Mercurial > hg > icedtea8-forest > jdk
changeset 14889:f0b6b7e77cdf
8141457: keytool default cert fingerprint algorithm should be SHA-256
Reviewed-by: mullan
| author | weijun |
|---|---|
| date | Wed, 02 Dec 2015 16:44:54 +0800 |
| parents | e720b78d3083 |
| children | 1a096444c130 |
| files | src/share/classes/sun/security/tools/keytool/Main.java src/share/classes/sun/security/tools/keytool/Resources.java |
| diffstat | 2 files changed, 7 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/tools/keytool/Main.java Thu Nov 05 11:35:54 2020 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Wed Dec 02 16:44:54 2015 +0800 @@ -1933,8 +1933,8 @@ } else { // Print the digest of the user cert only out.println - (rb.getString("Certificate.fingerprint.SHA1.") + - getCertFingerPrint("SHA1", chain[0])); + (rb.getString("Certificate.fingerprint.SHA.256.") + + getCertFingerPrint("SHA-256", chain[0])); checkWeak(label, chain[0]); } } @@ -1955,8 +1955,8 @@ out.println(cert.toString()); } else { out.println("trustedCertEntry, "); - out.println(rb.getString("Certificate.fingerprint.SHA1.") - + getCertFingerPrint("SHA1", cert)); + out.println(rb.getString("Certificate.fingerprint.SHA.256.") + + getCertFingerPrint("SHA-256", cert)); } checkWeak(label, cert); } else { @@ -3105,23 +3105,6 @@ private void printX509Cert(X509Certificate cert, PrintStream out) throws Exception { - /* - out.println("Owner: " - + cert.getSubjectDN().toString() - + "\n" - + "Issuer: " - + cert.getIssuerDN().toString() - + "\n" - + "Serial number: " + cert.getSerialNumber().toString(16) - + "\n" - + "Valid from: " + cert.getNotBefore().toString() - + " until: " + cert.getNotAfter().toString() - + "\n" - + "Certificate fingerprints:\n" - + "\t MD5: " + getCertFingerPrint("MD5", cert) - + "\n" - + "\t SHA1: " + getCertFingerPrint("SHA1", cert)); - */ MessageFormat form = new MessageFormat (rb.getString(".PATTERN.printX509Cert.with.weak")); @@ -3136,8 +3119,7 @@ cert.getSerialNumber().toString(16), cert.getNotBefore().toString(), cert.getNotAfter().toString(), - getCertFingerPrint("MD5", cert), - getCertFingerPrint("SHA1", cert), + getCertFingerPrint("SHA-1", cert), getCertFingerPrint("SHA-256", cert), sigName, withWeak(pkey),
--- a/src/share/classes/sun/security/tools/keytool/Resources.java Thu Nov 05 11:35:54 2020 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources.java Wed Dec 02 16:44:54 2015 +0800 @@ -306,7 +306,7 @@ {"Entry.type.type.", "Entry type: {0}"}, {"Certificate.chain.length.", "Certificate chain length: "}, {"Certificate.i.1.", "Certificate[{0,number,integer}]:"}, - {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "}, + {"Certificate.fingerprint.SHA.256.", "Certificate fingerprint (SHA-256): "}, {"Keystore.type.", "Keystore type: "}, {"Keystore.provider.", "Keystore provider: "}, {"Your.keystore.contains.keyStore.size.entry", @@ -446,7 +446,7 @@ {"key.bit", "%1$d-bit %2$s key"}, {"key.bit.weak", "%1$d-bit %2$s key (weak)"}, {".PATTERN.printX509Cert.with.weak", - "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9}\nVersion: {10}"}, + "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8} ({9,number,#})\nVersion: {10}"}, {"PKCS.10.with.weak", "PKCS #10 Certificate Request (Version 1.0)\n" + "Subject: %1$s\nFormat: %2$s\nPublic Key: %3$s\nSignature algorithm: %4$s\n"},