Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
f4482d3a
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
f4482d3a
编写于
7月 22, 2009
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6847026: keytool should be able to generate certreq and cert without subject name
Reviewed-by: xuelei
上级
08174460
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
81 addition
and
6 deletion
+81
-6
src/share/classes/sun/security/tools/KeyTool.java
src/share/classes/sun/security/tools/KeyTool.java
+12
-6
src/share/classes/sun/security/util/Resources.java
src/share/classes/sun/security/util/Resources.java
+1
-0
test/sun/security/tools/keytool/emptysubject.sh
test/sun/security/tools/keytool/emptysubject.sh
+68
-0
未找到文件。
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @
f4482d3a
...
...
@@ -1052,7 +1052,7 @@ public final class KeyTool {
X509CertImpl
signerCertImpl
=
new
X509CertImpl
(
encoded
);
X509CertInfo
signerCertInfo
=
(
X509CertInfo
)
signerCertImpl
.
get
(
X509CertImpl
.
NAME
+
"."
+
X509CertImpl
.
INFO
);
X500Name
own
er
=
(
X500Name
)
signerCertInfo
.
get
(
X509CertInfo
.
SUBJECT
+
"."
+
X500Name
issu
er
=
(
X500Name
)
signerCertInfo
.
get
(
X509CertInfo
.
SUBJECT
+
"."
+
CertificateSubjectName
.
DN_NAME
);
Date
firstDate
=
getStartDate
(
startDate
);
...
...
@@ -1068,7 +1068,7 @@ public final class KeyTool {
Signature
signature
=
Signature
.
getInstance
(
sigAlgName
);
signature
.
initSign
(
privateKey
);
X500Signer
signer
=
new
X500Signer
(
signature
,
own
er
);
X500Signer
signer
=
new
X500Signer
(
signature
,
issu
er
);
X509CertInfo
info
=
new
X509CertInfo
();
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
...
...
@@ -1102,7 +1102,8 @@ public final class KeyTool {
PKCS10
req
=
new
PKCS10
(
rawReq
);
info
.
set
(
X509CertInfo
.
KEY
,
new
CertificateX509Key
(
req
.
getSubjectPublicKeyInfo
()));
info
.
set
(
X509CertInfo
.
SUBJECT
,
new
CertificateSubjectName
(
req
.
getSubjectName
()));
info
.
set
(
X509CertInfo
.
SUBJECT
,
new
CertificateSubjectName
(
dname
==
null
?
req
.
getSubjectName
():
new
X500Name
(
dname
)));
CertificateExtensions
reqex
=
null
;
Iterator
<
PKCS10Attribute
>
attrs
=
req
.
getAttributes
().
getAttributes
().
iterator
();
while
(
attrs
.
hasNext
())
{
...
...
@@ -1160,8 +1161,9 @@ public final class KeyTool {
Signature
signature
=
Signature
.
getInstance
(
sigAlgName
);
signature
.
initSign
(
privKey
);
X500Name
subject
=
new
X500Name
(((
X509Certificate
)
cert
).
getSubjectDN
().
toString
());
X500Name
subject
=
dname
==
null
?
new
X500Name
(((
X509Certificate
)
cert
).
getSubjectDN
().
toString
()):
new
X500Name
(
dname
);
X500Signer
signer
=
new
X500Signer
(
signature
,
subject
);
// Sign the request and base-64 encode it
...
...
@@ -3428,7 +3430,7 @@ public final class KeyTool {
int
colonpos
=
name
.
indexOf
(
':'
);
if
(
colonpos
>=
0
)
{
if
(
name
.
substring
(
colonpos
+
1
).
equalsIgnoreCase
(
"critical"
)
)
{
if
(
oneOf
(
name
.
substring
(
colonpos
+
1
),
"critical"
)
==
0
)
{
isCritical
=
true
;
}
name
=
name
.
substring
(
0
,
colonpos
);
...
...
@@ -3688,6 +3690,8 @@ public final class KeyTool {
(
"-certreq [-v] [-protected]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-alias <alias>] [-sigalg <sigalg>]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-dname <dname>]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-file <csr_file>] [-keypass <keypass>]"
));
System
.
err
.
println
(
rb
.
getString
...
...
@@ -3770,6 +3774,8 @@ public final class KeyTool {
(
"\t [-infile <infile>] [-outfile <outfile>]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-alias <alias>]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-dname <dname>]"
));
System
.
err
.
println
(
rb
.
getString
(
"\t [-sigalg <sigalg>]"
));
System
.
err
.
println
(
rb
.
getString
...
...
src/share/classes/sun/security/util/Resources.java
浏览文件 @
f4482d3a
...
...
@@ -301,6 +301,7 @@ public class Resources extends java.util.ListResourceBundle {
"-certreq [-v] [-protected]"
},
{
"\t [-alias <alias>] [-sigalg <sigalg>]"
,
"\t [-alias <alias>] [-sigalg <sigalg>]"
},
{
"\t [-dname <dname>]"
,
"\t [-dname <dname>]"
},
{
"\t [-file <csr_file>] [-keypass <keypass>]"
,
"\t [-file <csr_file>] [-keypass <keypass>]"
},
{
"\t [-keystore <keystore>] [-storepass <storepass>]"
,
...
...
test/sun/security/tools/keytool/emptysubject.sh
0 → 100644
浏览文件 @
f4482d3a
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6847026
# @summary keytool should be able to generate certreq and cert without subject name
#
# @run shell emptysubject.sh
#
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
JAVAC_CMD
=
`
which javac
`
TESTJAVA
=
`
dirname
$JAVAC_CMD
`
/..
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
Windows_
*
)
FS
=
"
\\
"
;;
*
)
FS
=
"/"
;;
esac
KS
=
emptysubject.jks
KT
=
"
$TESTJAVA
${
FS
}
bin
${
FS
}
keytool -storepass changeit -keypass changeit -keystore
$KS
"
rm
$KS
$KT
-alias
ca
-dname
CN
=
CA
-genkeypair
$KT
-alias
me
-dname
CN
=
Me
-genkeypair
# When -dname is recognized, SAN must be specfied, otherwise, -printcert fails.
$KT
-alias
me
-certreq
-dname
""
|
\
$KT
-alias
ca
-gencert
|
$KT
-printcert
&&
exit
1
$KT
-alias
me
-certreq
|
\
$KT
-alias
ca
-gencert
-dname
""
|
$KT
-printcert
&&
exit
2
$KT
-alias
me
-certreq
-dname
""
|
\
$KT
-alias
ca
-gencert
-ext
san:c
=
email:me@me.com |
\
$KT
-printcert
||
exit
3
$KT
-alias
me
-certreq
|
\
$KT
-alias
ca
-gencert
-dname
""
-ext
san:c
=
email:me@me.com |
\
$KT
-printcert
||
exit
4
exit
0
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录