# HG changeset patch # User weijun # Date 1573780018 -28800 # Node ID 046e4024e55a72b2188a249140b76af988b209d3 # Parent 4a09d4df104c768693bee9416b23e6707bd37a05 8214024: Remove the default keytool -keyalg value Reviewed-by: mullan diff -r 4a09d4df104c -r 046e4024e55a src/java.base/share/classes/sun/security/tools/keytool/Main.java --- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java Thu Nov 14 16:34:24 2019 -0800 +++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java Fri Nov 15 09:06:58 2019 +0800 @@ -1151,17 +1151,15 @@ } } else if (command == GENKEYPAIR) { if (keyAlgName == null) { - keyAlgName = "DSA"; - weakWarnings.add(String.format(rb.getString( - "keyalg.option.1.missing.warning"), keyAlgName)); + throw new Exception(rb.getString( + "keyalg.option.missing.error")); } doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName); kssave = true; } else if (command == GENSECKEY) { if (keyAlgName == null) { - keyAlgName = "DES"; - weakWarnings.add(String.format(rb.getString( - "keyalg.option.1.missing.warning"), keyAlgName)); + throw new Exception(rb.getString( + "keyalg.option.missing.error")); } doGenSecretKey(alias, keyAlgName, keysize); kssave = true; diff -r 4a09d4df104c -r 046e4024e55a src/java.base/share/classes/sun/security/tools/keytool/Resources.java --- a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Thu Nov 14 16:34:24 2019 -0800 +++ b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Fri Nov 15 09:06:58 2019 +0800 @@ -474,7 +474,7 @@ {"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."}, {"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."}, {"importing.keystore.status", "Importing keystore %1$s to %2$s..."}, - {"keyalg.option.1.missing.warning", "No -keyalg option. The default key algorithm (%s) is a legacy algorithm and is no longer recommended. In a subsequent release of the JDK, the default will be removed and the -keyalg option must be specified."}, + {"keyalg.option.missing.error", "The -keyalg option must be specified."}, {"showinfo.no.option", "Missing option for -showinfo. Try \"keytool -showinfo -tls\"."}, }; diff -r 4a09d4df104c -r 046e4024e55a test/hotspot/jtreg/runtime/cds/appcds/JarBuilder.java --- a/test/hotspot/jtreg/runtime/cds/appcds/JarBuilder.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/hotspot/jtreg/runtime/cds/appcds/JarBuilder.java Fri Nov 15 09:06:58 2019 +0800 @@ -232,7 +232,7 @@ executeProcess(keyTool, "-genkey", "-keystore", "./keystore", "-alias", "mykey", - "-storepass", "abc123", "-keypass", "abc123", + "-storepass", "abc123", "-keypass", "abc123", "-keyalg", "dsa", "-dname", "CN=jvmtest") .shouldHaveExitValue(0); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/java/security/Policy/ExtensiblePolicy/ExtensiblePolicyWithJarTest.java --- a/test/jdk/java/security/Policy/ExtensiblePolicy/ExtensiblePolicyWithJarTest.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/java/security/Policy/ExtensiblePolicy/ExtensiblePolicyWithJarTest.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,6 +69,7 @@ // create key pair for jar signing ProcessTools.executeCommand(KEYTOOL, "-genkey", + "-keyalg", "DSA", "-alias", ALIAS, "-keystore", KEYSTORE, "-storetype", "JKS", diff -r 4a09d4df104c -r 046e4024e55a test/jdk/java/security/Policy/SignedJar/SignedJarTest.java --- a/test/jdk/java/security/Policy/SignedJar/SignedJarTest.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/java/security/Policy/SignedJar/SignedJarTest.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -66,6 +66,7 @@ //Creating first key , keystore both.jks ProcessTools.executeCommand(KEYTOOL, "-genkey", + "-keyalg", "DSA", "-alias", "first", "-keystore", KEYSTORE1, "-keypass", PASSWORD, @@ -76,6 +77,7 @@ //Creating Second key, keystore both.jks ProcessTools.executeCommand(KEYTOOL, "-genkey", + "-keyalg", "DSA", // "-storetype","JKS", "-alias", "second", "-keystore", KEYSTORE1, diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/pkcs12/PBES2Encoding.java --- a/test/jdk/sun/security/pkcs12/PBES2Encoding.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/pkcs12/PBES2Encoding.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,7 +35,7 @@ // This is a PKCS 12 file using PBES2 to encrypt the cert and key. It is // generated with these commands: // - // keytool -keystore ks -genkeypair -storepass changeit -alias a -dname CN=A + // keytool -keystore ks -genkeypair -keyalg DSA -storepass changeit -alias a -dname CN=A // openssl pkcs12 -in ks -nodes -out kandc -passin pass:changeit // openssl pkcs12 -export -in kandc -out p12 -name a -passout pass:changeit // -certpbe AES-128-CBC -keypbe AES-128-CBC diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/pkcs12/ParamsTest.java --- a/test/jdk/sun/security/pkcs12/ParamsTest.