--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java Thu Nov 14 16:34:24 2019 -0800
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java Fri Nov 15 09:06:58 2019 +0800
@@ -1151,17 +1151,15 @@
}
} else if (command == GENKEYPAIR) {
if (keyAlgName == null) {
- keyAlgName = "DSA";
- weakWarnings.add(String.format(rb.getString(
- "keyalg.option.1.missing.warning"), keyAlgName));
+ throw new Exception(rb.getString(
+ "keyalg.option.missing.error"));
}
doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
kssave = true;
} else if (command == GENSECKEY) {
if (keyAlgName == null) {
- keyAlgName = "DES";
- weakWarnings.add(String.format(rb.getString(
- "keyalg.option.1.missing.warning"), keyAlgName));
+ throw new Exception(rb.getString(
+ "keyalg.option.missing.error"));
}
doGenSecretKey(alias, keyAlgName, keysize);
kssave = true;
--- a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Thu Nov 14 16:34:24 2019 -0800
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Fri Nov 15 09:06:58 2019 +0800
@@ -474,7 +474,7 @@
{"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."},
{"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."},
{"importing.keystore.status", "Importing keystore %1$s to %2$s..."},
- {"keyalg.option.1.missing.warning", "No -keyalg option. The default key algorithm (%s) is a legacy algorithm and is no longer recommended. In a subsequent release of the JDK, the default will be removed and the -keyalg option must be specified."},
+ {"keyalg.option.missing.error", "The -keyalg option must be specified."},
{"showinfo.no.option", "Missing option for -showinfo. Try \"keytool -showinfo -tls\"."},
};
--- a/test/hotspot/jtreg/runtime/cds/appcds/JarBuilder.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/hotspot/jtreg/runtime/cds/appcds/JarBuilder.java Fri Nov 15 09:06:58 2019 +0800
@@ -232,7 +232,7 @@
executeProcess(keyTool,
"-genkey", "-keystore", "./keystore", "-alias", "mykey",
- "-storepass", "abc123", "-keypass", "abc123",
+ "-storepass", "abc123", "-keypass", "abc123", "-keyalg", "dsa",
"-dname", "CN=jvmtest")
.shouldHaveExitValue(0);
--- a/test/jdk/java/security/Policy/ExtensiblePolicy/ExtensiblePolicyWithJarTest.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/java/security/Policy/ExtensiblePolicy/ExtensiblePolicyWithJarTest.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,7 @@
// create key pair for jar signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
+ "-keyalg", "DSA",
"-alias", ALIAS,
"-keystore", KEYSTORE,
"-storetype", "JKS",
--- a/test/jdk/java/security/Policy/SignedJar/SignedJarTest.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/java/security/Policy/SignedJar/SignedJarTest.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -66,6 +66,7 @@
//Creating first key , keystore both.jks
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
+ "-keyalg", "DSA",
"-alias", "first",
"-keystore", KEYSTORE1,
"-keypass", PASSWORD,
@@ -76,6 +77,7 @@
//Creating Second key, keystore both.jks
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
+ "-keyalg", "DSA",
// "-storetype","JKS",
"-alias", "second",
"-keystore", KEYSTORE1,
--- a/test/jdk/sun/security/pkcs12/PBES2Encoding.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/pkcs12/PBES2Encoding.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,7 +35,7 @@
// This is a PKCS 12 file using PBES2 to encrypt the cert and key. It is
// generated with these commands:
//
- // keytool -keystore ks -genkeypair -storepass changeit -alias a -dname CN=A
+ // keytool -keystore ks -genkeypair -keyalg DSA -storepass changeit -alias a -dname CN=A
// openssl pkcs12 -in ks -nodes -out kandc -passin pass:changeit
// openssl pkcs12 -export -in kandc -out p12 -name a -passout pass:changeit
// -certpbe AES-128-CBC -keypbe AES-128-CBC
--- a/test/jdk/sun/security/pkcs12/ParamsTest.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/pkcs12/ParamsTest.java Fri Nov 15 09:06:58 2019 +0800
@@ -114,7 +114,8 @@
check("ksnormal", "a", "wrongpass", "-", IOException.class, "-", "-");
