // Check if the last option needs an arg
+            if (i == args.length - 1) {
+                for (String[] option: options) {
+                    // Only options with an arg need to be checked
+                    if (collator.compare(flags, option[0]) == 0) {
+                        if (option[1] != null) errorNeedArgument(flags);
+                        break;
+                    }
+                }
+            }
+
            /*
             * command modes
             */
-            if (collator.compare(flags, "-certreq") == 0) {
-                command = CERTREQ;
-            } else if (collator.compare(flags, "-delete") == 0) {
-                command = DELETE;
-            } else if (collator.compare(flags, "-export") == 0 ||
-                    collator.compare(flags, "-exportcert") == 0) {
+            boolean isCommand = false;
+            for (Command c: Command.values()) {
+                if (collator.compare(flags, c.toString()) == 0) {
+                    command = c;
+                    isCommand = true;
+                    break;
+                }
+            }
+
+            if (isCommand) {
+                // already recognized as a command
+            } else if (collator.compare(flags, "-export") == 0) {
                command = EXPORTCERT;
-            } else if (collator.compare(flags, "-genkey") == 0 ||
-                    collator.compare(flags, "-genkeypair") == 0) {
+            } else if (collator.compare(flags, "-genkey") == 0) {
                command = GENKEYPAIR;
-            } else if (collator.compare(flags, "-help") == 0) {
-                usage();
-                return;
-            } else if (collator.compare(flags, "-identitydb") == 0) { // obsolete
-                command = IDENTITYDB;
-            } else if (collator.compare(flags, "-import") == 0 ||
-                    collator.compare(flags, "-importcert") == 0) {
+            } else if (collator.compare(flags, "-import") == 0) {
                command = IMPORTCERT;
-            } else if (collator.compare(flags, "-keyclone") == 0) { // obsolete
-                command = KEYCLONE;
-            } else if (collator.compare(flags, "-changealias") == 0) {
-                command = CHANGEALIAS;
-            } else if (collator.compare(flags, "-keypasswd") == 0) {
-                command = KEYPASSWD;
-            } else if (collator.compare(flags, "-list") == 0) {
-                command = LIST;
-            } else if (collator.compare(flags, "-printcert") == 0) {
-                command = PRINTCERT;
-            } else if (collator.compare(flags, "-selfcert") == 0) {     // obsolete
-                command = SELFCERT;
-            } else if (collator.compare(flags, "-storepasswd") == 0) {
-                command = STOREPASSWD;
-            } else if (collator.compare(flags, "-importkeystore") == 0) {
-                command = IMPORTKEYSTORE;
-            } else if (collator.compare(flags, "-genseckey") == 0) {
-                command = GENSECKEY;
-            } else if (collator.compare(flags, "-gencert") == 0) {
-                command = GENCERT;
-            } else if (collator.compare(flags, "-printcertreq") == 0) {
-                command = PRINTCERTREQ;
+            }
+            /*
+             * Help
+             */
+            else if (collator.compare(flags, "-help") == 0) {
+                help = true;
            }

            /*
@@ -284,101 +384,74 @@ public final class KeyTool {
             */
            else if (collator.compare(flags, "-keystore") == 0 ||
                    collator.compare(flags, "-destkeystore") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                ksfname = args[i];
+                ksfname = args[++i];
            } else if (collator.compare(flags, "-storepass") == 0 ||
                    collator.compare(flags, "-deststorepass") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                storePass = args[i].toCharArray();
+                storePass = args[++i].toCharArray();
                passwords.add(storePass);
            } else if (collator.compare(flags, "-storetype") == 0 ||
                    collator.compare(flags, "-deststoretype") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                storetype = args[i];
+                storetype = args[++i];
            } else if (collator.compare(flags, "-srcstorepass") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                srcstorePass = args[i].toCharArray();
+                srcstorePass = args[++i].toCharArray();
                passwords.add(srcstorePass);
            } else if (collator.compare(flags, "-srcstoretype") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                srcstoretype = args[i];
+                srcstoretype = args[++i];
            } else if (collator.compare(flags, "-srckeypass") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                srckeyPass = args[i].toCharArray();
+                srckeyPass = args[++i].toCharArray();
                passwords.add(srckeyPass);