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/pkcs12/ParamsTest.java Fri Nov 15 09:06:58 2019 +0800 @@ -114,7 +114,8 @@ check("ksnormal", "a", "wrongpass", "-", IOException.class, "-", "-"); // Add a new entry with password-less settings, still has a storepass - keytool("-keystore ksnormal -genkeypair -storepass changeit -alias b -dname CN=b " + keytool("-keystore ksnormal -genkeypair -keyalg DSA " + + "-storepass changeit -alias b -dname CN=b " + "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " + "-J-Dkeystore.pkcs12.macAlgorithm=NONE"); data = Files.readAllBytes(Path.of("ksnormal")); @@ -146,7 +147,8 @@ check("ksnopass", "a", "wrongpass", "changeit", true, true, true); // Add a new entry with normal settings, still password-less - keytool("-keystore ksnopass -genkeypair -storepass changeit -alias b -dname CN=B"); + keytool("-keystore ksnopass -genkeypair -keyalg DSA " + + "-storepass changeit -alias b -dname CN=B"); data = Files.readAllBytes(Path.of("ksnopass")); shouldNotExist(data, "2"); // no Mac checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); @@ -171,13 +173,15 @@ checkInt(data, "110c1101111", 6666); // cert ic // keypbe alg cannot be NONE - keytool("-keystore ksnewic -genkeypair -storepass changeit -alias b -dname CN=B " + keytool("-keystore ksnewic -genkeypair -keyalg DSA " + + "-storepass changeit -alias b -dname CN=B " + "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=NONE") .shouldContain("NONE AlgorithmParameters not available") .shouldHaveExitValue(1); // new entry new keypbe alg (and default ic), else unchanged - keytool("-keystore ksnewic -genkeypair -storepass changeit -alias b -dname CN=B " + keytool("-keystore ksnewic -genkeypair -keyalg DSA " + + "-storepass changeit -alias b -dname CN=B " + "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128"); data = Files.readAllBytes(Path.of("ksnewic")); checkInt(data, "22", 5555); // Mac ic @@ -336,7 +340,8 @@ // still prompt for keypass for genkeypair and certreq SecurityTools.setResponse("changeit", "changeit"); - keytool("-keystore ksnopassnew -genkeypair -alias a -dname CN=A " + keytool("-keystore ksnopassnew -genkeypair -keyalg DSA " + + "-alias a -dname CN=A " + "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " + "-J-Dkeystore.pkcs12.macAlgorithm=NONE") .shouldNotContain("Enter keystore password:") @@ -351,7 +356,8 @@ // params only read on demand // keyPbeIterationCount is used by -genkeypair - keytool("-keystore ksgenbadkeyic -genkeypair -alias a -dname CN=A " + keytool("-keystore ksgenbadkeyic -genkeypair -keyalg DSA " + + "-alias a -dname CN=A " + "-storepass changeit " + "-J-Dkeystore.pkcs12.keyPbeIterationCount=abc") .shouldContain("keyPbeIterationCount is not a number: abc") diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/pkcs12/SameDN.java --- a/test/jdk/sun/security/pkcs12/SameDN.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/pkcs12/SameDN.java Fri Nov 15 09:06:58 2019 +0800 @@ -55,7 +55,7 @@ } static void genkeypair(String alias, String dn) throws Exception { - keytool(COMMON + "-genkeypair -alias " + alias + " -dname " + dn) + keytool(COMMON + "-genkeypair -keyalg DSA -alias " + alias + " -dname " + dn) .shouldHaveExitValue(0); } diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/jarsigner/AltProvider.java --- a/test/jdk/sun/security/tools/jarsigner/AltProvider.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/jarsigner/AltProvider.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,7 +69,7 @@ MOD_SRC_DIR.toString()); // Create a keystore - tool("keytool", "-keystore x.jks -storetype jks -genkeypair" + + tool("keytool", "-keystore x.jks -storetype jks -genkeypair -keyalg dsa" + " -storepass changeit -keypass changeit -alias x -dname CN=X") .shouldHaveExitValue(0); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java --- a/test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java Fri Nov 15 09:06:58 2019 +0800 @@ -50,7 +50,7 @@ public void testAliasCase() throws Exception { final String KEYSTORE_OPTIONS = "-storetype JKS -keystore " + "test-alias-case.jks -storepass changeit"; - SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair" + SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA" + " -keypass changeit -alias " + ALIAS + " -dname CN=" + ALIAS) .shouldHaveExitValue(0); String jarFilename = "test-alias-case.jar"; @@ -88,10 +88,10 @@ // signed by another certificate associated with ALIAS + "1". final String KEYSTORE_OPTIONS = "-storetype JKS -keystore" + " test-alias-storeHash-case.jks -storepass changeit"; - SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair" + SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA" + " -keypass changeit -alias " + ALIAS + "1 -dname CN=" + ALIAS + "1").shouldHaveExitValue(0); - SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair" + SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA" + " -keypass