// Add a new entry with password-less settings, still has a storepass
- keytool("-keystore ksnormal -genkeypair -storepass changeit -alias b -dname CN=b "
+ keytool("-keystore ksnormal -genkeypair -keyalg DSA "
+ + "-storepass changeit -alias b -dname CN=b "
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE "
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE");
data = Files.readAllBytes(Path.of("ksnormal"));
@@ -146,7 +147,8 @@
check("ksnopass", "a", "wrongpass", "changeit", true, true, true);
// Add a new entry with normal settings, still password-less
- keytool("-keystore ksnopass -genkeypair -storepass changeit -alias b -dname CN=B");
+ keytool("-keystore ksnopass -genkeypair -keyalg DSA "
+ + "-storepass changeit -alias b -dname CN=B");
data = Files.readAllBytes(Path.of("ksnopass"));
shouldNotExist(data, "2"); // no Mac
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid);
@@ -171,13 +173,15 @@
checkInt(data, "110c1101111", 6666); // cert ic
// keypbe alg cannot be NONE
- keytool("-keystore ksnewic -genkeypair -storepass changeit -alias b -dname CN=B "
+ keytool("-keystore ksnewic -genkeypair -keyalg DSA "
+ + "-storepass changeit -alias b -dname CN=B "
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=NONE")
.shouldContain("NONE AlgorithmParameters not available")
.shouldHaveExitValue(1);
// new entry new keypbe alg (and default ic), else unchanged
- keytool("-keystore ksnewic -genkeypair -storepass changeit -alias b -dname CN=B "
+ keytool("-keystore ksnewic -genkeypair -keyalg DSA "
+ + "-storepass changeit -alias b -dname CN=B "
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128");
data = Files.readAllBytes(Path.of("ksnewic"));
checkInt(data, "22", 5555); // Mac ic
@@ -336,7 +340,8 @@
// still prompt for keypass for genkeypair and certreq
SecurityTools.setResponse("changeit", "changeit");
- keytool("-keystore ksnopassnew -genkeypair -alias a -dname CN=A "
+ keytool("-keystore ksnopassnew -genkeypair -keyalg DSA "
+ + "-alias a -dname CN=A "
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE "
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE")
.shouldNotContain("Enter keystore password:")
@@ -351,7 +356,8 @@
// params only read on demand
// keyPbeIterationCount is used by -genkeypair
- keytool("-keystore ksgenbadkeyic -genkeypair -alias a -dname CN=A "
+ keytool("-keystore ksgenbadkeyic -genkeypair -keyalg DSA "
+ + "-alias a -dname CN=A "
+ "-storepass changeit "
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=abc")
.shouldContain("keyPbeIterationCount is not a number: abc")
--- a/test/jdk/sun/security/pkcs12/SameDN.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/pkcs12/SameDN.java Fri Nov 15 09:06:58 2019 +0800
@@ -55,7 +55,7 @@
}
static void genkeypair(String alias, String dn) throws Exception {
- keytool(COMMON + "-genkeypair -alias " + alias + " -dname " + dn)
+ keytool(COMMON + "-genkeypair -keyalg DSA -alias " + alias + " -dname " + dn)
.shouldHaveExitValue(0);
}
--- a/test/jdk/sun/security/tools/jarsigner/AltProvider.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/jarsigner/AltProvider.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@
MOD_SRC_DIR.toString());
// Create a keystore
- tool("keytool", "-keystore x.jks -storetype jks -genkeypair" +
+ tool("keytool", "-keystore x.jks -storetype jks -genkeypair -keyalg dsa" +
" -storepass changeit -keypass changeit -alias x -dname CN=X")
.shouldHaveExitValue(0);
--- a/test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java Fri Nov 15 09:06:58 2019 +0800
@@ -50,7 +50,7 @@
public void testAliasCase() throws Exception {
final String KEYSTORE_OPTIONS = "-storetype JKS -keystore "
+ "test-alias-case.jks -storepass changeit";
- SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair"
+ SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"
+ " -keypass changeit -alias " + ALIAS + " -dname CN=" + ALIAS)
.shouldHaveExitValue(0);
String jarFilename = "test-alias-case.jar";
@@ -88,10 +88,10 @@
// signed by another certificate associated with ALIAS + "1".
