--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Sep 28 15:10:02 2011 -0700
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Thu Oct 13 13:50:17 2011 -0400
@@ -38,10 +38,12 @@
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertStoreException;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
@@ -63,23 +65,16 @@
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Encoder;
import sun.security.util.ObjectIdentifier;
-import sun.security.pkcs.PKCS10;
+import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
+import sun.security.provider.certpath.CertStoreHelper;
import sun.security.util.Password;
-import sun.security.util.PathList;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import sun.misc.BASE64Decoder;
-import sun.security.pkcs.PKCS10Attribute;
import sun.security.pkcs.PKCS9Attribute;
-import sun.security.provider.certpath.ldap.LDAPCertStoreHelper;
import sun.security.util.DerValue;
import sun.security.x509.*;
@@ -917,18 +912,13 @@
// Perform the specified command
if (command == CERTREQ) {
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream
- (filename));
- out = ps;
- }
- try {
+ try (PrintStream ps = new PrintStream(new FileOutputStream
+ (filename))) {
+ doCertReq(alias, sigAlgName, ps);
+ }
+ } else {
doCertReq(alias, sigAlgName, out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
if (verbose && filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@@ -941,18 +931,13 @@
doDeleteEntry(alias);
kssave = true;
} else if (command == EXPORTCERT) {
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream
- (filename));
- out = ps;
- }
- try {
+ try (PrintStream ps = new PrintStream(new FileOutputStream
+ (filename))) {
+ doExportCert(alias, ps);
+ }
+ } else {
doExportCert(alias, out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
if (filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@@ -973,16 +958,12 @@
doGenSecretKey(alias, keyAlgName, keysize);
kssave = true;
} else if (command == IDENTITYDB) {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- doImportIdentityDatabase(inStream);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (InputStream inStream = new FileInputStream(filename)) {
+ doImportIdentityDatabase(inStream);
}
+ } else {
+ doImportIdentityDatabase(System.in);
}
} else if (command == IMPORTCERT) {
InputStream inStream = System.in;
@@ -1101,29 +1082,21 @@
if (alias == null) {
alias = keyAlias;
}
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream(filename));
- out = ps;
- }
- try {
+ try (PrintStream ps =
+ new PrintStream(new FileOutputStream(filename))) {
+ doGenCRL(ps);
+ }
+ } else {
doGenCRL(out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
} else if (command == PRINTCERTREQ) {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- doPrintCertReq(inStream, out);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (InputStream inStream = new FileInputStream(filename)) {
+ doPrintCertReq(inStream, out);
}
+ } else {
+ doPrintCertReq(System.in, out);
}
} else if (command == PRINTCRL) {
doPrintCRL(filename, out);
@@ -2070,12 +2043,13 @@
}
}
} else { // must be LDAP, and uri is not null
+ // Lazily load LDAPCertStoreHelper if present
+ CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
String path = uri.getPath();
if (path.charAt(0) == '/') path = path.substring(1);
- LDAPCertStoreHelper h = new LDAPCertStoreHelper();
- CertStore s = h.getCertStore(uri);
+ CertStore s = helper.getCertStore(uri);
X509CRLSelector sel =
- h.wrap(new X509CRLSelector(), null, path);
+ helper.wrap(new X509CRLSelector(), null, path);
return s.getCRLs(sel);
}
}
@@ -2259,18 +2233,12 @@
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
- InputStream is = null;
- try {
- is = jf.getInputStream(je);
+ try (InputStream is = jf.getInputStream(je)) {
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
- } finally {
- if (is != null) {
- is.close();
- }
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
@@ -2316,85 +2284,52 @@
out.println(rb.getString("Not.a.signed.jar.file"));
}
} else if (sslserver != null) {
- SSLContext sc = SSLContext.getInstance("SSL");
- final boolean[] certPrinted = new boolean[1];
- sc.init(null, new TrustManager[] {
- new X509TrustManager() {
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
+ // Lazily load SSLCertStoreHelper if present
+ CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
+ CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
+ Collection<? extends Certificate> chain;
+ try {
+ chain = cs.getCertificates(null);
+ if (chain.isEmpty()) {
+ // If the certs are not retrieved, we consider it an error
+ // even if the URL connection is successful.
+ throw new Exception(rb.getString(
+ "No.certificate.from.the.SSL.server"));
+ }
+ } catch (CertStoreException cse) {
+ if (cse.getCause() instanceof IOException) {
+ throw new Exception(rb.getString(
+ "No.certificate.from.the.SSL.server"),
+ cse.getCause());
+ } else {
+ throw cse;
+ }
+ }
+
+ int i = 0;
+ for (Certificate cert : chain) {
+ try {
+ if (rfc) {
+ dumpCert(cert, out);
+ } else {
+ out.println("Certificate #" + i++);
+ out.println("====================================");
+ printX509Cert((X509Certificate)cert, out);
+ out.println();
}
-
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
- for (int i=0; i<certs.length; i++) {
- X509Certificate cert = certs[i];
- try {
- if (rfc) {
- dumpCert(cert, out);
- } else {
- out.println("Certificate #" + i);
- out.println("====================================");
- printX509Cert(cert, out);
- out.println();
- }
- } catch (Exception e) {
- if (debug) {
- e.printStackTrace();
- }
- }
- }
-
- // Set to true where there's something to print
- if (certs.length > 0) {
- certPrinted[0] = true;
- }
+ } catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
}
}
- }, null);
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
- HttpsURLConnection.setDefaultHostnameVerifier(
- new HostnameVerifier() {
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- });
- // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
- // -Dhttps.proxyPort can be used. Since we only go through
- // the handshake process, an HTTPS server is not needed.
- // This program should be able to deal with any SSL-based
- // network service.
- Exception ex = null;
- try {
- new URL("https://" + sslserver).openConnection().connect();
- } catch (Exception e) {
- ex = e;
- }
- // If the certs are not printed out, we consider it an error even
- // if the URL connection is successful.
- if (!certPrinted[0]) {
- Exception e = new Exception(
- rb.getString("No.certificate.from.the.SSL.server"));
- if (ex != null) {
- e.initCause(ex);
- }
- throw e;
}
} else {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- printCertFromStream(inStream, out);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (FileInputStream inStream = new FileInputStream(filename)) {
+ printCertFromStream(inStream, out);
}
+ } else {
+ printCertFromStream(System.in, out);
}
}
}
@@ -2590,9 +2525,7 @@
X509Certificate cert = null;
try {
cert = (X509Certificate)cf.generateCertificate(in);
- } catch (ClassCastException cce) {
- throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
- } catch (CertificateException ce) {
+ } catch (ClassCastException | CertificateException ce) {
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
}
@@ -3441,16 +3374,10 @@
if (!file.exists()) {
return null;
}
- FileInputStream fis = null;
KeyStore caks = null;
- try {
- fis = new FileInputStream(file);
+ try (FileInputStream fis = new FileInputStream(file)) {
caks = KeyStore.getInstance(JKS);
caks.load(fis, null);
- } finally {
- if (fis != null) {
- fis.close();
- }
}
return caks;
}