changeit -alias " + ALIAS + "2 -dname CN=" + ALIAS + "2").shouldHaveExitValue(0); String certReq = SecurityTools.keytool(KEYSTORE_OPTIONS + diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java --- a/test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,6 +77,7 @@ static void prepare() throws Exception { SecurityTools.keytool("-keystore", keystoreFileName, "-genkeypair", + "-keyalg", "dsa", "-storepass", "changeit", "-keypass", "changeit", "-storetype", "JKS", "-alias", alias, "-dname", "CN=X", "-validity", "366") .shouldHaveExitValue(0); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java --- a/test/jdk/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -152,6 +152,7 @@ "-J-Duser.language=en", "-J-Duser.country=US", "-genkey", + "-keyalg", "dsa", "-alias", ALIAS, "-keystore", KEYSTORE, "-keypass", KEYPASS, diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/DeprecateKeyalg.java --- a/test/jdk/sun/security/tools/keytool/DeprecateKeyalg.java Thu Nov 14 16:34:24 2019 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import jdk.test.lib.SecurityTools; -import jdk.test.lib.process.OutputAnalyzer; - -/** - * @test - * @bug 8212003 8214179 - * @summary Deprecating the default keytool -keyalg option - * @library /test/lib - */ - -public class DeprecateKeyalg { - - private static final String COMMON = "-keystore ks -storetype jceks " - + "-storepass changeit -keypass changeit"; - - public static void main(String[] args) throws Throwable { - - kt("-genkeypair -keyalg DSA -alias a -dname CN=A") - .shouldContain("Generating") - .shouldNotContain("-keyalg option must be specified"); - - kt("-genkeypair -alias b -dname CN=B") - .shouldContain("Generating") - .shouldContain("default key algorithm (DSA)") - .shouldContain("-keyalg option must be specified"); - - kt("-genseckey -keyalg DES -alias c") - .shouldContain("Generated") - .shouldNotContain("-keyalg option must be specified"); - - kt("-genseckey -alias d") - .shouldContain("Generated") - .shouldContain("default key algorithm (DES)") - .shouldContain("-keyalg option must be specified"); - - kt("-genkeypair -alias e -dname CN=e -keyalg EC -groupname brainpoolP256r1") - .shouldContain("Generating 256 bit EC (brainpoolP256r1) key pair"); - - kt("-genkeypair -alias f -dname CN=f -keyalg EC") - .shouldContain("Generating 256 bit EC (secp256r1) key pair"); - - kt("-genkeypair -alias g -dname CN=g -keyalg EC -keysize 384") - .shouldContain("Generating 384 bit EC (secp384r1) key pair"); - } - - private static OutputAnalyzer kt(String cmd) throws Throwable { - return SecurityTools.keytool(COMMON + " " + cmd) - .shouldHaveExitValue(0); - } -} diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/DupImport.java --- a/test/jdk/sun/security/tools/keytool/DupImport.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/DupImport.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,9 +51,9 @@ Files.deleteIfExists(Paths.get("dup.ks")); // Create chain: root -> int -> me - run("-genkeypair -alias me -dname CN=Me"); - run("-genkeypair -alias int -dname CN=Int"); - run("-genkeypair -alias root -dname CN=Root"); + run("-genkeypair -keyalg DSA -alias me -dname CN=Me"); + run("-genkeypair -keyalg DSA -alias int -dname CN=Int"); + run("-genkeypair -keyalg DSA -alias root -dname CN=Root"); run("-certreq -alias int -file int.req"); run("-gencert -infile int.req -alias root -rfc -outfile int.resp"); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/HasSrcStoretypeOption.java --- a/test/jdk/sun/security/tools/keytool/HasSrcStoretypeOption.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/HasSrcStoretypeOption.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,7 @@ public class HasSrcStoretypeOption { public static void main(String[] args) throws Exception { - run("-genkeypair -alias a -dname CN=A -storetype jceks -keystore jce"); + run("-genkeypair -keyalg DSA -alias a -dname CN=A -storetype jceks -keystore jce"); // When there is no -srcstoretype, it should be probed from the file run("-importkeystore -srckeystore jce -destkeystore jks -deststoretype jks"); } diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/ImportPrompt.java --- a/test/jdk/sun/security/tools/keytool/ImportPrompt.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/ImportPrompt.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,11 +50,11 @@ public static void main(String[] args) throws Throwable { - kt("-keystore ks1 -genkeypair -alias a -dname CN=A"); + kt("-keystore ks1 -genkeypair -keyalg DSA -alias a -dname CN=A"); kt("-keystore ks1 -exportcert -alias a -file a.cert"); // Just create a keystore - kt("-keystore ks2 -genkeypair -alias b -dname CN=B"); + kt("-keystore ks2 -genkeypair -keyalg DSA -alias b -dname CN=B"); // no response text, assume no kt("-keystore ks2 -importcert -alias a -file a.cert"); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/KeyAlg.java --- a/test/jdk/sun/security/tools/keytool/KeyAlg.