            } else if (collator.compare(flags, "-srcprovidername") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                srcProviderName = args[i];
+                srcProviderName = args[++i];
            } else if (collator.compare(flags, "-providername") == 0 ||
                    collator.compare(flags, "-destprovidername") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                providerName = args[i];
+                providerName = args[++i];
            } else if (collator.compare(flags, "-providerpath") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                pathlist = args[i];
+                pathlist = args[++i];
            } else if (collator.compare(flags, "-keypass") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                keyPass = args[i].toCharArray();
+                keyPass = args[++i].toCharArray();
                passwords.add(keyPass);
            } else if (collator.compare(flags, "-new") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                newPass = args[i].toCharArray();
+                newPass = args[++i].toCharArray();
                passwords.add(newPass);
            } else if (collator.compare(flags, "-destkeypass") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                destKeyPass = args[i].toCharArray();
+                destKeyPass = args[++i].toCharArray();
                passwords.add(destKeyPass);
            } else if (collator.compare(flags, "-alias") == 0 ||
                    collator.compare(flags, "-srcalias") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                alias = args[i];
+                alias = args[++i];
            } else if (collator.compare(flags, "-dest") == 0 ||
                    collator.compare(flags, "-destalias") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                dest = args[i];
+                dest = args[++i];
            } else if (collator.compare(flags, "-dname") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                dname = args[i];
+                dname = args[++i];
            } else if (collator.compare(flags, "-keysize") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                keysize = Integer.parseInt(args[i]);
+                keysize = Integer.parseInt(args[++i]);
            } else if (collator.compare(flags, "-keyalg") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                keyAlgName = args[i];
+                keyAlgName = args[++i];
            } else if (collator.compare(flags, "-sigalg") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                sigAlgName = args[i];
+                sigAlgName = args[++i];
            } else if (collator.compare(flags, "-startdate") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                startDate = args[i];
+                startDate = args[++i];
            } else if (collator.compare(flags, "-validity") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                validity = Long.parseLong(args[i]);
+                validity = Long.parseLong(args[++i]);
            } else if (collator.compare(flags, "-ext") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                v3ext.add(args[i]);
+                v3ext.add(args[++i]);
            } else if (collator.compare(flags, "-file") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                filename = args[i];
+                filename = args[++i];
            } else if (collator.compare(flags, "-infile") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                infilename = args[i];
+                infilename = args[++i];
            } else if (collator.compare(flags, "-outfile") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                outfilename = args[i];
+                outfilename = args[++i];
            } else if (collator.compare(flags, "-sslserver") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                sslserver = args[i];
+                sslserver = args[++i];
            } else if (collator.compare(flags, "-srckeystore") == 0) {
-                if (++i == args.length) errorNeedArgument(flags);
-                srcksfname = args[i];
+                srcksfname = args[++i];
            } else if ((collator.compare(flags, "-provider") == 0) ||
                        (collator.compare(flags, "-providerclass") == 0)) {
-                if (++i == args.length) errorNeedArgument(flags);
                if (providers == null) {
                    providers = new HashSet<Pair <String, String>> (3);
                }
-                String providerClass = args[i];
+                String providerClass = args[++i];
                String providerArg = null;

                if (args.length > (i+1)) {
@@ -418,19 +491,24 @@ public final class KeyTool {
        }

        if (i<args.length) {
-            MessageFormat form = new MessageFormat
-                (rb.getString("Usage error, <arg> is not a legal command"));
-            Object[] source = {args[i]};
-            throw new RuntimeException(form.format(source));
+            System.err.println(rb.getString("Illegal option:  ") + args[i]);