final String KEYSTORE_OPTIONS = "-storetype JKS -keystore"
+ " test-alias-storeHash-case.jks -storepass changeit";
- SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair"
+ SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"
+ " -keypass changeit -alias " + ALIAS + "1 -dname CN=" +
ALIAS + "1").shouldHaveExitValue(0);
- SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair"
+ SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"
+ " -keypass changeit -alias " + ALIAS + "2 -dname CN="
+ ALIAS + "2").shouldHaveExitValue(0);
String certReq = SecurityTools.keytool(KEYSTORE_OPTIONS +
--- a/test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -77,6 +77,7 @@
static void prepare() throws Exception {
SecurityTools.keytool("-keystore", keystoreFileName, "-genkeypair",
+ "-keyalg", "dsa",
"-storepass", "changeit", "-keypass", "changeit", "-storetype",
"JKS", "-alias", alias, "-dname", "CN=X", "-validity", "366")
.shouldHaveExitValue(0);
--- a/test/jdk/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -152,6 +152,7 @@
"-J-Duser.language=en",
"-J-Duser.country=US",
"-genkey",
+ "-keyalg", "dsa",
"-alias", ALIAS,
"-keystore", KEYSTORE,
"-keypass", KEYPASS,
--- a/test/jdk/sun/security/tools/keytool/DeprecateKeyalg.java Thu Nov 14 16:34:24 2019 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import jdk.test.lib.SecurityTools;
-import jdk.test.lib.process.OutputAnalyzer;
-
-/**
- * @test
- * @bug 8212003 8214179
- * @summary Deprecating the default keytool -keyalg option
- * @library /test/lib
- */
-
-public class DeprecateKeyalg {
-
- private static final String COMMON = "-keystore ks -storetype jceks "
- + "-storepass changeit -keypass changeit";
-
- public static void main(String[] args) throws Throwable {
-
- kt("-genkeypair -keyalg DSA -alias a -dname CN=A")
- .shouldContain("Generating")
- .shouldNotContain("-keyalg option must be specified");
-
- kt("-genkeypair -alias b -dname CN=B")
- .shouldContain("Generating")
- .shouldContain("default key algorithm (DSA)")
- .shouldContain("-keyalg option must be specified");
-
- kt("-genseckey -keyalg DES -alias c")
- .shouldContain("Generated")
- .shouldNotContain("-keyalg option must be specified");
-
- kt("-genseckey -alias d")
- .shouldContain("Generated")
- .shouldContain("default key algorithm (DES)")
- .shouldContain("-keyalg option must be specified");
-
- kt("-genkeypair -alias e -dname CN=e -keyalg EC -groupname brainpoolP256r1")
- .shouldContain("Generating 256 bit EC (brainpoolP256r1) key pair");
-
- kt("-genkeypair -alias f -dname CN=f -keyalg EC")
- .shouldContain("Generating 256 bit EC (secp256r1) key pair");
-
- kt("-genkeypair -alias g -dname CN=g -keyalg EC -keysize 384")
- .shouldContain("Generating 384 bit EC (secp384r1) key pair");
- }
-
- private static OutputAnalyzer kt(String cmd) throws Throwable {
- return SecurityTools.keytool(COMMON + " " + cmd)
- .shouldHaveExitValue(0);
- }
-}
--- a/test/jdk/sun/security/tools/keytool/DupImport.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/DupImport.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,9 +51,9 @@
Files.deleteIfExists(Paths.get("dup.ks"));
// Create chain: root -> int -> me
- run("-genkeypair -alias me -dname CN=Me");
- run("-genkeypair -alias int -dname CN=Int");
- run("-genkeypair -alias root -dname CN=Root");
+ run("-genkeypair -keyalg DSA -alias me -dname CN=Me");
+ run("-genkeypair -keyalg DSA -alias int -dname CN=Int");
+ run("-genkeypair -keyalg DSA -alias root -dname CN=Root");
run("-certreq -alias int -file int.req");
run("-gencert -infile int.req -alias root -rfc -outfile int.resp");
--- a/test/jdk/sun/security/tools/keytool/HasSrcStoretypeOption.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/HasSrcStoretypeOption.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,7 @@
public class HasSrcStoretypeOption {
public static void main(String[] args) throws Exception {
- run("-genkeypair -alias a -dname CN=A -storetype jceks -keystore jce");
+ run("-genkeypair -keyalg DSA -alias a -dname CN=A -storetype jceks -keystore jce");
// When there is no -srcstoretype, it should be probed from the file
run("-importkeystore -srckeystore jce -destkeystore jks -deststoretype jks");
}
--- a/test/jdk/sun/security/tools/keytool/ImportPrompt.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/ImportPrompt.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,11 +50,11 @@
public static void main(String[] args) throws Throwable {
- kt("-keystore ks1 -genkeypair -alias a -dname CN=A");
+ kt("-keystore ks1 -genkeypair -keyalg DSA -alias a -dname CN=A");
kt("-keystore ks1 -exportcert -alias a -file a.cert");
// Just create a keystore
- kt("-keystore ks2 -genkeypair -alias b -dname CN=B");
+ kt("-keystore ks2 -genkeypair -keyalg DSA -alias b -dname CN=B");
// no response text, assume no