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/KeyAlg.java Fri Nov 15 09:06:58 2019 +0800 @@ -23,7 +23,7 @@ /* * @test - * @bug 8029659 + * @bug 8029659 8214179 * @summary Keytool, print key algorithm of certificate or key entry * @library /test/lib */ @@ -33,22 +33,25 @@ public class KeyAlg { public static void main(String[] args) throws Exception { - keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC") - .shouldHaveExitValue(0); - keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024") - .shouldHaveExitValue(0); - keytool("-certreq -alias user -file user.req").shouldHaveExitValue(0); + keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC"); + keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024"); + keytool("-certreq -alias user -file user.req"); keytool("-gencert -alias ca -rfc -sigalg SHA1withECDSA" - + " -infile user.req -outfile user.crt") - .shouldHaveExitValue(0); + + " -infile user.req -outfile user.crt"); keytool("-printcert -file user.crt") - .shouldHaveExitValue(0) .shouldMatch("Signature algorithm name:.*SHA1withECDSA") .shouldMatch("Subject Public Key Algorithm:.*1024.*RSA"); + keytool("-genkeypair -alias e -dname CN=e -keyalg EC -groupname brainpoolP256r1") + .shouldContain("Generating 256 bit EC (brainpoolP256r1) key pair"); + keytool("-genkeypair -alias f -dname CN=f -keyalg EC") + .shouldContain("Generating 256 bit EC (secp256r1) key pair"); + keytool("-genkeypair -alias g -dname CN=g -keyalg EC -keysize 384") + .shouldContain("Generating 384 bit EC (secp384r1) key pair"); } static OutputAnalyzer keytool(String s) throws Exception { return SecurityTools.keytool( - "-keystore ks -storepass changeit -keypass changeit " + s); + "-keystore ks -storepass changeit -keypass changeit " + s) + .shouldHaveExitValue(0); } } diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/KeyToolTest.java --- a/test/jdk/sun/security/tools/keytool/KeyToolTest.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/KeyToolTest.java Fri Nov 15 09:06:58 2019 +0800 @@ -197,7 +197,7 @@ // jarsigner and keytool algorithm for DSA keys". Unfortunately // SunPKCS11-NSS does not support SHA256withDSA yet. if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey") - && !cmd.contains("-keyalg")) { + && cmd.contains("DSA")) { cmd += " -sigalg SHA1withDSA -keysize 1024"; } test(input, cmd); @@ -352,7 +352,7 @@ remove("x.jks"); remove("x.jks.p1.cert"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-exportcert -alias p1 -file x.jks.p1.cert"); ks = loadStore("x.jks", "changeit", "JKS"); @@ -377,7 +377,7 @@ // changealias and keyclone testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); testOK("changeit\n", "-keystore x.jks -storetype JKS " + "-changealias -alias p1 -destalias p11"); testOK("changeit\n", "-keystore x.jks -storetype JKS " + @@ -396,10 +396,10 @@ remove("x.jceks"); // DES, no need keysize testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + - "-genseckey -alias s1"); + "-genseckey -keyalg DES -alias s1"); // DES, keysize cannot be 128 testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + - "-genseckey -alias s11 -keysize 128"); + "-genseckey -keyalg DES -alias s11 -keysize 128"); // DESede. no need keysize testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + "-genseckey -keyalg DESede -alias s2"); @@ -411,19 +411,20 @@ // about keypass // can accept storepass testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit " + - "-genseckey -alias s4"); + "-genseckey -keyalg DES -alias s4"); // or a new one testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS " + - "-storepass changeit -genseckey -alias s5"); + "-storepass changeit -genseckey -keyalg DES -alias s5"); // keypass must be valid (prompt 3 times) testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks " + - "-storetype JCEKS -storepass changeit -genseckey -alias s6"); + "-storetype JCEKS -storepass changeit -genseckey " + + "-keyalg DES -alias s6"); // keypass must be valid (prompt 3 times) testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS " + - "-storepass changeit -genseckey -alias s7"); + "-storepass changeit -genseckey -keyalg DES -alias s7"); // keypass must be valid (prompt 3 times) testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks " + - "-storetype JCEKS -storepass changeit -genseckey -alias s7"); + "-storetype JCEKS -storepass changeit -genseckey -keyalg DES -alias s7"); ks = loadStore("x.jceks", "changeit", "JCEKS"); assertTrue(ks.getKey("s1", "changeit".toCharArray()) .getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES"); @@ -452,7 +453,7 @@ remove("x.jceks"); // create 2 entries... testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + - "-genkeypair -alias