8141457: keytool default cert fingerprint algorithm should be SHA-256
Reviewed-by: mullan
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Dec 02 16:44:54 2015 +0800
@@ -1857,8 +1857,8 @@
} else {
// Print the digest of the user cert only
out.println
- (rb.getString("Certificate.fingerprint.SHA1.") +
- getCertFingerPrint("SHA1", chain[0]));
+ (rb.getString("Certificate.fingerprint.SHA.256.") +
+ getCertFingerPrint("SHA-256", chain[0]));
}
}
} else if (keyStore.entryInstanceOf(alias,
@@ -1878,8 +1878,8 @@
out.println(cert.toString());
} else {
out.println("trustedCertEntry, ");
- out.println(rb.getString("Certificate.fingerprint.SHA1.")
- + getCertFingerPrint("SHA1", cert));
+ out.println(rb.getString("Certificate.fingerprint.SHA.256.")
+ + getCertFingerPrint("SHA-256", cert));
}
} else {
out.println(rb.getString("Unknown.Entry.Type"));
@@ -2907,23 +2907,6 @@
private void printX509Cert(X509Certificate cert, PrintStream out)
throws Exception
{
- /*
- out.println("Owner: "
- + cert.getSubjectDN().toString()
- + "\n"
- + "Issuer: "
- + cert.getIssuerDN().toString()
- + "\n"
- + "Serial number: " + cert.getSerialNumber().toString(16)
- + "\n"
- + "Valid from: " + cert.getNotBefore().toString()
- + " until: " + cert.getNotAfter().toString()
- + "\n"
- + "Certificate fingerprints:\n"
- + "\t MD5: " + getCertFingerPrint("MD5", cert)
- + "\n"
- + "\t SHA1: " + getCertFingerPrint("SHA1", cert));
- */
MessageFormat form = new MessageFormat
(rb.getString(".PATTERN.printX509Cert"));
@@ -2933,8 +2916,7 @@
cert.getSerialNumber().toString(16),
cert.getNotBefore().toString(),
cert.getNotAfter().toString(),
- getCertFingerPrint("MD5", cert),
- getCertFingerPrint("SHA1", cert),
+ getCertFingerPrint("SHA-1", cert),
getCertFingerPrint("SHA-256", cert),
cert.getSigAlgName(),
pkey.getAlgorithm(),
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Resources.java Wed Dec 02 16:44:54 2015 +0800
@@ -307,7 +307,7 @@
{"Entry.type.type.", "Entry type: {0}"},
{"Certificate.chain.length.", "Certificate chain length: "},
{"Certificate.i.1.", "Certificate[{0,number,integer}]:"},
- {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "},
+ {"Certificate.fingerprint.SHA.256.", "Certificate fingerprint (SHA-256): "},
{"Keystore.type.", "Keystore type: "},
{"Keystore.provider.", "Keystore provider: "},
{"Your.keystore.contains.keyStore.size.entry",
@@ -347,7 +347,7 @@
{".RETURN.if.same.as.for.otherAlias.",
"\t(RETURN if same as for <{0}>)"},
{".PATTERN.printX509Cert",
- "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9} ({10,number,#})\nVersion: {11}"},
+ "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8} ({9,number,#})\nVersion: {10}"},
{"What.is.your.first.and.last.name.",
"What is your first and last name?"},
{"What.is.the.name.of.your.organizational.unit.",
--- a/jdk/test/java/security/KeyStore/PKCS12/api_cert_chain.p12_expected.data Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/test/java/security/KeyStore/PKCS12/api_cert_chain.p12_expected.data Wed Dec 02 16:44:54 2015 +0800
@@ -1,7 +1,7 @@
-MD5: C6:17:CB:93:51:32:DA:C9:CF:0E:24:E3:16:FA:91:6A
SHA1: 09:F1:08:B1:B3:28:22:23:22:F7:5F:6D:4A:8D:0E:0A:5E:6D:56:FB
-MD5: C5:97:13:F6:24:E4:DF:9A:6B:4F:E8:73:90:78:24:95
+SHA256: AD:57:47:67:20:96:49:86:53:E4:10:EF:BD:4D:D2:B0:81:C0:B0:BB:62:AE:BE:47:80:DC:00:F8:E3:E7:66:B5
SHA1: 2B:CE:0C:E1:35:B9:9D:FE:5A:6E:25:88:01:F7:E9:E5:7B:89:17:42
-MD5: 0F:8A:2A:DB:D4:A5:CD:A6:9C:EE:DA:47:A0:9D:10:2B
+SHA256: 65:F3:0A:64:F2:52:B2:4E:F8:76:C5:D0:6D:53:7C:E8:00:AE:F4:95:3C:CC:CB:01:6B:22:AF:46:36:50:CF:FF
SHA1: 7D:48:4D:1C:F8:55:E8:79:6A:B0:19:E1:26:4F:AC:FD:57:6B:38:A0
+SHA256: 0A:14:3F:88:8D:C2:D6:97:3E:02:0F:5F:17:E3:D9:FE:CF:93:10:2C:3C:8D:81:AC:06:2F:32:39:4D:0E:CB:6A
Alias name: servercert
--- a/jdk/test/java/security/KeyStore/PKCS12/api_private_key.p12_expected.data Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/test/java/security/KeyStore/PKCS12/api_private_key.p12_expected.data Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5: 67:10:B1:84:A4:0B:AF:1F:5B:1A:C7:EB:C6:2C:DB:CE
SHA1: 48:22:E2:C2:47:9F:75:E3:52:56:9C:20:37:DF:03:7F:CD:9F:87:38
+SHA256: 9B:DF:B9:EC:DB:3E:EF:BD:61:8F:C3:62:BD:3E:95:FE:E5:B6:A3:F9:94:3D:8D:C1:AE:E9:44:86:25:FA:C1:1B
Alias name: pkcs12testenduser1
--- a/jdk/test/java/security/KeyStore/PKCS12/api_private_key_not_match.p12_expected.data Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/test/java/security/KeyStore/PKCS12/api_private_key_not_match.p12_expected.data Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5: C5:97:13:F6:24:E4:DF:9A:6B:4F:E8:73:90:78:24:95
SHA1: 2B:CE:0C:E1:35:B9:9D:FE:5A:6E:25:88:01:F7:E9:E5:7B:89:17:42
+SHA256: 65:F3:0A:64:F2:52:B2:4E:F8:76:C5:D0:6D:53:7C:E8:00:AE:F4:95:3C:CC:CB:01:6B:22:AF:46:36:50:CF:FF
Alias name: pkcs12testenduser1
--- a/jdk/test/java/security/KeyStore/PKCS12/api_two_pass.p12_expected.data Wed Dec 02 03:37:29 2015 +0000
+++ b/jdk/test/java/security/KeyStore/PKCS12/api_two_pass.p12_expected.data Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5: FE:A8:AA:47:D0:CB:A9:9D:9F:88:DC:4D:55:85:F4:95
SHA1: 77:90:EC:65:C5:0C:FD:F2:1E:B0:3A:BD:43:21:1A:C6:FD:18:8C:AB
+SHA256: 8E:C8:49:82:B8:4B:89:8E:61:2D:CD:F6:D6:34:96:04:91:6F:1B:08:F5:CD:BD:23:ED:94:22:5A:B4:7A:39:DD
Alias name: pkcs12testenduser1