6820606: keytool can generate serialno more randomly
authorweijun
Mon, 23 Mar 2009 17:05:48 +0800
changeset 2293 cb6d01cb3c3d
parent 2292 7f173614953a
child 2295 61e8b790642b
6820606: keytool can generate serialno more randomly Reviewed-by: xuelei
jdk/src/share/classes/sun/security/tools/KeyTool.java
jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java	Sat Mar 21 13:52:13 2009 -0700
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java	Mon Mar 23 17:05:48 2009 +0800
@@ -1072,8 +1072,8 @@
 
         X509CertInfo info = new X509CertInfo();
         info.set(X509CertInfo.VALIDITY, interval);
-        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber
-                 ((int)(firstDate.getTime()/1000)));
+        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+                    new java.util.Random().nextInt() & 0x7fffffff));
         info.set(X509CertInfo.VERSION,
                      new CertificateVersion(CertificateVersion.V3));
         info.set(X509CertInfo.ALGORITHM_ID,
@@ -2121,8 +2121,8 @@
         certInfo.set(X509CertInfo.VALIDITY, interval);
 
         // Make new serial number
-        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber
-                     ((int)(firstDate.getTime()/1000)));
+        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+                    new java.util.Random().nextInt() & 0x7fffffff));
 
         // Set owner and issuer fields
         X500Name owner;
--- a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java	Sat Mar 21 13:52:13 2009 -0700
+++ b/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java	Mon Mar 23 17:05:48 2009 +0800
@@ -265,8 +265,8 @@
             // Add all mandatory attributes
             info.set(X509CertInfo.VERSION,
                      new CertificateVersion(CertificateVersion.V3));
-            info.set(X509CertInfo.SERIAL_NUMBER,
-                 new CertificateSerialNumber((int)(firstDate.getTime()/1000)));
+            info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+                    new java.util.Random().nextInt() & 0x7fffffff));
             AlgorithmId algID = issuer.getAlgorithmId();
             info.set(X509CertInfo.ALGORITHM_ID,
                      new CertificateAlgorithmId(algID));