p1 -dname CN=Olala"); + "-genkeypair -keyalg DSA -alias p1 -dname CN=Olala"); testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit " + "-importcert -alias c1 -file x.jks.p1.cert -noprompt"); ks = loadStore("x.jceks", "changeit", "JCEKS"); @@ -532,7 +533,7 @@ remove("x.jks"); // generate entry with different keypass testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks " + - "-storetype JCEKS -genkeypair -alias p2 -dname CN=Olala"); + "-storetype JCEKS -genkeypair -keyalg DSA -alias p2 -dname CN=Olala"); // prompt testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore " + "-srckeystore x.jceks -srcstoretype JCEKS " + @@ -581,10 +582,10 @@ remove("x.jks"); // create SecretKeyEntry testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + - "-genseckey -alias s1"); + "-genseckey -keyalg DES -alias s1"); // create SecretKeyEntry testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + - "-genseckey -alias s2"); + "-genseckey -keyalg DES -alias s2"); // remove the keypass!=storepass one testOK("changeit\n", "-keystore x.jceks -storetype JCEKS " + "-delete -alias p2"); @@ -629,13 +630,13 @@ remove("x.jks"); // just type ENTER means keypass=storepass testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS " + - "-genkeypair -alias p1 -dname CN=olala"); + "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); remove("x.p12"); // PKCS12 only need storepass testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + - "-genkeypair -alias p0 -dname CN=olala"); + "-genkeypair -keyalg DSA -alias p0 -dname CN=olala"); testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 " + - "-genkeypair -alias p1 -dname CN=olala"); + "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); // when specify keypass, make sure keypass==storepass... testOK("changeit\n", "-keystore x.p12 -keypass changeit " + "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); @@ -658,9 +659,9 @@ remove("x.p12"); // PKCS12 only need storepass testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + - "-genkeypair -alias p0 -dname CN=olala"); + "-genkeypair -keyalg DSA -alias p0 -dname CN=olala"); testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 " + - "-genkeypair -alias p1 -dname CN=olala"); + "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); // when specify keypass, make sure keypass==storepass... testOK("", "-storepass changeit -keystore x.p12 -keypass changeit " + "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); @@ -696,14 +697,14 @@ "BEFORE THIS TEST ***"); testOK("", p11Arg + - "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); - testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); + "-storepass test12 -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); + testOK("test12\n", p11Arg + "-genkeypair -keyalg DSA -alias p2 -dname CN=olala2"); // cannot provide keypass for PKCS11 testFail("test12\n", p11Arg + - "-keypass test12 -genkeypair -alias p3 -dname CN=olala3"); + "-keypass test12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala3"); // cannot provide keypass for PKCS11 testFail("test12\n", p11Arg + - "-keypass nonsense -genkeypair -alias p3 -dname CN=olala3"); + "-keypass nonsense -genkeypair -keyalg DSA -alias p3 -dname CN=olala3"); testOK("", p11Arg + "-storepass test12 -list"); assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, @@ -738,8 +739,8 @@ KeyStore ks; testOK("", p11Arg + - "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); - testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); + "-storepass test12 -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); + testOK("test12\n", p11Arg + "-genkeypair -keyalg DSA -alias p2 -dname CN=olala2"); // test importkeystore for pkcs11 remove("x.jks"); @@ -809,7 +810,7 @@ KeyStore ks; remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-exportcert -file x.jks.p1.cert"); /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + @@ -842,7 +843,7 @@ void sqeKeyclonetest() throws Exception { remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); // new pass testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -new newpass -keyclone -dest p0"); @@ -871,7 +872,7 @@ void sqeKeypasswdTest() throws Exception { remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -keypasswd -new newpass"); /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + @@ -909,7 +910,7 @@ testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-delete -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass keypass -genkeypair -dname CN=olala"); + "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypasswd -new newpass"); testOK("keypass\n", "-keystore x.jks -storetype JKS " + @@ -922,7 +923,7 @@ void sqeListTest() throws Exception { remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-list -alias mykey"); @@ -948,7 +949,7 @@ void