3788 CertificateExtensions existingEx, |
3788 CertificateExtensions existingEx, |
3789 List <String> extstrs, |
3789 List <String> extstrs, |
3790 PublicKey pkey, |
3790 PublicKey pkey, |
3791 PublicKey akey) throws Exception { |
3791 PublicKey akey) throws Exception { |
3792 |
3792 |
|
3793 // By design, inside a CertificateExtensions object, all known |
|
3794 // extensions uses name (say, "BasicConstraints") as key and |
|
3795 // a child Extension type (say, "BasicConstraintsExtension") |
|
3796 // as value, unknown extensions uses OID as key and bare |
|
3797 // Extension object as value. This works fine inside JDK. |
|
3798 // |
|
3799 // However, in keytool, there is no way to prevent people |
|
3800 // using OID in -ext, either as a new extension, or in a |
|
3801 // honored value. Thus here we (ab)use CertificateExtensions |
|
3802 // by always using OID as key and value can be of any type. |
|
3803 |
3793 if (existingEx != null && requestedEx != null) { |
3804 if (existingEx != null && requestedEx != null) { |
3794 // This should not happen |
3805 // This should not happen |
3795 throw new Exception("One of request and original should be null."); |
3806 throw new Exception("One of request and original should be null."); |
3796 } |
3807 } |
3797 // A new extensions always using OID as key |
3808 // A new extensions always using OID as key |
3803 } |
3814 } |
3804 try { |
3815 try { |
3805 // name{:critical}{=value} |
3816 // name{:critical}{=value} |
3806 // Honoring requested extensions |
3817 // Honoring requested extensions |
3807 if (requestedEx != null) { |
3818 if (requestedEx != null) { |
|
3819 // The existing requestedEx might use names as keys, |
|
3820 // translate to all-OID first. |
|
3821 CertificateExtensions request2 = new CertificateExtensions(); |
|
3822 for (sun.security.x509.Extension ex: requestedEx.getAllExtensions()) { |
|
3823 request2.set(ex.getId(), ex); |
|
3824 } |
3808 for(String extstr: extstrs) { |
3825 for(String extstr: extstrs) { |
3809 if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { |
3826 if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) { |
3810 List<String> list = Arrays.asList( |
3827 List<String> list = Arrays.asList( |
3811 extstr.toLowerCase(Locale.ENGLISH).substring(8).split(",")); |
3828 extstr.toLowerCase(Locale.ENGLISH).substring(8).split(",")); |
3812 // First check existence of "all" |
3829 // First check existence of "all" |
3813 if (list.contains("all")) { |
3830 if (list.contains("all")) { |
3814 for (Extension ex: requestedEx.getAllExtensions()) { |
3831 for (Extension ex: request2.getAllExtensions()) { |
3815 setExt(result, ex); |
3832 setExt(result, ex); |
3816 } |
3833 } |
3817 } |
3834 } |
3818 // one by one for others |
3835 // one by one for others |
3819 for (String item: list) { |
3836 for (String item: list) { |
3842 type = item; |
3859 type = item; |
3843 } |
3860 } |
3844 } |
3861 } |
3845 String n = findOidForExtName(type).toString(); |
3862 String n = findOidForExtName(type).toString(); |
3846 if (add) { |
3863 if (add) { |
3847 Extension e = requestedEx.get(n); |
3864 Extension e = request2.get(n); |
3848 if (!e.isCritical() && action == 0 |
3865 if (!e.isCritical() && action == 0 |
3849 || e.isCritical() && action == 1) { |
3866 || e.isCritical() && action == 1) { |
3850 e = Extension.newExtension( |
3867 e = Extension.newExtension( |
3851 e.getExtensionId(), |
3868 e.getExtensionId(), |
3852 !e.isCritical(), |
3869 !e.isCritical(), |