+            tinyHelp();
        }

-        if (command == -1) {
-            System.err.println(rb.getString("Usage error: no command provided"));
-            tinyHelp();
+        if (command == null) {
+            if (help) {
+                usage();
+            } else {
+                System.err.println(rb.getString("Usage error: no command provided"));
+                tinyHelp();
+            }
+        } else if (help) {
+            usage();
+            command = null;
        }
    }

-    boolean isKeyStoreRelated(int cmd) {
+    boolean isKeyStoreRelated(Command cmd) {
        return cmd != PRINTCERT && cmd != PRINTCERTREQ;
    }

@@ -2600,7 +2678,7 @@ public final class KeyTool {
        do {
            if (maxRetry-- < 0) {
                throw new RuntimeException(rb.getString(
-                        "Too may retries, program terminated"));
+                        "Too many retries, program terminated"));
            }
            commonName = inputString(in,
                    rb.getString("What is your first and last name?"),
@@ -3086,7 +3164,7 @@ public final class KeyTool {
        do {
            if (maxRetry-- < 0) {
                throw new RuntimeException(rb.getString(
-                        "Too may retries, program terminated"));
+                        "Too many retries, program terminated"));
            }
            System.err.print(prompt);
            System.err.flush();
@@ -3258,7 +3336,8 @@ public final class KeyTool {
        int nmatch = 0;
        for (int i = 0; i<list.length; i++) {
            String one = list[i];
-            if (one.toLowerCase().startsWith(s.toLowerCase())) {
+            if (one.toLowerCase(Locale.ENGLISH)
+                    .startsWith(s.toLowerCase(Locale.ENGLISH))) {
                match[nmatch++] = i;
            } else {
                StringBuffer sb = new StringBuffer();
@@ -3368,9 +3447,9 @@ public final class KeyTool {
            // Honoring requested extensions
            if (reqex != null) {
                for(String extstr: extstrs) {
-                    if (extstr.toLowerCase().startsWith("honored=")) {
+                    if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
                        List<String> list = Arrays.asList(
-                                extstr.toLowerCase().substring(8).split(","));
+                                extstr.toLowerCase(Locale.ENGLISH).substring(8).split(","));
                        // First check existence of "all"
                        if (list.contains("all")) {
                            ext = reqex;    // we know ext was null
@@ -3687,227 +3766,69 @@ public final class KeyTool {
     * Prints the usage of this tool.
     */
    private void usage() {
-        System.err.println(rb.getString("keytool usage:\n"));
-
-        System.err.println(rb.getString
-                ("-certreq     [-v] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>] [-sigalg <sigalg>]"));
-        System.err.println(rb.getString
-                ("\t     [-dname <dname>]"));
-        System.err.println(rb.getString
-                ("\t     [-file <csr_file>] [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-changealias [-v] [-protected] -alias <alias> -destalias <destalias>"));
-        System.err.println(rb.getString
-                ("\t     [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-delete      [-v] [-protected] -alias <alias>"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-exportcert  [-v] [-rfc] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>] [-file <cert_file>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-genkeypair  [-v] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>]"));
-        System.err.println(rb.getString
-                ("\t     [-keyalg <keyalg>] [-keysize <keysize>]"));
-        System.err.println(rb.getString
-                ("\t     [-sigalg <sigalg>] [-dname <dname>]"));
-        System.err.println(rb.getString
-                ("\t     [-startdate <startdate>]"));
-        System.err.println(rb.getString
-                ("\t     [-ext <key>[:critical][=<value>]]..."));
-        System.err.println(rb.getString
-                ("\t     [-validity <valDays>] [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-gencert     [-v] [-rfc] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-infile <infile>] [-outfile <outfile>]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>]"));
-        System.err.println(rb.getString
-                ("\t     [-dname <dname>]"));
-        System.err.println(rb.getString
-                ("\t     [-sigalg <sigalg>]"));
-        System.err.println(rb.getString
-                ("\t     [-startdate <startdate>]"));
-        System.err.println(rb.getString
-                ("\t     [-ext <key>[:critical][=<value>]]..."));
-        System.err.println(rb.getString
-                ("\t     [-validity <valDays>] [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-genseckey   [-v] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>] [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keyalg <keyalg>] [-keysize <keysize>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString("-help"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-importcert  [-v] [-noprompt] [-trustcacerts] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>]"));
