--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Tue Feb 24 12:45:56 2015 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Feb 25 18:30:07 2015 +0800
@@ -3806,14 +3806,15 @@
if (item.equals("all")) continue;
// add or remove
- boolean add = true;
- // -1, unchanged, 0 crtical, 1 non-critical
+ boolean add;
+ // -1, unchanged, 0 critical, 1 non-critical
int action = -1;
String type = null;
if (item.startsWith("-")) {
add = false;
type = item.substring(1);
} else {
+ add = true;
int colonpos = item.indexOf(':');
if (colonpos >= 0) {
type = item.substring(0, colonpos);
@@ -3823,6 +3824,8 @@
throw new Exception(rb.getString
("Illegal.value.") + item);
}
+ } else {
+ type = item;
}
}
String n = reqex.getNameByOid(findOidForExtName(type));
@@ -3834,8 +3837,8 @@
e.getExtensionId(),
!e.isCritical(),
e.getExtensionValue());
- ext.set(n, e);
}
+ ext.set(n, e);
} else {
ext.delete(n);
}
--- a/jdk/test/sun/security/tools/keytool/KeyToolTest.java Tue Feb 24 12:45:56 2015 -0800
+++ b/jdk/test/sun/security/tools/keytool/KeyToolTest.java Wed Feb 25 18:30:07 2015 +0800
@@ -1184,6 +1184,16 @@
assertTrue(!a.getExtension(new ObjectIdentifier("2.3.4")).isCritical());
assertTrue(a.getExtensionValue("2.3.4").length == 6);
+ // 8073181: keytool -ext honored not working correctly
+ testOK("", simple+"-gencert -alias ca -infile test.req -ext " +
+ "honored=1.2.3,1.2.4:critical " +
+ "-debug -rfc -outfile test2.cert");
+ testOK("", simple+"-importcert -file test2.cert -alias b");
+ ks = loadStore("x.jks", "changeit", "JKS");
+ X509CertImpl b = (X509CertImpl)ks.getCertificate("b");
+ assertTrue(!b.getExtension(new ObjectIdentifier("1.2.3")).isCritical());
+ assertTrue(b.getExtension(new ObjectIdentifier("1.2.4")).isCritical());
+
remove("x.jks");
remove("test.req");
remove("test.cert");