# HG changeset patch # User weijun # Date 1413252464 -28800 # Node ID 64cb6608f8a657b0a7fff281162e391010ca1353 # Parent 5a6ef51923c4b417847dff36f85766b3ff6631b5 8029659: Keytool, print key algorithm of certificate or key entry Reviewed-by: xuelei diff -r 5a6ef51923c4 -r 64cb6608f8a6 jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java --- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Mon Oct 13 14:11:20 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Tue Oct 14 10:07:44 2014 +0800 @@ -64,6 +64,7 @@ import javax.security.auth.x500.X500Principal; import java.util.Base64; +import sun.security.util.KeyUtil; import sun.security.util.ObjectIdentifier; import sun.security.pkcs10.PKCS10; import sun.security.pkcs10.PKCS10Attribute; @@ -1103,8 +1104,13 @@ doChangeKeyPasswd(alias); kssave = true; } else if (command == LIST) { + if (storePass == null + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + printWarning(); + } + if (alias != null) { - doPrintEntry(alias, out, true); + doPrintEntry(alias, out); } else { doPrintEntries(out); } @@ -1765,15 +1771,9 @@ /** * Prints a single keystore entry. */ - private void doPrintEntry(String alias, PrintStream out, - boolean printWarning) + private void doPrintEntry(String alias, PrintStream out) throws Exception { - if (storePass == null && printWarning - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } - if (keyStore.containsAlias(alias) == false) { MessageFormat form = new MessageFormat (rb.getString("Alias.alias.does.not.exist")); @@ -2090,13 +2090,6 @@ private void doPrintEntries(PrintStream out) throws Exception { - if (storePass == null - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } else { - out.println(); - } - out.println(rb.getString("Keystore.type.") + keyStore.getType()); out.println(rb.getString("Keystore.provider.") + keyStore.getProvider().getName()); @@ -2115,7 +2108,7 @@ for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) { String alias = e.nextElement(); - doPrintEntry(alias, out, false); + doPrintEntry(alias, out); if (verbose || rfc) { out.println(rb.getString("NEWLINE")); out.println(rb.getString @@ -2922,6 +2915,7 @@ MessageFormat form = new MessageFormat (rb.getString(".PATTERN.printX509Cert")); + PublicKey pkey = cert.getPublicKey(); Object[] source = {cert.getSubjectDN().toString(), cert.getIssuerDN().toString(), cert.getSerialNumber().toString(16), @@ -2931,7 +2925,9 @@ getCertFingerPrint("SHA1", cert), getCertFingerPrint("SHA-256", cert), cert.getSigAlgName(), - cert.getVersion() + pkey.getAlgorithm(), + KeyUtil.getKeySize(pkey), + cert.getVersion(), }; out.println(form.format(source)); diff -r 5a6ef51923c4 -r 64cb6608f8a6 jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java --- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Mon Oct 13 14:11:20 2014 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Tue Oct 14 10:07:44 2014 +0800 @@ -347,7 +347,7 @@ {".RETURN.if.same.as.for.otherAlias.", "\t(RETURN if same as for <{0}>)"}, {".PATTERN.printX509Cert", - "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"}, + "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9} ({10,number,#})\nVersion: {11}"}, {"What.is.your.first.and.last.name.", "What is your first and last name?"}, {"What.is.the.name.of.your.organizational.unit.", diff -r 5a6ef51923c4 -r 64cb6608f8a6 jdk/test/sun/security/tools/keytool/keyalg.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/tools/keytool/keyalg.sh Tue Oct 14 10:07:44 2014 +0800 @@ -0,0 +1,47 @@ +# +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# @test +# @bug 8029659 +# @summary Keytool, print key algorithm of certificate or key entry +# + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +KS=ks +KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks -storepass changeit -keypass changeit" + +rm $KS 2> /dev/null + +$KEYTOOL -genkeypair -alias ca -dname CN=CA -keyalg EC || exit 1 +$KEYTOOL -genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024 || exit 2 +$KEYTOOL -certreq -alias user | + $KEYTOOL -gencert -alias ca -rfc -sigalg SHA1withECDSA | + $KEYTOOL -printcert > user.dump || exit 3 + +cat user.dump | grep "Signature algorithm name:" | grep SHA1withECDSA || exit 4 +cat user.dump | grep "Subject Public Key Algorithm:" | grep RSA | grep 1024 || exit 5 +