Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
d5341073
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
d5341073
编写于
7月 22, 2009
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6561126: keytool should use larger default keysize for keypairs
Reviewed-by: mullan
上级
3d8c4550
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
136 addition
and
4 deletion
+136
-4
src/share/classes/sun/security/tools/JarSigner.java
src/share/classes/sun/security/tools/JarSigner.java
+2
-2
src/share/classes/sun/security/tools/KeyTool.java
src/share/classes/sun/security/tools/KeyTool.java
+4
-1
src/share/classes/sun/security/util/Resources.java
src/share/classes/sun/security/util/Resources.java
+1
-1
test/sun/security/tools/jarsigner/newsize7.sh
test/sun/security/tools/jarsigner/newsize7.sh
+73
-0
test/sun/security/tools/keytool/NewSize7.java
test/sun/security/tools/keytool/NewSize7.java
+56
-0
未找到文件。
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @
d5341073
...
...
@@ -136,7 +136,7 @@ public class JarSigner {
char
[]
keypass
;
// private key password
String
sigfile
;
// name of .SF file
String
sigalg
;
// name of signature algorithm
String
digestalg
=
"SHA
1
"
;
// name of digest algorithm
String
digestalg
=
"SHA
-256
"
;
// name of digest algorithm
String
signedjar
;
// output filename
String
tsaUrl
;
// location of the Timestamping Authority
String
tsaAlias
;
// alias for the Timestamping Authority's certificate
...
...
@@ -2205,7 +2205,7 @@ class SignatureFile {
if
(
keyAlgorithm
.
equalsIgnoreCase
(
"DSA"
))
digestAlgorithm
=
"SHA1"
;
else
if
(
keyAlgorithm
.
equalsIgnoreCase
(
"RSA"
))
digestAlgorithm
=
"SHA
1
"
;
digestAlgorithm
=
"SHA
256
"
;
else
{
throw
new
RuntimeException
(
"private key is not a DSA or "
+
"RSA key"
);
...
...
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @
d5341073
...
...
@@ -1318,7 +1318,7 @@ public final class KeyTool {
if
(
"DSA"
.
equalsIgnoreCase
(
keyAlgName
))
{
return
"SHA1WithDSA"
;
}
else
if
(
"RSA"
.
equalsIgnoreCase
(
keyAlgName
))
{
return
"SHA
1
WithRSA"
;
return
"SHA
256
WithRSA"
;
}
else
if
(
"EC"
.
equalsIgnoreCase
(
keyAlgName
))
{
return
"SHA1withECDSA"
;
}
else
{
...
...
@@ -1336,6 +1336,8 @@ public final class KeyTool {
if
(
keysize
==
-
1
)
{
if
(
"EC"
.
equalsIgnoreCase
(
keyAlgName
))
{
keysize
=
256
;
}
else
if
(
"RSA"
.
equalsIgnoreCase
(
keyAlgName
))
{
keysize
=
2048
;
}
else
{
keysize
=
1024
;
}
...
...
@@ -2499,6 +2501,7 @@ public final class KeyTool {
cert
.
getNotAfter
().
toString
(),
getCertFingerPrint
(
"MD5"
,
cert
),
getCertFingerPrint
(
"SHA1"
,
cert
),
getCertFingerPrint
(
"SHA-256"
,
cert
),
cert
.
getSigAlgName
(),
cert
.
getVersion
()
};
...
...
src/share/classes/sun/security/util/Resources.java
浏览文件 @
d5341073
...
...
@@ -215,7 +215,7 @@ public class Resources extends java.util.ListResourceBundle {
{
"\t(RETURN if same as for <otherAlias>)"
,
"\t(RETURN if same as for <{0}>)"
},
{
"*PATTERN* printX509Cert"
,
"Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t S
ignature algorithm name: {7}\n\t Version: {8
}"
},
"Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t S
HA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9
}"
},
{
"What is your first and last name?"
,
"What is your first and last name?"
},
{
"What is the name of your organizational unit?"
,
...
...
test/sun/security/tools/jarsigner/newsize7.sh
0 → 100644
浏览文件 @
d5341073
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6561126
# @summary keytool should use larger default keysize for keypairs
#
# @run shell newsize7.sh
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if
[
"
${
TESTSRC
}
"
=
""
]
;
then
TESTSRC
=
"."
fi
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
JAVA_CMD
=
`
which java
`
TESTJAVA
=
`
dirname
$JAVA_CMD
`
/..
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
Windows_
*
)
FS
=
"
\\
"
;;
*
)
FS
=
"/"
;;
esac
KSFILE
=
ns7.jks
KT
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
keytool -keystore ns7.jks -storepass changeit -keypass changeit"
JAR
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
jar"
JS
=
"
${
TESTJAVA
}${
FS
}
bin
${
FS
}
jarsigner -keystore ns7.jks -storepass changeit"
rm
ns7.
*
$KT
-genkeypair
-alias
me
-dname
CN
=
Me
touch
ns7.txt
$JAR
cvf ns7.jar ns7.txt
$JS
ns7.jar me
$JAR
xvf ns7.jar
grep
SHA-256 META-INF/MANIFEST.MF
||
exit
1
grep
SHA-256 META-INF/ME.SF
||
exit
2
#rm -rf META-INF
exit
0
test/sun/security/tools/keytool/NewSize7.java
0 → 100644
浏览文件 @
d5341073
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6561126
* @summary keytool should use larger default keysize for keypairs
*/
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.security.KeyStore
;
import
java.security.cert.X509Certificate
;
import
java.security.interfaces.RSAPublicKey
;
import
sun.security.tools.KeyTool
;
public
class
NewSize7
{
public
static
void
main
(
String
[]
args
)
throws
Exception
{
String
FILE
=
"newsize7-ks"
;
new
File
(
FILE
).
delete
();
KeyTool
.
main
((
"-debug -genkeypair -keystore "
+
FILE
+
" -alias a -dname cn=c -storepass changeit"
+
" -keypass changeit -keyalg rsa"
).
split
(
" "
));
KeyStore
ks
=
KeyStore
.
getInstance
(
"JKS"
);
ks
.
load
(
new
FileInputStream
(
FILE
),
null
);
new
File
(
FILE
).
delete
();
RSAPublicKey
r
=
(
RSAPublicKey
)
ks
.
getCertificate
(
"a"
).
getPublicKey
();
if
(
r
.
getModulus
().
bitLength
()
!=
2048
)
{
throw
new
Exception
(
"Bad keysize"
);
}
X509Certificate
x
=
(
X509Certificate
)
ks
.
getCertificate
(
"a"
);
if
(!
x
.
getSigAlgName
().
equals
(
"SHA256withRSA"
))
{
throw
new
Exception
(
"Bad sigalg"
);
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录