kt("-keystore ks2 -importcert -alias a -file a.cert");
--- a/test/jdk/sun/security/tools/keytool/KeyAlg.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/KeyAlg.java Fri Nov 15 09:06:58 2019 +0800
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 8029659
+ * @bug 8029659 8214179
* @summary Keytool, print key algorithm of certificate or key entry
* @library /test/lib
*/
@@ -33,22 +33,25 @@
public class KeyAlg {
public static void main(String[] args) throws Exception {
- keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC")
- .shouldHaveExitValue(0);
- keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024")
- .shouldHaveExitValue(0);
- keytool("-certreq -alias user -file user.req").shouldHaveExitValue(0);
+ keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC");
+ keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024");
+ keytool("-certreq -alias user -file user.req");
keytool("-gencert -alias ca -rfc -sigalg SHA1withECDSA"
- + " -infile user.req -outfile user.crt")
- .shouldHaveExitValue(0);
+ + " -infile user.req -outfile user.crt");
keytool("-printcert -file user.crt")
- .shouldHaveExitValue(0)
.shouldMatch("Signature algorithm name:.*SHA1withECDSA")
.shouldMatch("Subject Public Key Algorithm:.*1024.*RSA");
+ keytool("-genkeypair -alias e -dname CN=e -keyalg EC -groupname brainpoolP256r1")
+ .shouldContain("Generating 256 bit EC (brainpoolP256r1) key pair");
+ keytool("-genkeypair -alias f -dname CN=f -keyalg EC")
+ .shouldContain("Generating 256 bit EC (secp256r1) key pair");
+ keytool("-genkeypair -alias g -dname CN=g -keyalg EC -keysize 384")
+ .shouldContain("Generating 384 bit EC (secp384r1) key pair");
}
static OutputAnalyzer keytool(String s) throws Exception {
return SecurityTools.keytool(
- "-keystore ks -storepass changeit -keypass changeit " + s);
+ "-keystore ks -storepass changeit -keypass changeit " + s)
+ .shouldHaveExitValue(0);
}
}
--- a/test/jdk/sun/security/tools/keytool/KeyToolTest.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/KeyToolTest.java Fri Nov 15 09:06:58 2019 +0800
@@ -197,7 +197,7 @@
// jarsigner and keytool algorithm for DSA keys". Unfortunately
// SunPKCS11-NSS does not support SHA256withDSA yet.
if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey")
- && !cmd.contains("-keyalg")) {
+ && cmd.contains("DSA")) {
cmd += " -sigalg SHA1withDSA -keysize 1024";
}
test(input, cmd);
@@ -352,7 +352,7 @@
remove("x.jks");
remove("x.jks.p1.cert");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -alias p1 -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-exportcert -alias p1 -file x.jks.p1.cert");
ks = loadStore("x.jks", "changeit", "JKS");
@@ -377,7 +377,7 @@
// changealias and keyclone
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -alias p1 -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala");
testOK("changeit\n", "-keystore x.jks -storetype JKS " +
"-changealias -alias p1 -destalias p11");
testOK("changeit\n", "-keystore x.jks -storetype JKS " +
@@ -396,10 +396,10 @@
remove("x.jceks");
// DES, no need keysize
testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " +
- "-genseckey -alias s1");
+ "-genseckey -keyalg DES -alias s1");
// DES, keysize cannot be 128
testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS " +
- "-genseckey -alias s11 -keysize 128");
+ "-genseckey -keyalg DES -alias s11 -keysize 128");
// DESede. no need keysize
testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " +
"-genseckey -keyalg DESede -alias s2");
@@ -411,19 +411,20 @@
// about keypass
// can accept storepass
testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit " +
- "-genseckey -alias s4");
+ "-genseckey -keyalg DES -alias s4");
// or a new one
testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS " +
- "-storepass changeit -genseckey -alias s5");
+ "-storepass changeit -genseckey -keyalg DES -alias s5");
// keypass must be valid (prompt 3 times)
testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks " +
- "-storetype JCEKS -storepass changeit -genseckey -alias s6");
+ "-storetype JCEKS -storepass changeit -genseckey " +
+ "-keyalg DES -alias s6");
// keypass must be valid (prompt 3 times)
testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS " +
- "-storepass changeit -genseckey -alias s7");
+ "-storepass changeit -genseckey -keyalg DES -alias s7");
// keypass must be valid (prompt 3 times)
testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks " +
- "-storetype JCEKS -storepass changeit -genseckey -alias s7");
+ "-storetype JCEKS -storepass changeit -genseckey -keyalg DES -alias s7");
ks = loadStore("x.jceks", "changeit", "JCEKS");
assertTrue(ks.getKey("s1", "changeit".toCharArray())
.getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES");
@@ -452,7 +453,7 @@
remove("x.jceks");
// create 2 entries...
testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " +
- "-genkeypair -alias p1 -dname CN=Olala");
+ "-genkeypair -keyalg DSA -alias p1 -dname CN=Olala");
testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit " +
"-importcert -alias c1 -file x.jks.p1.cert -noprompt");
ks = loadStore("x.jceks", "changeit", "JCEKS");
@@ -532,7 +533,7 @@
remove("x.jks");
// generate entry with different keypass
testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks " +
- "-storetype JCEKS -genkeypair -alias p2 -dname CN=Olala");
+ "-storetype JCEKS -genkeypair -keyalg DSA -alias p2 -dname CN=Olala");
// prompt
testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore " +
"-srckeystore x.jceks -srcstoretype JCEKS " +
@@ -581,10 +582,10 @@
remove("x.jks");
// create SecretKeyEntry
testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " +
- "-genseckey -alias s1");
+ "-genseckey -keyalg DES -alias s1");
// create SecretKeyEntry
testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " +
- "-genseckey -alias s2");
+ "-genseckey -keyalg DES -alias s2");
// remove the keypass!=storepass one
testOK("changeit\n", "-keystore x.jceks -storetype JCEKS " +
"-delete -alias p2");
@@ -629,13 +630,13 @@
remove("x.jks");
// just type ENTER means keypass=storepass
testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS " +
- "-genkeypair -alias p1 -dname CN=olala");
+ "-genkeypair -keyalg DSA -alias p1 -dname CN=olala");
remove("x.p12");
// PKCS12 only need storepass
testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " +
- "-genkeypair -alias p0 -dname CN=olala");
+ "-genkeypair -keyalg DSA -alias p0 -dname CN=olala");
testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 " +
- "-genkeypair -alias p1 -dname CN=olala");
+ "-genkeypair -keyalg DSA -alias p1 -dname CN=olala");
// when specify keypass, make sure keypass==storepass...
testOK("changeit\n", "-keystore x.p12 -keypass changeit " +
"-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala");
@@ -658,9 +659,9 @@
remove("x.p12");
// PKCS12 only need storepass
testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " +
- "-genkeypair -alias p0 -dname CN=olala");
+ "-genkeypair -keyalg DSA -alias p0 -dname CN=olala");
testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 " +
- "-genkeypair -alias p1 -dname CN=olala");
+ "-genkeypair -keyalg DSA -alias p1 -dname CN=olala");
// when specify keypass, make sure keypass==storepass...
testOK("", "-storepass changeit -keystore x.p12 -keypass changeit " +
"-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala");
@@ -696,14 +697,14 @@
"BEFORE THIS TEST ***");
testOK("", p11Arg +
- "-storepass test12 -genkeypair -alias p1 -dname CN=olala");
- testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2");
+ "-storepass test12 -genkeypair -keyalg DSA -alias p1 -dname CN=olala");
+ testOK("test12\n", p11Arg + "-genkeypair -keyalg DSA -alias p2 -dname CN=olala2");
// cannot provide keypass for PKCS11
testFail("test12\n", p11Arg +
- "-keypass test12 -genkeypair -alias p3 -dname CN=olala3");
+ "-keypass test12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala3");
// cannot provide keypass for PKCS11
testFail("test12\n", p11Arg +
- "-keypass nonsense -genkeypair -alias p3 -dname CN=olala3");
+ "-keypass nonsense -genkeypair -keyalg DSA -alias p3 -dname CN=olala3");
testOK("", p11Arg + "-storepass test12 -list");
assertTrue(out.indexOf("Your keystore contains 2 entries") != -1,
@@ -738,8 +739,8 @@
KeyStore ks;
testOK("", p11Arg +
- "-storepass test12 -genkeypair -alias p1 -dname CN=olala");
- testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2");
+ "-storepass test12 -genkeypair -keyalg DSA -alias p1 -dname CN=olala");
+ testOK("test12\n", p11Arg + "-genkeypair -keyalg DSA -alias p2 -dname CN=olala2");
// test importkeystore for pkcs11
remove("x.jks");
@@ -809,7 +810,7 @@
KeyStore ks;
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-exportcert -file x.jks.p1.cert");
/* deleted */ testOK("", "-keystore x.jks -storetype JKS " +
@@ -842,7 +843,7 @@
void sqeKeyclonetest() throws Exception {
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
// new pass
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -new newpass -keyclone -dest p0");
@@ -871,7 +872,7 @@
void sqeKeypasswdTest() throws Exception {
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -keypasswd -new newpass");
/*change back*/ testOK("", "-keystore x.jks -storetype JKS " +
@@ -909,7 +910,7 @@
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-delete -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass keypass -genkeypair -dname CN=olala");
+ "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypasswd -new newpass");
testOK("keypass\n", "-keystore x.jks -storetype JKS " +
@@ -922,7 +923,7 @@
void sqeListTest() throws Exception {
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-list -alias mykey");
@@ -948,7 +949,7 @@
void sqeSelfCertTest() throws Exception {
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -selfcert");
@@ -974,7 +975,7 @@
// diff pass
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass keypass -genkeypair -dname CN=olala");
+ "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala");