-        System.err.println(rb.getString
-                ("\t     [-file <cert_file>] [-keypass <keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-importkeystore [-v] "));
-        System.err.println(rb.getString
-                ("\t     [-srckeystore <srckeystore>] [-destkeystore <destkeystore>]"));
-        System.err.println(rb.getString
-                ("\t     [-srcstoretype <srcstoretype>] [-deststoretype <deststoretype>]"));
-        System.err.println(rb.getString
-                ("\t     [-srcstorepass <srcstorepass>] [-deststorepass <deststorepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-srcprotected] [-destprotected]"));
-        System.err.println(rb.getString
-                ("\t     [-srcprovidername <srcprovidername>]\n\t     [-destprovidername <destprovidername>]"));
-        System.err.println(rb.getString
-                ("\t     [-srcalias <srcalias> [-destalias <destalias>]"));
-        System.err.println(rb.getString
-                ("\t       [-srckeypass <srckeypass>] [-destkeypass <destkeypass>]]"));
-        System.err.println(rb.getString
-                ("\t     [-noprompt]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-keypasswd   [-v] [-alias <alias>]"));
-        System.err.println(rb.getString
-                ("\t     [-keypass <old_keypass>] [-new <new_keypass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-list        [-v | -rfc] [-protected]"));
-        System.err.println(rb.getString
-                ("\t     [-alias <alias>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"));
-        System.err.println();
-
-        System.err.println(rb.getString
-                ("-printcertreq   [-v] [-file <cert_file>]"));
-        System.err.println();
+        if (command != null) {
+            System.err.println("keytool " + command +
+                    rb.getString(" [OPTION]..."));
+            System.err.println();
+            System.err.println(rb.getString(command.description));
+            System.err.println();
+            System.err.println(rb.getString("Options:"));
+            System.err.println();

-        System.err.println(rb.getString
-                ("-storepasswd [-v] [-new <new_storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-keystore <keystore>] [-storepass <storepass>]"));
-        System.err.println(rb.getString
-                ("\t     [-storetype <storetype>] [-providername <name>]"));
-        System.err.println(rb.getString
-                ("\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."));
-        System.err.println(rb.getString
-                ("\t     [-providerpath <pathlist>]"));
+            // Left and right sides of the options list
+            String[] left = new String[command.options.length];
+            String[] right = new String[command.options.length];
+
+            // Check if there's an unknown option
+            boolean found = false;
+
+            // Length of left side of options list
+            int lenLeft = 0;
+            for (int j=0; j<left.length; j++) {
+                for (String[] opt: options) {
+                    if (collator.compare(opt[0], command.options[j]) == 0) {
+                        left[j] = opt[0];
+                        if (opt[1] != null) left[j] += " " + opt[1];
+                        if (left[j].length() > lenLeft) {
+                            lenLeft = left[j].length();
+                        }
+                        right[j] = rb.getString(opt[2]);
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) {
+                    throw new RuntimeException("ERROR: CANNOT FIND " + command.options[j]);
+                }
+            }
+            for (int j=0; j<left.length; j++) {
+                System.err.printf(" %-" + lenLeft + "s  %s\n",
+                        left[j], right[j]);
+            }
+            System.err.println();
+            System.err.println(rb.getString(
+                    "Use \"keytool -help\" for all available commands"));
+        } else {
+            System.err.println(rb.getString(
+                    "Key and Certificate Management Tool"));
+            System.err.println();
+            System.err.println(rb.getString("Commands:"));
+            System.err.println();
+            for (Command c: Command.values()) {
+                if (c != IDENTITYDB
+                        && c != KEYCLONE
+                        && c != SELFCERT) {     // Deprecated commands
+                    System.err.printf(" %-20s%s\n", c, rb.getString(c.description));
+                }
+            }
+            System.err.println();
+            System.err.println(rb.getString(
+                    "Use \"keytool -command_name -help\" for usage of command_name"));
+        }
    }

    private void tinyHelp() {
-        System.err.println(rb.getString("Try keytool -help"));
-
-        // do not drown user with the help lines.
