# HG changeset patch # User weijun # Date 1511197138 0 # Node ID 13bdafe862289b35b3a958c7eee6f5b04193ae62 # Parent 4b2a34270dad2a75ac6d3e2e270fa60ed86e596b 8029659: Keytool, print key algorithm of certificate or key entry Reviewed-by: xuelei diff -r 4b2a34270dad -r 13bdafe86228 src/share/classes/sun/security/tools/keytool/Main.java --- a/src/share/classes/sun/security/tools/keytool/Main.java Wed Feb 17 15:46:46 2016 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Main.java Mon Nov 20 16:58:58 2017 +0000 @@ -64,7 +64,9 @@ import java.security.cert.X509CRLEntry; import java.security.cert.X509CRLSelector; import javax.security.auth.x500.X500Principal; + import sun.misc.BASE64Encoder; +import sun.security.util.KeyUtil; import sun.security.util.ObjectIdentifier; import sun.security.pkcs10.PKCS10; import sun.security.pkcs10.PKCS10Attribute; @@ -1043,8 +1045,13 @@ doChangeKeyPasswd(alias); kssave = true; } else if (command == LIST) { + if (storePass == null + && !KeyStoreUtil.isWindowsKeyStore(storetype)) { + printWarning(); + } + if (alias != null) { - doPrintEntry(alias, out, true); + doPrintEntry(alias, out); } else { doPrintEntries(out); } @@ -1629,15 +1636,9 @@ /** * Prints a single keystore entry. */ - private void doPrintEntry(String alias, PrintStream out, - boolean printWarning) + private void doPrintEntry(String alias, PrintStream out) throws Exception { - if (storePass == null && printWarning - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } - if (keyStore.containsAlias(alias) == false) { MessageFormat form = new MessageFormat (rb.getString("Alias.alias.does.not.exist")); @@ -1943,13 +1944,6 @@ private void doPrintEntries(PrintStream out) throws Exception { - if (storePass == null - && !KeyStoreUtil.isWindowsKeyStore(storetype)) { - printWarning(); - } else { - out.println(); - } - out.println(rb.getString("Keystore.type.") + keyStore.getType()); out.println(rb.getString("Keystore.provider.") + keyStore.getProvider().getName()); @@ -1968,7 +1962,7 @@ for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) { String alias = e.nextElement(); - doPrintEntry(alias, out, false); + doPrintEntry(alias, out); if (verbose || rfc) { out.println(rb.getString("NEWLINE")); out.println(rb.getString @@ -2766,6 +2760,7 @@ MessageFormat form = new MessageFormat (rb.getString(".PATTERN.printX509Cert")); + PublicKey pkey = cert.getPublicKey(); Object[] source = {cert.getSubjectDN().toString(), cert.getIssuerDN().toString(), cert.getSerialNumber().toString(16), @@ -2775,7 +2770,9 @@ getCertFingerPrint("SHA1", cert), getCertFingerPrint("SHA-256", cert), cert.getSigAlgName(), - cert.getVersion() + pkey.getAlgorithm(), + KeyUtil.getKeySize(pkey), + cert.getVersion(), }; out.println(form.format(source)); diff -r 4b2a34270dad -r 13bdafe86228 src/share/classes/sun/security/tools/keytool/Resources.java --- a/src/share/classes/sun/security/tools/keytool/Resources.java Wed Feb 17 15:46:46 2016 +0000 +++ b/src/share/classes/sun/security/tools/keytool/Resources.java Mon Nov 20 16:58:58 2017 +0000 @@ -335,7 +335,7 @@ {".RETURN.if.same.as.for.otherAlias.", "\t(RETURN if same as for <{0}>)"}, {".PATTERN.printX509Cert", - "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"}, + "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5: {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9} ({10,number,#})\nVersion: {11}"}, {"What.is.your.first.and.last.name.", "What is your first and last name?"}, {"What.is.the.name.of.your.organizational.unit.", diff -r 4b2a34270dad -r 13bdafe86228 test/sun/security/tools/keytool/keyalg.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/keytool/keyalg.sh Mon Nov 20 16:58:58 2017 +0000 @@ -0,0 +1,47 @@ +# +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# @test +# @bug 8029659 +# @summary Keytool, print key algorithm of certificate or key entry +# + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +KS=ks +KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks -storepass changeit -keypass changeit" + +rm $KS 2> /dev/null + +$KEYTOOL -genkeypair -alias ca -dname CN=CA -keyalg EC || exit 1 +$KEYTOOL -genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024 || exit 2 +$KEYTOOL -certreq -alias user | + $KEYTOOL -gencert -alias ca -rfc -sigalg SHA1withECDSA | + $KEYTOOL -printcert > user.dump || exit 3 + +cat user.dump | grep "Signature algorithm name:" | grep SHA1withECDSA || exit 4 +cat user.dump | grep "Subject Public Key Algorithm:" | grep RSA | grep 1024 || exit 5 +