Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
f6057fd9
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f6057fd9
编写于
4月 03, 2009
作者:
S
sherman
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
c731c28a
0f5a0687
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
88 addition
and
22 deletion
+88
-22
src/share/classes/sun/security/tools/KeyTool.java
src/share/classes/sun/security/tools/KeyTool.java
+19
-22
test/sun/security/tools/keytool/selfissued.sh
test/sun/security/tools/keytool/selfissued.sh
+69
-0
未找到文件。
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @
f6057fd9
...
...
@@ -2545,7 +2545,19 @@ public final class KeyTool {
* Returns true if the certificate is self-signed, false otherwise.
*/
private
boolean
isSelfSigned
(
X509Certificate
cert
)
{
return
cert
.
getSubjectDN
().
equals
(
cert
.
getIssuerDN
());
return
signedBy
(
cert
,
cert
);
}
private
boolean
signedBy
(
X509Certificate
end
,
X509Certificate
ca
)
{
if
(!
ca
.
getSubjectDN
().
equals
(
end
.
getIssuerDN
()))
{
return
false
;
}
try
{
end
.
verify
(
ca
.
getPublicKey
());
return
true
;
}
catch
(
Exception
e
)
{
return
false
;
}
}
/**
...
...
@@ -2869,20 +2881,18 @@ public final class KeyTool {
Certificate
tmpCert
=
replyCerts
[
0
];
replyCerts
[
0
]
=
replyCerts
[
i
];
replyCerts
[
i
]
=
tmpCert
;
Principal
issuer
=
((
X509Certificate
)
replyCerts
[
0
]).
getIssuerDN
();
X509Certificate
thisCert
=
(
X509Certificate
)
replyCerts
[
0
];
for
(
i
=
1
;
i
<
replyCerts
.
length
-
1
;
i
++)
{
// find a cert in the reply whose "subject" is the same as the
// given "issuer"
// find a cert in the reply who signs thisCert
int
j
;
for
(
j
=
i
;
j
<
replyCerts
.
length
;
j
++)
{
Principal
subject
;
subject
=
((
X509Certificate
)
replyCerts
[
j
]).
getSubjectDN
();
if
(
subject
.
equals
(
issuer
))
{
if
(
signedBy
(
thisCert
,
(
X509Certificate
)
replyCerts
[
j
]))
{
tmpCert
=
replyCerts
[
i
];
replyCerts
[
i
]
=
replyCerts
[
j
];
replyCerts
[
j
]
=
tmpCert
;
issuer
=
((
X509Certificate
)
replyCerts
[
i
]).
getIssuerDN
()
;
thisCert
=
(
X509Certificate
)
replyCerts
[
i
]
;
break
;
}
}
...
...
@@ -2892,18 +2902,6 @@ public final class KeyTool {
}
}
// now verify each cert in the ordered chain
for
(
i
=
0
;
i
<
replyCerts
.
length
-
1
;
i
++)
{
PublicKey
pubKey
=
replyCerts
[
i
+
1
].
getPublicKey
();
try
{
replyCerts
[
i
].
verify
(
pubKey
);
}
catch
(
Exception
e
)
{
throw
new
Exception
(
rb
.
getString
(
"Certificate chain in reply does not verify: "
)
+
e
.
getMessage
());
}
}
if
(
noprompt
)
{
return
replyCerts
;
}
...
...
@@ -3035,9 +3033,8 @@ public final class KeyTool {
private
boolean
buildChain
(
X509Certificate
certToVerify
,
Vector
<
Certificate
>
chain
,
Hashtable
<
Principal
,
Vector
<
Certificate
>>
certs
)
{
Principal
subject
=
certToVerify
.
getSubjectDN
();
Principal
issuer
=
certToVerify
.
getIssuerDN
();
if
(
subject
.
equals
(
issuer
))
{
if
(
isSelfSigned
(
certToVerify
))
{
// reached self-signed root cert;
// no verification needed because it's trusted.
chain
.
addElement
(
certToVerify
);
...
...
test/sun/security/tools/keytool/selfissued.sh
0 → 100644
浏览文件 @
f6057fd9
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6825352
# @summary support self-issued certificate in keytool
#
# @run shell selfissued.sh
#
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
JAVAC_CMD
=
`
which javac
`
TESTJAVA
=
`
dirname
$JAVAC_CMD
`
/..
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
Windows_
*
)
FS
=
"
\\
"
;;
*
)
FS
=
"/"
;;
esac
KS
=
selfsigned.jks
KT
=
"
$TESTJAVA
${
FS
}
bin
${
FS
}
keytool -storepass changeit -keypass changeit -keystore
$KS
"
rm
$KS
$KT
-alias
ca
-dname
CN
=
CA
-genkeypair
$KT
-alias
me
-dname
CN
=
CA
-genkeypair
$KT
-alias
e1
-dname
CN
=
E1
-genkeypair
$KT
-alias
e2
-dname
CN
=
E2
-genkeypair
# me signed by ca, self-issued
$KT
-alias
me
-certreq
|
$KT
-alias
ca
-gencert
|
$KT
-alias
me
-importcert
# Import e1 signed by me, should add me and ca
$KT
-alias
e1
-certreq
|
$KT
-alias
me
-gencert
|
$KT
-alias
e1
-importcert
$KT
-alias
e1
-list
-v
|
grep
'\[3\]'
||
{
echo
Bad E1
;
exit
1
;
}
# Import (e2 signed by me,ca,me), should reorder to (e2,me,ca)
(
$KT
-alias
e2
-certreq
|
$KT
-alias
me
-gencert
;
$KT
-exportcert
-alias
ca
;
$KT
-exportcert
-alias
me
)
|
$KT
-alias
e2
-importcert
$KT
-alias
e2
-list
-v
|
grep
'\[3\]'
||
{
echo
Bad E2
;
exit
1
;
}
echo
Good
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录