提交 d5341073 编写于 作者: W weijun

6561126: keytool should use larger default keysize for keypairs

Reviewed-by: mullan
上级 3d8c4550
......@@ -136,7 +136,7 @@ public class JarSigner {
char[] keypass; // private key password
String sigfile; // name of .SF file
String sigalg; // name of signature algorithm
String digestalg = "SHA1"; // name of digest algorithm
String digestalg = "SHA-256"; // name of digest algorithm
String signedjar; // output filename
String tsaUrl; // location of the Timestamping Authority
String tsaAlias; // alias for the Timestamping Authority's certificate
......@@ -2205,7 +2205,7 @@ class SignatureFile {
if (keyAlgorithm.equalsIgnoreCase("DSA"))
digestAlgorithm = "SHA1";
else if (keyAlgorithm.equalsIgnoreCase("RSA"))
digestAlgorithm = "SHA1";
digestAlgorithm = "SHA256";
else {
throw new RuntimeException("private key is not a DSA or "
+ "RSA key");
......
......@@ -1318,7 +1318,7 @@ public final class KeyTool {
if ("DSA".equalsIgnoreCase(keyAlgName)) {
return "SHA1WithDSA";
} else if ("RSA".equalsIgnoreCase(keyAlgName)) {
return "SHA1WithRSA";
return "SHA256WithRSA";
} else if ("EC".equalsIgnoreCase(keyAlgName)) {
return "SHA1withECDSA";
} else {
......@@ -1336,6 +1336,8 @@ public final class KeyTool {
if (keysize == -1) {
if ("EC".equalsIgnoreCase(keyAlgName)) {
keysize = 256;
} else if ("RSA".equalsIgnoreCase(keyAlgName)) {
keysize = 2048;
} else {
keysize = 1024;
}
......@@ -2499,6 +2501,7 @@ public final class KeyTool {
cert.getNotAfter().toString(),
getCertFingerPrint("MD5", cert),
getCertFingerPrint("SHA1", cert),
getCertFingerPrint("SHA-256", cert),
cert.getSigAlgName(),
cert.getVersion()
};
......
......@@ -215,7 +215,7 @@ public class Resources extends java.util.ListResourceBundle {
{"\t(RETURN if same as for <otherAlias>)",
"\t(RETURN if same as for <{0}>)"},
{"*PATTERN* printX509Cert",
"Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t Signature algorithm name: {7}\n\t Version: {8}"},
"Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"},
{"What is your first and last name?",
"What is your first and last name?"},
{"What is the name of your organizational unit?",
......
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6561126
# @summary keytool should use larger default keysize for keypairs
#
# @run shell newsize7.sh
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVA_CMD=`which java`
TESTJAVA=`dirname $JAVA_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
KSFILE=ns7.jks
KT="${TESTJAVA}${FS}bin${FS}keytool -keystore ns7.jks -storepass changeit -keypass changeit"
JAR="${TESTJAVA}${FS}bin${FS}jar"
JS="${TESTJAVA}${FS}bin${FS}jarsigner -keystore ns7.jks -storepass changeit"
rm ns7.*
$KT -genkeypair -alias me -dname CN=Me
touch ns7.txt
$JAR cvf ns7.jar ns7.txt
$JS ns7.jar me
$JAR xvf ns7.jar
grep SHA-256 META-INF/MANIFEST.MF || exit 1
grep SHA-256 META-INF/ME.SF || exit 2
#rm -rf META-INF
exit 0
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6561126
* @summary keytool should use larger default keysize for keypairs
*/
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import sun.security.tools.KeyTool;
public class NewSize7 {
public static void main(String[] args) throws Exception {
String FILE = "newsize7-ks";
new File(FILE).delete();
KeyTool.main(("-debug -genkeypair -keystore " + FILE +
" -alias a -dname cn=c -storepass changeit" +
" -keypass changeit -keyalg rsa").split(" "));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(FILE), null);
new File(FILE).delete();
RSAPublicKey r = (RSAPublicKey)ks.getCertificate("a").getPublicKey();
if (r.getModulus().bitLength() != 2048) {
throw new Exception("Bad keysize");
}
X509Certificate x = (X509Certificate)ks.getCertificate("a");
if (!x.getSigAlgName().equals("SHA256withRSA")) {
throw new Exception("Bad sigalg");
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册