+        usage();
        if (debug) {
            throw new RuntimeException("NO BIG ERROR, SORRY");
        } else {

--- a/src/share/classes/sun/security/util/Resources.java
+++ b/src/share/classes/sun/security/util/Resources.java
@@ -46,18 +46,145 @@ public class Resources extends java.util.ListResourceBundle {
        {"*******************************************\n\n",
                "*******************************************\n\n"},

-        // keytool
+        // keytool: Help part
+        {" [OPTION]...", " [OPTION]..."},
+        {"Options:", "Options:"},
+        {"Use \"keytool -help\" for all available commands",
+                 "Use \"keytool -help\" for all available commands"},
+        {"Key and Certificate Management Tool",
+                 "Key and Certificate Management Tool"},
+        {"Commands:", "Commands:"},
+        {"Use \"keytool -command_name -help\" for usage of command_name",
+                "Use \"keytool -command_name -help\" for usage of command_name"},
+        // keytool: help: commands
+        {"Generates a certificate request",
+                "Generates a certificate request"}, //-certreq
+        {"Changes an entry's alias",
+                "Changes an entry's alias"}, //-changealias
+        {"Deletes an entry",
+                "Deletes an entry"}, //-delete
+        {"Exports certificate",
+                "Exports certificate"}, //-exportcert
+        {"Generates a key pair",
+                "Generates a key pair"}, //-genkeypair
+        {"Generates a secret key",
+                "Generates a secret key"}, //-genseckey
+        {"Generates certificate from a certificate request",
+                "Generates certificate from a certificate request"}, //-gencert
+        {"Imports entries from a JDK 1.1.x-style identity database",
+                "Imports entries from a JDK 1.1.x-style identity database"}, //-identitydb
+        {"Imports a certificate or a certificate chain",
+                "Imports a certificate or a certificate chain"}, //-importcert
+        {"Imports one or all entries from another keystore",
+                "Imports one or all entries from another keystore"}, //-importkeystore
+        {"Clones a key entry",
+                "Clones a key entry"}, //-keyclone
+        {"Changes the key password of an entry",
+                "Changes the key password of an entry"}, //-keypasswd
+        {"Lists entries in a keystore",
+                "Lists entries in a keystore"}, //-list
+        {"Prints the content of a certificate",
+                "Prints the content of a certificate"}, //-printcert
+        {"Prints the content of a certificate request",
+                "Prints the content of a certificate request"}, //-printcertreq
+        {"Generates a self-signed certificate",
+                "Generates a self-signed certificate"}, //-selfcert
+        {"Changes the store password of a keystore",
+                "Changes the store password of a keystore"}, //-storepasswd
+        // keytool: help: options
+        {"alias name of the entry to process",
+                "alias name of the entry to process"}, //-alias
+        {"destination alias",
+                "destination alias"}, //-destalias
+        {"destination key password",
+                "destination key password"}, //-destkeypass
+        {"destination keystore name",
+                "destination keystore name"}, //-destkeystore
+        {"destination keystore password protected",
+                "destination keystore password protected"}, //-destprotected
+        {"destination keystore provider name",
+                "destination keystore provider name"}, //-destprovidername
+        {"destination keystore password",
+                "destination keystore password"}, //-deststorepass
+        {"destination keystore type",
+                "destination keystore type"}, //-deststoretype
+        {"distinguished name",
+                "distinguished name"}, //-dname
+        {"X.509 extension",
+                "X.509 extension"}, //-ext
+        {"output file name",
+                "output file name"}, //-file
+        {"input file name",
+                "input file name"}, //-file
+        {"input file name",
+                "input file name"}, //-infile
+        {"key algorithm name",
