Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 c7b72ac3 编写于 作者: W weijun
浏览文件
操作

7109096: keytool -genkeypair needn't call -selfcert 

Reviewed-by: xuelei
上级 297c3ebc
隐藏空白更改
内联 并排
Showing with 36 addition and 17 deletion
src/share/classes/sun/security/tools/CertAndKeyGen.java
浏览文件 @ c7b72ac3
......@@ -33,18 +33,7 @@ import java.security.*;
import java.util.Date;
import sun.security.pkcs10.PKCS10;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509Key;
import sun.security.x509.*;
/**
......@@ -165,6 +154,13 @@ public final class CertAndKeyGen {
publicKey = pair.getPublic();
privateKey = pair.getPrivate();
// publicKey's format must be X.509 otherwise
// the whole CertGen part of this class is broken.
if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
throw new IllegalArgumentException("publicKey's is not X.509, but "
+ publicKey.getFormat());
}
}
......@@ -186,6 +182,16 @@ public final class CertAndKeyGen {
return (X509Key)publicKey;
}
/**
* Always returns the public key of the generated key pair. Used
* by KeyTool only.
*
* The publicKey is not necessarily to be an instance of
* X509Key in some JCA/JCE providers, for example SunPKCS11.
*/
public PublicKey getPublicKeyAnyway() {
return publicKey;
}
/**
* Returns the private key of the generated key pair.
......@@ -200,7 +206,6 @@ public final class CertAndKeyGen {
return privateKey;
}
/**
* Returns a self-signed X.509v3 certificate for the public key.
* The certificate is immediately valid. No extensions.
......@@ -224,6 +229,15 @@ public final class CertAndKeyGen {
X500Name myname, Date firstDate, long validity)
throws CertificateException, InvalidKeyException, SignatureException,
NoSuchAlgorithmException, NoSuchProviderException
{
return getSelfCertificate(myname, firstDate, validity, null);
}
// Like above, plus a CertificateExtensions argument, which can be null.
public X509Certificate getSelfCertificate (X500Name myname, Date firstDate,
long validity, CertificateExtensions ext)
throws CertificateException, InvalidKeyException, SignatureException,
NoSuchAlgorithmException, NoSuchProviderException
{
X509CertImpl cert;
Date lastDate;
......@@ -248,6 +262,7 @@ public final class CertAndKeyGen {
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
cert = new X509CertImpl(info);
cert.sign(privateKey, this.sigAlg);
......
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @ c7b72ac3
......@@ -1518,9 +1518,16 @@ public final class KeyTool {
keypair.generate(keysize);
PrivateKey privKey = keypair.getPrivateKey();
CertificateExtensions ext = createV3Extensions(
null,
null,
v3ext,
keypair.getPublicKeyAnyway(),
null);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = keypair.getSelfCertificate(
x500Name, getStartDate(startDate), validity*24L*60L*60L);
x500Name, getStartDate(startDate), validity*24L*60L*60L, ext);
if (verbose) {
MessageFormat form = new MessageFormat(rb.getString
......@@ -1537,9 +1544,6 @@ public final class KeyTool {
keyPass = promptForKeyPass(alias, null, storePass);
}
keyStore.setKeyEntry(alias, privKey, keyPass, chain);
// resign so that -ext are applied.
doSelfCert(alias, null, sigAlgName);
}
/**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册