sqeSelfCertTest() throws Exception { remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -selfcert"); @@ -974,7 +975,7 @@ // diff pass remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass keypass -genkeypair -dname CN=olala"); + "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala"); testFail("", "-keystore x.jks -storetype JKS " + "-storepass changeit -selfcert"); testOK("keypass\n", "-keystore x.jks -storetype JKS " + @@ -995,7 +996,7 @@ void sqeStorepassTest() throws Exception { remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); // all in arg testOK("", "-storepasswd -keystore x.jks -storetype JKS " + "-storepass changeit -new newstore"); @@ -1044,13 +1045,13 @@ remove("x.jks"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -dname CN=olala -keyalg DSA " + "-alias n1"); @@ -1061,19 +1062,19 @@ "-keypass changeit -genkeypair -dname CN=olala " + "-keyalg NoSuchAlg -alias n3"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -keysize 56 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 56 " + "-alias n4"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -keysize 999 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " + "-alias n5"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -keysize 512 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " + "-alias n6"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -keysize 1024 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " + "-alias n7"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " + "-sigalg NoSuchAlg -alias n8"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + @@ -1088,12 +1089,12 @@ "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + "-sigalg NoSuchAlg -alias n12"); testFail("", "-keystore badkeystore -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " + "-alias n14"); testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + - "-keypass changeit -genkeypair -dname CN=olala -alias n16"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias n16"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CNN=olala -alias n17"); + "-keypass changeit -genkeypair -keyalg DSA -dname CNN=olala -alias n17"); remove("x.jks"); } @@ -1103,7 +1104,7 @@ testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-export -file mykey.cert -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-export -file mykey.cert -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + @@ -1131,11 +1132,11 @@ testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-delete -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-delete -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); // keystore name illegal testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + "-delete -alias mykey"); @@ -1157,7 +1158,7 @@ remove("csr1"); // PrivateKeyEntry can do certreq testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala -keysize 1024"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-certreq -file csr1 -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + @@ -1221,7 +1222,7 @@ remove("mykey.cert"); remove("myweakkey.cert"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -dname CN=olala"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-export -file mykey.cert -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + @@ -1264,7 +1265,7 @@ remove("x.jks"); String simple = "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -noprompt -keyalg " + keyAlg + " "; - String pre = simple + "-genkeypair -dname CN=Olala -alias "; + String pre = simple + "-genkeypair -keyalg DSA -dname CN=Olala -alias "; // Version and SKID testOK("", pre + "o1"); @@ -1678,30 +1679,30 @@ remove("x.jks"); testOK("", "-help"); - // 2. keytool -genkey -v -keysize 512 Enter "a" for the keystore + // 2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore // password. Check error (password too short). Enter "password" for // the keystore password. Hit 'return' for "first and last name", // "organizational unit", "City", "State", and "Country Code". // Type "yes" when they ask you if everything is correct. // Type 'return' for new key password. testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", - "-genkey -v -keysize 512 -keystore x.jks -storetype JKS"); + "-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS"); // 3. keytool -list -v -storepass password testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); // 4. keytool -list -v Type "a" for the keystore password. // Check error (wrong keystore password). testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); assertTrue(ex.indexOf("password was incorrect") != -1); - // 5. keytool -genkey -v -keysize 512 Enter "password" as the password. + // 5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password. // Check error (alias 'mykey' already exists). - testFail("password\n", "-genkey -v -keysize 512" + + testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" + " -keystore x.jks -storetype JKS"); assertTrue(ex.indexOf("alias already exists") != -1); - // 6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password + // 6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password // Hit 'return' for "first and last name", "organizational unit", "City", // "State", and "Country Code". Type "yes" when they ask you if // everything is correct. Type 'return' for new key password. - testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2" + + testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" + " -storepass password -keystore x.jks -storetype JKS"); // 7. keytool -list -v Type 'password' for the store password. testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); @@ -1810,7 +1811,7 @@ void sszzTest() throws Exception { testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12"); testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12"); - testOK("", NSS_P11_ARG+"-genkeypair -dname CN=NSS " + + testOK("", NSS_P11_ARG+"-genkeypair -keyalg DSA -dname CN=NSS " + "-alias nss -storepass test12"); testOK("", NSS_SRC_P11_ARG + NZZ_P11_ARG + "-importkeystore -srcstorepass test12 -deststorepass test12"); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/PKCS12Passwd.java --- a/test/jdk/sun/security/tools/keytool/PKCS12Passwd.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/PKCS12Passwd.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -49,11 +49,11 @@ public static void main(String[] args) throws Exception { // A PrivateKeyEntry - kt("-genkeypair -alias a -dname CN=A") + kt("-genkeypair -alias a -dname CN=A -keyalg DSA") .shouldHaveExitValue(0); // A TrustedCertificateEntry (genkeypair, export, delete, import) - kt("-genkeypair -alias b -dname CN=B") + kt("-genkeypair -alias b -dname CN=B -keyalg DSA") .shouldHaveExitValue(0); kt("-exportcert -alias b -file b.cert") .shouldHaveExitValue(0); @@ -90,7 +90,7 @@ // A PKCS12 keystore can be loaded as a JKS, and it follows JKS rules // which means the storepass and keypass can be changed separately! - ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 " + ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 -keyalg DSA " + "-storepass changeit -keypass changeit -keystore p12") .shouldHaveExitValue(0); @@ -112,7 +112,7 @@ // PKCS12 rules that both passwords are changed at the same time and // some commands are rejected. - ktFull("-genkeypair -alias a -dname CN=A -storetype jks " + ktFull("-genkeypair -alias a -dname CN=A -storetype jks -keyalg DSA " + "-storepass changeit -keypass changeit -keystore jks") .shouldHaveExitValue(0); diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/ProbingFailure.java --- a/test/jdk/sun/security/tools/keytool/ProbingFailure.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/ProbingFailure.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,7 +53,7 @@ public static void main(String[] args) throws Exception { // genkeypair - kt("-genkeypair -keystore mks -alias a -dname CN=A -storetype MYKS") + kt("-genkeypair -keystore mks -alias a -dname CN=A -keyalg DSA -storetype MYKS") .shouldHaveExitValue(0); // list diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/RealType.java --- a/test/jdk/sun/security/tools/keytool/RealType.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/RealType.java Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ public static void main(String[] args) throws Throwable { - kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype jks") + kt("-genkeypair -keyalg DSA -alias a -dname CN=A -keypass changeit -storetype jks") .shouldHaveExitValue(0); // -keypasswd command should be allowed on JKS @@ -54,7 +54,7 @@ Files.delete(Paths.get("ks")); - kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype pkcs12") + kt("-genkeypair -keyalg DSA -alias a -dname CN=A -keypass changeit -storetype pkcs12") .shouldHaveExitValue(0); // A pkcs12 keystore cannot be loaded as a JCEKS keystore diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/RemoveKeyAlgDefault.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/tools/keytool/RemoveKeyAlgDefault.java Fri Nov 15 09:06:58 2019 +0800 @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.test.lib.SecurityTools; +import jdk.test.lib.process.OutputAnalyzer; + +/** + * @test + * @bug 8212003 8214024 + * @summary Deprecating the default keytool -keyalg option + * @library /test/lib + */ + +public class RemoveKeyAlgDefault { + + private static final String COMMON = "-keystore ks -storetype jceks " + + "-storepass changeit -keypass changeit"; + + public static void main(String[] args) throws Throwable { + + kt("-genkeypair -keyalg DSA -alias a -dname CN=A") + .shouldHaveExitValue(0) + .shouldContain("Generating") + .shouldNotContain("-keyalg option must be