+                "key algorithm name"}, //-keyalg
+        {"key password",
+                "key password"}, //-keypass
+        {"key bit size",
+                "key bit size"}, //-keysize
+        {"keystore name",
+                "keystore name"}, //-keystore
+        {"new password",
+                "new password"}, //-new
+        {"do not prompt",
+                "do not prompt"}, //-noprompt
+        {"output file name",
+                "output file name"}, //-outfile
+        {"password through protected mechanism",
+                "password through protected mechanism"}, //-protected
+        {"provider argument",
+                "provider argument"}, //-providerarg
+        {"provider class name",
+                "provider class name"}, //-providerclass
+        {"provider name",
+                "provider name"}, //-providername
+        {"provider classpath",
+                "provider classpath"}, //-providerpath
+        {"output in RFC style",
+                "output in RFC style"}, //-rfc
+        {"signature algorithm name",
+                "signature algorithm name"}, //-sigalg
+        {"source alias",
+                "source alias"}, //-srcalias
+        {"source keystore password",
+                "source keystore password"}, //-srckeypass
+        {"source keystore name",
+                "source keystore name"}, //-srckeystore
+        {"source keystore password protected",
+                "source keystore password protected"}, //-srcprotected
+        {"source keystore provider name",
+                "source keystore provider name"}, //-srcprovidername
+        {"source keystore password",
+                "source keystore password"}, //-srcstorepass
+        {"source keystore type",
+                "source keystore type"}, //-srcstoretype
+        {"SSL server host and port",
+                "SSL server host and port"}, //-sslserver
+        {"certificate validity start date/time",
+                "certificate validity start date/time"}, //-startdate
+        {"keystore password",
+                "keystore password"}, //-storepass
+        {"keystore type",
+                "keystore type"}, //-storetype
+        {"trust certificates from cacerts",
+                "trust certificates from cacerts"}, //-trustcacerts
+        {"verbose output",
+                "verbose output"}, //-v
+        {"validity number of days",
+                "validity number of days"}, //-validity
+        // keytool: Running part
        {"keytool error: ", "keytool error: "},
        {"Illegal option:  ", "Illegal option:  "},
        {"Illegal value: ", "Illegal value: "},
-        {"Try keytool -help","Try keytool -help"},
        {"Command option <flag> needs an argument.", "Command option {0} needs an argument."},
        {"Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified <command> value.",
                "Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified {0} value."},
        {"-keystore must be NONE if -storetype is {0}",
                "-keystore must be NONE if -storetype is {0}"},
-        {"Too may retries, program terminated",
-                 "Too may retries, program terminated"},
+        {"Too many retries, program terminated",
+                 "Too many retries, program terminated"},
        {"-storepasswd and -keypasswd commands not supported if -storetype is {0}",
                "-storepasswd and -keypasswd commands not supported if -storetype is {0}"},
        {"-keypasswd commands not supported if -storetype is PKCS12",
@@ -77,7 +204,6 @@ public class Resources extends java.util.ListResourceBundle {
                "Validity must be greater than zero"},
        {"provName not a provider", "{0} not a provider"},
        {"Usage error: no command provided", "Usage error: no command provided"},
-        {"Usage error, <arg> is not a legal command", "Usage error, {0} is not a legal command"},
        {"Source keystore file exists, but is empty: ", "Source keystore file exists, but is empty: "},
        {"Please specify -srckeystore", "Please specify -srckeystore"},
        {"Must not specify both -v and -rfc with 'list' command",
@@ -279,7 +405,6 @@ public class Resources extends java.util.ListResourceBundle {
                "Secret Key not generated, alias <{0}> already exists"},