testFail("", "-keystore x.jks -storetype JKS " +
"-storepass changeit -selfcert");
testOK("keypass\n", "-keystore x.jks -storetype JKS " +
@@ -995,7 +996,7 @@
void sqeStorepassTest() throws Exception {
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
// all in arg
testOK("", "-storepasswd -keystore x.jks -storetype JKS " +
"-storepass changeit -new newstore");
@@ -1044,13 +1045,13 @@
remove("x.jks");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -alias newentry");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -alias newentry");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=olala -keyalg DSA " +
"-alias n1");
@@ -1061,19 +1062,19 @@
"-keypass changeit -genkeypair -dname CN=olala " +
"-keyalg NoSuchAlg -alias n3");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -keysize 56 " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 56 " +
"-alias n4");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -keysize 999 " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " +
"-alias n5");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -keysize 512 " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " +
"-alias n6");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -keysize 1024 " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " +
"-alias n7");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " +
"-sigalg NoSuchAlg -alias n8");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
@@ -1088,12 +1089,12 @@
"-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
"-sigalg NoSuchAlg -alias n12");
testFail("", "-keystore badkeystore -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala " +
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " +
"-alias n14");
testFail("", "-keystore x.jks -storetype JKS -storepass badpass " +
- "-keypass changeit -genkeypair -dname CN=olala -alias n16");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias n16");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CNN=olala -alias n17");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CNN=olala -alias n17");
remove("x.jks");
}
@@ -1103,7 +1104,7 @@
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-export -file mykey.cert -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-export -file mykey.cert -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
@@ -1131,11 +1132,11 @@
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-delete -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-delete -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
// keystore name illegal
testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " +
"-delete -alias mykey");
@@ -1157,7 +1158,7 @@
remove("csr1");
// PrivateKeyEntry can do certreq
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala -keysize 1024");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
@@ -1221,7 +1222,7 @@
remove("mykey.cert");
remove("myweakkey.cert");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
- "-keypass changeit -genkeypair -dname CN=olala");
+ "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-export -file mykey.cert -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
@@ -1264,7 +1265,7 @@
remove("x.jks");
String simple = "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -noprompt -keyalg " + keyAlg + " ";
- String pre = simple + "-genkeypair -dname CN=Olala -alias ";
+ String pre = simple + "-genkeypair -keyalg DSA -dname CN=Olala -alias ";
// Version and SKID
testOK("", pre + "o1");
@@ -1678,30 +1679,30 @@
remove("x.jks");
testOK("", "-help");
- // 2. keytool -genkey -v -keysize 512 Enter "a" for the keystore
+ // 2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore
// password. Check error (password too short). Enter "password" for
// the keystore password. Hit 'return' for "first and last name",
// "organizational unit", "City", "State", and "Country Code".
// Type "yes" when they ask you if everything is correct.
// Type 'return' for new key password.
testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n",
- "-genkey -v -keysize 512 -keystore x.jks -storetype JKS");
+ "-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS");
// 3. keytool -list -v -storepass password
testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS");
// 4. keytool -list -v Type "a" for the keystore password.
// Check error (wrong keystore password).
testFail("a\n", "-list -v -keystore x.jks -storetype JKS");
assertTrue(ex.indexOf("password was incorrect") != -1);
- // 5. keytool -genkey -v -keysize 512 Enter "password" as the password.
+ // 5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password.
// Check error (alias 'mykey' already exists).
- testFail("password\n", "-genkey -v -keysize 512" +
+ testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" +
" -keystore x.jks -storetype JKS");
assertTrue(ex.indexOf("alias <mykey> already exists") != -1);
- // 6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password
+ // 6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password
// Hit 'return' for "first and last name", "organizational unit", "City",
// "State", and "Country Code". Type "yes" when they ask you if
// everything is correct. Type 'return' for new key password.
- testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2" +
+ testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" +
" -storepass password -keystore x.jks -storetype JKS");
// 7. keytool -list -v Type 'password' for the store password.
testOK("password\n", "-list -v -keystore x.jks -storetype JKS");
@@ -1810,7 +1811,7 @@
void sszzTest() throws Exception {
testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12");
testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12");
- testOK("", NSS_P11_ARG+"-genkeypair -dname CN=NSS " +
+ testOK("", NSS_P11_ARG+"-genkeypair -keyalg DSA -dname CN=NSS " +
"-alias nss -storepass test12");
testOK("", NSS_SRC_P11_ARG + NZZ_P11_ARG +
"-importkeystore -srcstorepass test12 -deststorepass test12");
--- a/test/jdk/sun/security/tools/keytool/PKCS12Passwd.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/PKCS12Passwd.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,11 +49,11 @@
public static void main(String[] args) throws Exception {
// A PrivateKeyEntry
- kt("-genkeypair -alias a -dname CN=A")
+ kt("-genkeypair -alias a -dname CN=A -keyalg DSA")
.shouldHaveExitValue(0);
// A TrustedCertificateEntry (genkeypair, export, delete, import)
- kt("-genkeypair -alias b -dname CN=B")
+ kt("-genkeypair -alias b -dname CN=B -keyalg DSA")
.shouldHaveExitValue(0);
kt("-exportcert -alias b -file b.cert")
.shouldHaveExitValue(0);
@@ -90,7 +90,7 @@
// A PKCS12 keystore can be loaded as a JKS, and it follows JKS rules
// which means the storepass and keypass can be changed separately!
- ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 "
+ ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 -keyalg DSA "
+ "-storepass changeit -keypass changeit -keystore p12")
.shouldHaveExitValue(0);
@@ -112,7 +112,7 @@
// PKCS12 rules that both passwords are changed at the same time and
// some commands are rejected.
- ktFull("-genkeypair -alias a -dname CN=A -storetype jks "
+ ktFull("-genkeypair -alias a -dname CN=A -storetype jks -keyalg DSA "
+ "-storepass changeit -keypass changeit -keystore jks")
.shouldHaveExitValue(0);
--- a/test/jdk/sun/security/tools/keytool/ProbingFailure.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/ProbingFailure.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@
public static void main(String[] args) throws Exception {
// genkeypair
- kt("-genkeypair -keystore mks -alias a -dname CN=A -storetype MYKS")
+ kt("-genkeypair -keystore mks -alias a -dname CN=A -keyalg DSA -storetype MYKS")
.shouldHaveExitValue(0);
// list
--- a/test/jdk/sun/security/tools/keytool/RealType.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/RealType.java Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
public static void main(String[] args) throws Throwable {
- kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype jks")
+ kt("-genkeypair -keyalg DSA -alias a -dname CN=A -keypass changeit -storetype jks")
.shouldHaveExitValue(0);
// -keypasswd command should be allowed on JKS
@@ -54,7 +54,7 @@
Files.delete(Paths.get("ks"));
- kt("-genkeypair -alias a -dname CN=A -keypass changeit -storetype pkcs12")
+ kt("-genkeypair -keyalg DSA -alias a -dname CN=A -keypass changeit -storetype pkcs12")
.shouldHaveExitValue(0);
// A pkcs12 keystore cannot be loaded as a JCEKS keystore
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/RemoveKeyAlgDefault.java Fri Nov 15 09:06:58 2019 +0800
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+/**
+ * @test
+ * @bug 8212003 8214024
+ * @summary Deprecating the default keytool -keyalg option
+ * @library /test/lib
+ */
+
+public class RemoveKeyAlgDefault {
+
+ private static final String COMMON = "-keystore ks -storetype jceks "
+ + "-storepass changeit -keypass changeit";
+
+ public static void main(String[] args) throws Throwable {
+
+ kt("-genkeypair -keyalg DSA -alias a -dname CN=A")
+ .shouldHaveExitValue(0)
+ .shouldContain("Generating")
+ .shouldNotContain("-keyalg option must be specified");
+
+ kt("-genkeypair -alias b -dname CN=B")
+ .shouldHaveExitValue(1)
+ .shouldContain("-keyalg option must be specified");
+
+ kt("-genseckey -keyalg DES -alias c")
+ .shouldHaveExitValue(0)
+ .shouldContain("Generated")
+ .shouldNotContain("-keyalg option must be specified");
+
+ kt("-genseckey -alias d")
+ .shouldHaveExitValue(1)