specified"); + + kt("-genkeypair -alias b -dname CN=B") + .shouldHaveExitValue(1) + .shouldContain("-keyalg option must be specified"); + + kt("-genseckey -keyalg DES -alias c") + .shouldHaveExitValue(0) + .shouldContain("Generated") + .shouldNotContain("-keyalg option must be specified"); + + kt("-genseckey -alias d") + .shouldHaveExitValue(1) + .shouldContain("-keyalg option must be specified"); + } + + private static OutputAnalyzer kt(String cmd) throws Throwable { + return SecurityTools.keytool(COMMON + " " + cmd); + } +} diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/WeakAlg.java --- a/test/jdk/sun/security/tools/keytool/WeakAlg.java Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/WeakAlg.java Fri Nov 15 09:06:58 2019 +0800 @@ -178,7 +178,7 @@ // no warning if all certs kt("-importcert -alias b -file a.crt -storetype jks -noprompt") .shouldNotContain("Warning:"); - kt("-genkeypair -alias a -dname CN=A") + kt("-genkeypair -keyalg DSA -alias a -dname CN=A") .shouldContain("JKS keystore uses a proprietary format"); kt("-list") .shouldContain("JKS keystore uses a proprietary format"); @@ -202,7 +202,7 @@ rm("ks"); - kt("-genkeypair -alias a -dname CN=A -storetype jceks") + kt("-genkeypair -keyalg DSA -alias a -dname CN=A -storetype jceks") .shouldContain("JCEKS keystore uses a proprietary format"); kt("-list") .shouldContain("JCEKS keystore uses a proprietary format"); @@ -239,7 +239,7 @@ static void checkInplaceImportKeyStore() throws Exception { rm("ks"); - genkeypair("a", ""); + genkeypair("a", "-keyalg DSA"); // Same type backup importkeystore("ks", "ks", "") diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/console.sh --- a/test/jdk/sun/security/tools/keytool/console.sh Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/console.sh Fri Nov 15 09:06:58 2019 +0800 @@ -1,5 +1,5 @@ # -# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -75,7 +75,7 @@ echo "==========================================" echo rm $KS 2> /dev/null -$J5/bin/keytool -keystore $KS -genkey -dname CN=olala -storepass $PASSW || exit 1 +$J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala -storepass $PASSW || exit 1 $JM/bin/keytool -keystore $KS -list -storepass $PASSW || exit 2 echo "==========================================" @@ -84,7 +84,7 @@ echo rm $KS 2> /dev/null -$JM/bin/keytool -keystore $KS -genkey -dname CN=olala -storepass $PASSW || exit 3 +$JM/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala -storepass $PASSW || exit 3 $J5/bin/keytool -keystore $KS -list -storepass $PASSW || exit 4 echo "============================================================" @@ -93,7 +93,7 @@ echo rm $KS 2> /dev/null -$J5/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 5 +$J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 5 $JM/bin/keytool -keystore $KS -list || exit 6 echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 7 echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 8 @@ -104,7 +104,7 @@ echo rm $KS 2> /dev/null -$JM/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 9 +$JM/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 9 $J5/bin/keytool -keystore $KS -list || exit 10 echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 11 echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 12 @@ -115,7 +115,7 @@ echo rm $KS 2> /dev/null -echo $PASSW| $J5/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 13 +echo $PASSW| $J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 13 $JM/bin/keytool -keystore $KS -list || exit 14 echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 15 echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 16 diff -r 4a09d4df104c -r 046e4024e55a test/jdk/sun/security/tools/keytool/i18n.html --- a/test/jdk/sun/security/tools/keytool/i18n.html Thu Nov 14 16:34:24 2019 -0800 +++ b/test/jdk/sun/security/tools/keytool/i18n.html Fri Nov 15 09:06:58 2019 +0800 @@ -9,7 +9,7 @@ If you are on a Windows platform, delete the .keystore file in your home directory.
  • keytool -help -
  • keytool -genkey -v -keysize 512 +
  • keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore password. Check error (password too short). Enter "password" for the keystore password. Re-enter "password" to confirm. @@ -21,10 +21,10 @@
  • keytool -list -v Type "a" for the keystore password. Check error (wrong keystore password). -
  • keytool -genkey -v -keysize 512 +
  • keytool -genkey -keyalg DSA -v -keysize 512 Enter "password" as the password. Check error (alias 'mykey' already exists). -
  • keytool -genkey -v -keysize 512 -alias mykey2 -storepass password +
  • keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password Hit 'return' for "first and last name", "organizational unit", "organization", "City", "State", and "Country Code". Type "yes" when they ask you if everything is correct.