        {"Please provide -keysize for secret key generation",
                "Please provide -keysize for secret key generation"},
-        {"keytool usage:\n", "keytool usage:\n"},

        {"Extensions: ", "Extensions: "},
        {"(Empty value)", "(Empty value)"},
@@ -297,139 +422,6 @@ public class Resources extends java.util.ListResourceBundle {
        {"Odd number of hex digits found: ", "Odd number of hex digits found: "},
        {"command {0} is ambiguous:", "command {0} is ambiguous:"},

-        {"-certreq     [-v] [-protected]",
-                "-certreq     [-v] [-protected]"},
-        {"\t     [-alias <alias>] [-sigalg <sigalg>]",
-                "\t     [-alias <alias>] [-sigalg <sigalg>]"},
-        {"\t     [-dname <dname>]", "\t     [-dname <dname>]"},
-        {"\t     [-file <csr_file>] [-keypass <keypass>]",
-                "\t     [-file <csr_file>] [-keypass <keypass>]"},
-        {"\t     [-keystore <keystore>] [-storepass <storepass>]",
-                "\t     [-keystore <keystore>] [-storepass <storepass>]"},
-        {"\t     [-storetype <storetype>] [-providername <name>]",
-                "\t     [-storetype <storetype>] [-providername <name>]"},
-        {"\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ...",
-                "\t     [-providerclass <provider_class_name> [-providerarg <arg>]] ..."},
-        {"\t     [-providerpath <pathlist>]",
-                "\t     [-providerpath <pathlist>]"},
-        {"-delete      [-v] [-protected] -alias <alias>",
-                "-delete      [-v] [-protected] -alias <alias>"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        //{"-export      [-v] [-rfc] [-protected]",
-        //       "-export      [-v] [-rfc] [-protected]"},
-        {"-exportcert  [-v] [-rfc] [-protected]",
-                "-exportcert  [-v] [-rfc] [-protected]"},
-        {"\t     [-alias <alias>] [-file <cert_file>]",
-                "\t     [-alias <alias>] [-file <cert_file>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        //{"-genkey      [-v] [-protected]",
-        //        "-genkey      [-v] [-protected]"},
-        {"-genkeypair  [-v] [-protected]",
-                "-genkeypair  [-v] [-protected]"},
-        {"\t     [-alias <alias>]", "\t     [-alias <alias>]"},
-        {"\t     [-keyalg <keyalg>] [-keysize <keysize>]",
-                "\t     [-keyalg <keyalg>] [-keysize <keysize>]"},
-        {"\t     [-sigalg <sigalg>] [-dname <dname>]",
-                "\t     [-sigalg <sigalg>] [-dname <dname>]"},
-        {"\t     [-startdate <startdate>]",
-                "\t     [-startdate <startdate>]"},
-        {"\t     [-validity <valDays>] [-keypass <keypass>]",
-                "\t     [-validity <valDays>] [-keypass <keypass>]"},
-        /** rest is same as -certreq starting from -keystore **/
-        {"-gencert     [-v] [-rfc] [-protected]",
-                "-gencert     [-v] [-rfc] [-protected]"},
-        {"\t     [-infile <infile>] [-outfile <outfile>]",
-                 "\t     [-infile <infile>] [-outfile <outfile>]"},
-        {"\t     [-sigalg <sigalg>]",
-                "\t     [-sigalg <sigalg>]"},
-        {"\t     [-ext <key>[:critical][=<value>]]...",
-                "\t     [-ext <key>[:critical][=<value>]]..."},
-
-        {"-genseckey   [-v] [-protected]",
-                "-genseckey   [-v] [-protected]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-help", "-help"},
-        //{"-identitydb  [-v] [-protected]",
-        //      "-identitydb  [-v] [-protected]"},
-        //{"\t     [-file <idb_file>]", "\t     [-file <idb_file>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        //{"-import      [-v] [-noprompt] [-trustcacerts] [-protected]",
-        //       "-import      [-v] [-noprompt] [-trustcacerts] [-protected]"},
-        {"-importcert  [-v] [-noprompt] [-trustcacerts] [-protected]",
-                "-importcert  [-v] [-noprompt] [-trustcacerts] [-protected]"},
-        {"\t     [-alias <alias>]", "\t     [-alias <alias>]"},
-        {"\t     [-alias <alias>] [-keypass <keypass>]",
-            "\t     [-alias <alias>] [-keypass <keypass>]"},
-        {"\t     [-file <cert_file>] [-keypass <keypass>]",
-                "\t     [-file <cert_file>] [-keypass <keypass>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-importkeystore [-v] ",
