提交 f4482d3a 编写于 作者: W weijun

6847026: keytool should be able to generate certreq and cert without subject name

Reviewed-by: xuelei
上级 08174460
......@@ -1052,7 +1052,7 @@ public final class KeyTool {
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
CertificateSubjectName.DN_NAME);
Date firstDate = getStartDate(startDate);
......@@ -1068,7 +1068,7 @@ public final class KeyTool {
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privateKey);
X500Signer signer = new X500Signer(signature, owner);
X500Signer signer = new X500Signer(signature, issuer);
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
......@@ -1102,7 +1102,8 @@ public final class KeyTool {
PKCS10 req = new PKCS10(rawReq);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(req.getSubjectName()));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
dname==null?req.getSubjectName():new X500Name(dname)));
CertificateExtensions reqex = null;
Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
while (attrs.hasNext()) {
......@@ -1160,8 +1161,9 @@ public final class KeyTool {
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privKey);
X500Name subject =
new X500Name(((X509Certificate)cert).getSubjectDN().toString());
X500Name subject = dname == null?
new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
new X500Name(dname);
X500Signer signer = new X500Signer(signature, subject);
// Sign the request and base-64 encode it
......@@ -3428,7 +3430,7 @@ public final class KeyTool {
int colonpos = name.indexOf(':');
if (colonpos >= 0) {
if (name.substring(colonpos+1).equalsIgnoreCase("critical")) {
if (oneOf(name.substring(colonpos+1), "critical") == 0) {
isCritical = true;
}
name = name.substring(0, colonpos);
......@@ -3688,6 +3690,8 @@ public final class KeyTool {
("-certreq [-v] [-protected]"));
System.err.println(rb.getString
("\t [-alias <alias>] [-sigalg <sigalg>]"));
System.err.println(rb.getString
("\t [-dname <dname>]"));
System.err.println(rb.getString
("\t [-file <csr_file>] [-keypass <keypass>]"));
System.err.println(rb.getString
......@@ -3770,6 +3774,8 @@ public final class KeyTool {
("\t [-infile <infile>] [-outfile <outfile>]"));
System.err.println(rb.getString
("\t [-alias <alias>]"));
System.err.println(rb.getString
("\t [-dname <dname>]"));
System.err.println(rb.getString
("\t [-sigalg <sigalg>]"));
System.err.println(rb.getString
......
......@@ -301,6 +301,7 @@ public class Resources extends java.util.ListResourceBundle {
"-certreq [-v] [-protected]"},
{"\t [-alias <alias>] [-sigalg <sigalg>]",
"\t [-alias <alias>] [-sigalg <sigalg>]"},
{"\t [-dname <dname>]", "\t [-dname <dname>]"},
{"\t [-file <csr_file>] [-keypass <keypass>]",
"\t [-file <csr_file>] [-keypass <keypass>]"},
{"\t [-keystore <keystore>] [-storepass <storepass>]",
......
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6847026
# @summary keytool should be able to generate certreq and cert without subject name
#
# @run shell emptysubject.sh
#
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
KS=emptysubject.jks
KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
rm $KS
$KT -alias ca -dname CN=CA -genkeypair
$KT -alias me -dname CN=Me -genkeypair
# When -dname is recognized, SAN must be specfied, otherwise, -printcert fails.
$KT -alias me -certreq -dname "" | \
$KT -alias ca -gencert | $KT -printcert && exit 1
$KT -alias me -certreq | \
$KT -alias ca -gencert -dname "" | $KT -printcert && exit 2
$KT -alias me -certreq -dname "" | \
$KT -alias ca -gencert -ext san:c=email:me@me.com | \
$KT -printcert || exit 3
$KT -alias me -certreq | \
$KT -alias ca -gencert -dname "" -ext san:c=email:me@me.com | \
$KT -printcert || exit 4
exit 0
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册