+ .shouldContain("-keyalg option must be specified");
+ }
+
+ private static OutputAnalyzer kt(String cmd) throws Throwable {
+ return SecurityTools.keytool(COMMON + " " + cmd);
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/WeakAlg.java Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/WeakAlg.java Fri Nov 15 09:06:58 2019 +0800
@@ -178,7 +178,7 @@
// no warning if all certs
kt("-importcert -alias b -file a.crt -storetype jks -noprompt")
.shouldNotContain("Warning:");
- kt("-genkeypair -alias a -dname CN=A")
+ kt("-genkeypair -keyalg DSA -alias a -dname CN=A")
.shouldContain("JKS keystore uses a proprietary format");
kt("-list")
.shouldContain("JKS keystore uses a proprietary format");
@@ -202,7 +202,7 @@
rm("ks");
- kt("-genkeypair -alias a -dname CN=A -storetype jceks")
+ kt("-genkeypair -keyalg DSA -alias a -dname CN=A -storetype jceks")
.shouldContain("JCEKS keystore uses a proprietary format");
kt("-list")
.shouldContain("JCEKS keystore uses a proprietary format");
@@ -239,7 +239,7 @@
static void checkInplaceImportKeyStore() throws Exception {
rm("ks");
- genkeypair("a", "");
+ genkeypair("a", "-keyalg DSA");
// Same type backup
importkeystore("ks", "ks", "")
--- a/test/jdk/sun/security/tools/keytool/console.sh Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/console.sh Fri Nov 15 09:06:58 2019 +0800
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -75,7 +75,7 @@
echo "=========================================="
echo
rm $KS 2> /dev/null
-$J5/bin/keytool -keystore $KS -genkey -dname CN=olala -storepass $PASSW || exit 1
+$J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala -storepass $PASSW || exit 1
$JM/bin/keytool -keystore $KS -list -storepass $PASSW || exit 2
echo "=========================================="
@@ -84,7 +84,7 @@
echo
rm $KS 2> /dev/null
-$JM/bin/keytool -keystore $KS -genkey -dname CN=olala -storepass $PASSW || exit 3
+$JM/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala -storepass $PASSW || exit 3
$J5/bin/keytool -keystore $KS -list -storepass $PASSW || exit 4
echo "============================================================"
@@ -93,7 +93,7 @@
echo
rm $KS 2> /dev/null
-$J5/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 5
+$J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 5
$JM/bin/keytool -keystore $KS -list || exit 6
echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 7
echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 8
@@ -104,7 +104,7 @@
echo
rm $KS 2> /dev/null
-$JM/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 9
+$JM/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 9
$J5/bin/keytool -keystore $KS -list || exit 10
echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 11
echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 12
@@ -115,7 +115,7 @@
echo
rm $KS 2> /dev/null
-echo $PASSW| $J5/bin/keytool -keystore $KS -genkey -dname CN=olala || exit 13
+echo $PASSW| $J5/bin/keytool -keystore $KS -genkey -keyalg DSA -dname CN=olala || exit 13
$JM/bin/keytool -keystore $KS -list || exit 14
echo $PASSW| $J5/bin/keytool -keystore $KS -list || exit 15
echo $PASSW| $JM/bin/keytool -keystore $KS -list || exit 16
--- a/test/jdk/sun/security/tools/keytool/i18n.html Thu Nov 14 16:34:24 2019 -0800
+++ b/test/jdk/sun/security/tools/keytool/i18n.html Fri Nov 15 09:06:58 2019 +0800
@@ -9,7 +9,7 @@
If you are on a Windows platform, delete the .keystore file in
your home directory.
<li> keytool -help
-<li> keytool -genkey -v -keysize 512
+<li> keytool -genkey -keyalg DSA -v -keysize 512
Enter "a" for the keystore password. Check error (password too short).
Enter "password" for the keystore password.
Re-enter "password" to confirm.
@@ -21,10 +21,10 @@
<li> keytool -list -v
Type "a" for the keystore password.
Check error (wrong keystore password).
-<li> keytool -genkey -v -keysize 512
+<li> keytool -genkey -keyalg DSA -v -keysize 512
Enter "password" as the password.
Check error (alias 'mykey' already exists).
-<li> keytool -genkey -v -keysize 512 -alias mykey2 -storepass password
+<li> keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password
Hit 'return' for "first and last name", "organizational unit",
"organization", "City", "State", and "Country Code".
Type "yes" when they ask you if everything is correct.