-                "-importkeystore [-v] "},
-        {"\t     [-srckeystore <srckeystore>] [-destkeystore <destkeystore>]",
-                "\t     [-srckeystore <srckeystore>] [-destkeystore <destkeystore>]"},
-        {"\t     [-srcstoretype <srcstoretype>] [-deststoretype <deststoretype>]",
-                "\t     [-srcstoretype <srcstoretype>] [-deststoretype <deststoretype>]"},
-        {"\t     [-srcprotected] [-destprotected]",
-                "\t     [-srcprotected] [-destprotected]"},
-        {"\t     [-srcstorepass <srcstorepass>] [-deststorepass <deststorepass>]",
-                "\t     [-srcstorepass <srcstorepass>] [-deststorepass <deststorepass>]"},
-        {"\t     [-srcprovidername <srcprovidername>]\n\t     [-destprovidername <destprovidername>]",  // line too long, split to 2
-                 "\t     [-srcprovidername <srcprovidername>]\n\t     [-destprovidername <destprovidername>]"},
-        {"\t     [-srcalias <srcalias> [-destalias <destalias>]",
-                "\t     [-srcalias <srcalias> [-destalias <destalias>]"},
-        {"\t       [-srckeypass <srckeypass>] [-destkeypass <destkeypass>]]",
-                "\t       [-srckeypass <srckeypass>] [-destkeypass <destkeypass>]]"},
-        {"\t     [-noprompt]", "\t     [-noprompt]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-changealias [-v] [-protected] -alias <alias> -destalias <destalias>",
-                "-changealias [-v] [-protected] -alias <alias> -destalias <destalias>"},
-        {"\t     [-keypass <keypass>]", "\t     [-keypass <keypass>]"},
-
-        //{"-keyclone    [-v] [-protected]",
-        //      "-keyclone    [-v] [-protected]"},
-        //{"\t     [-alias <alias>] -dest <dest_alias>",
-        //      "\t     [-alias <alias>] -dest <dest_alias>"},
-        //{"\t     [-keypass <keypass>] [-new <new_keypass>]",
-        //      "\t     [-keypass <keypass>] [-new <new_keypass>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-keypasswd   [-v] [-alias <alias>]",
-                "-keypasswd   [-v] [-alias <alias>]"},
-        {"\t     [-keypass <old_keypass>] [-new <new_keypass>]",
-                "\t     [-keypass <old_keypass>] [-new <new_keypass>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-list        [-v | -rfc] [-protected]",
-                "-list        [-v | -rfc] [-protected]"},
-        {"\t     [-alias <alias>]", "\t     [-alias <alias>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]",
-                "-printcert   [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"},
-        {"-printcertreq   [-v] [-file <cert_file>]",
-                 "-printcertreq   [-v] [-file <cert_file>]"},
-        {"No certificate from the SSL server",
-                "No certificate from the SSL server"},
-
-        //{"-selfcert    [-v] [-protected]",
-        //      "-selfcert    [-v] [-protected]"},
-        {"\t     [-alias <alias>]", "\t     [-alias <alias>]"},
-        //{"\t     [-dname <dname>] [-validity <valDays>]",
-        //      "\t     [-dname <dname>] [-validity <valDays>]"},
-        //{"\t     [-keypass <keypass>] [-sigalg <sigalg>]",
-        //      "\t     [-keypass <keypass>] [-sigalg <sigalg>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
-        {"-storepasswd [-v] [-new <new_storepass>]",
-                "-storepasswd [-v] [-new <new_storepass>]"},
-        /** rest is same as -certreq starting from -keystore **/
-
        // policytool
        {"Warning: A public key for alias 'signers[i]' does not exist.  Make sure a KeyStore is properly configured.",
                "Warning: A public key for alias {0} does not exist.  Make sure a KeyStore is properly configured."},
@@ -679,3 +671,4 @@ public class Resources extends java.util.ListResourceBundle {
        return contents;
    }
 }
+
--- a/test/sun/security/tools/keytool/newhelp.sh
+++ b/test/sun/security/tools/keytool/newhelp.sh
+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6324292
+# @summary keytool -help is unhelpful
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  Windows_* )
+    FS="\\"
+    ;;
+  * )
+    FS="/"
+    ;;
+esac
+
+LANG=C
+$TESTJAVA${FS}bin${FS}keytool -help 2> h1 || exit 1
+$TESTJAVA${FS}bin${FS}keytool -help -list 2> h2 || exit 2
+
+grep Commands: h1 || exit 3
+grep Options: h2 || exit 4
+
+exit 0
+