< prev index next >

src/java.base/share/classes/sun/security/tools/keytool/Main.java

Print this page




  67 import java.security.cert.CertStore;
  68 
  69 import java.security.cert.X509CRL;
  70 import java.security.cert.X509CRLEntry;
  71 import java.security.cert.X509CRLSelector;
  72 import javax.security.auth.x500.X500Principal;
  73 import java.util.Base64;
  74 
  75 import sun.security.pkcs12.PKCS12KeyStore;
  76 import sun.security.util.ECKeySizeParameterSpec;
  77 import sun.security.util.KeyUtil;
  78 import sun.security.util.NamedCurve;
  79 import sun.security.util.ObjectIdentifier;
  80 import sun.security.pkcs10.PKCS10;
  81 import sun.security.pkcs10.PKCS10Attribute;
  82 import sun.security.provider.X509Factory;
  83 import sun.security.provider.certpath.ssl.SSLServerCertStore;
  84 import sun.security.util.Password;
  85 import sun.security.util.SecurityProperties;
  86 import sun.security.util.SecurityProviderConstants;
  87 import sun.security.util.SignatureUtil;
  88 import javax.crypto.KeyGenerator;
  89 import javax.crypto.SecretKey;
  90 import javax.crypto.SecretKeyFactory;
  91 import javax.crypto.spec.PBEKeySpec;
  92 
  93 import sun.security.pkcs.PKCS9Attribute;
  94 import sun.security.tools.KeyStoreUtil;
  95 import sun.security.tools.PathList;
  96 import sun.security.util.DerValue;
  97 import sun.security.util.Pem;
  98 import sun.security.x509.*;
  99 
 100 import static java.security.KeyStore.*;
 101 import java.security.Security;
 102 import static sun.security.tools.keytool.Main.Command.*;
 103 import static sun.security.tools.keytool.Main.Option.*;
 104 import sun.security.util.DisabledAlgorithmConstraints;
 105 
 106 /**
 107  * This tool manages keystores.


1425         Certificate signerCert = keyStore.getCertificate(alias);
1426         byte[] encoded = signerCert.getEncoded();
1427         X509CertImpl signerCertImpl = new X509CertImpl(encoded);
1428         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
1429                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
1430         X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
1431                                            X509CertInfo.DN_NAME);
1432 
1433         Date firstDate = getStartDate(startDate);
1434         Date lastDate = new Date();
1435         lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
1436         CertificateValidity interval = new CertificateValidity(firstDate,
1437                                                                lastDate);
1438 
1439         PrivateKey privateKey =
1440                 (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
1441         if (sigAlgName == null) {
1442             sigAlgName = getCompatibleSigAlgName(privateKey);
1443         }
1444         Signature signature = Signature.getInstance(sigAlgName);
1445         AlgorithmParameterSpec params = AlgorithmId
1446                 .getDefaultAlgorithmParameterSpec(sigAlgName, privateKey);
1447 
1448         SignatureUtil.initSignWithParam(signature, privateKey, params, null);
1449 
1450         X509CertInfo info = new X509CertInfo();


1451         AlgorithmId algID = AlgorithmId.getWithParameterSpec(sigAlgName, params);
1452         info.set(X509CertInfo.VALIDITY, interval);
1453         info.set(X509CertInfo.SERIAL_NUMBER,
1454                 CertificateSerialNumber.newRandom64bit(new SecureRandom()));
1455         info.set(X509CertInfo.VERSION,
1456                     new CertificateVersion(CertificateVersion.V3));
1457         info.set(X509CertInfo.ALGORITHM_ID,
1458                     new CertificateAlgorithmId(algID));
1459         info.set(X509CertInfo.ISSUER, issuer);
1460 
1461         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
1462         boolean canRead = false;
1463         StringBuffer sb = new StringBuffer();
1464         while (true) {
1465             String s = reader.readLine();
1466             if (s == null) break;
1467             // OpenSSL does not use NEW
1468             //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
1469             if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
1470                 canRead = true;


1584 
1585         Certificate cert = keyStore.getCertificate(alias);
1586         if (cert == null) {
1587             MessageFormat form = new MessageFormat
1588                 (rb.getString("alias.has.no.public.key.certificate."));
1589             Object[] source = {alias};
1590             throw new Exception(form.format(source));
1591         }
1592         PKCS10 request = new PKCS10(cert.getPublicKey());
1593         CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
1594         // Attribute name is not significant
1595         request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
1596                 new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
1597 
1598         // Construct a Signature object, so that we can sign the request
1599         if (sigAlgName == null) {
1600             sigAlgName = getCompatibleSigAlgName(privKey);
1601         }
1602 
1603         Signature signature = Signature.getInstance(sigAlgName);

1604         AlgorithmParameterSpec params = AlgorithmId
1605                 .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
1606         SignatureUtil.initSignWithParam(signature, privKey, params, null);


1607 
1608         X500Name subject = dname == null?
1609                 new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
1610                 new X500Name(dname);
1611 
1612         // Sign the request and base-64 encode it
1613         request.encodeAndSign(subject, signature);
1614         request.print(out);
1615 
1616         checkWeak(rb.getString("the.generated.certificate.request"), request);
1617     }
1618 
1619     /**
1620      * Deletes an entry from the keystore.
1621      */
1622     private void doDeleteEntry(String alias) throws Exception {
1623         if (keyStore.containsAlias(alias) == false) {
1624             MessageFormat form = new MessageFormat
1625                 (rb.getString("Alias.alias.does.not.exist"));
1626             Object[] source = {alias};




  67 import java.security.cert.CertStore;
  68 
  69 import java.security.cert.X509CRL;
  70 import java.security.cert.X509CRLEntry;
  71 import java.security.cert.X509CRLSelector;
  72 import javax.security.auth.x500.X500Principal;
  73 import java.util.Base64;
  74 
  75 import sun.security.pkcs12.PKCS12KeyStore;
  76 import sun.security.util.ECKeySizeParameterSpec;
  77 import sun.security.util.KeyUtil;
  78 import sun.security.util.NamedCurve;
  79 import sun.security.util.ObjectIdentifier;
  80 import sun.security.pkcs10.PKCS10;
  81 import sun.security.pkcs10.PKCS10Attribute;
  82 import sun.security.provider.X509Factory;
  83 import sun.security.provider.certpath.ssl.SSLServerCertStore;
  84 import sun.security.util.Password;
  85 import sun.security.util.SecurityProperties;
  86 import sun.security.util.SecurityProviderConstants;

  87 import javax.crypto.KeyGenerator;
  88 import javax.crypto.SecretKey;
  89 import javax.crypto.SecretKeyFactory;
  90 import javax.crypto.spec.PBEKeySpec;
  91 
  92 import sun.security.pkcs.PKCS9Attribute;
  93 import sun.security.tools.KeyStoreUtil;
  94 import sun.security.tools.PathList;
  95 import sun.security.util.DerValue;
  96 import sun.security.util.Pem;
  97 import sun.security.x509.*;
  98 
  99 import static java.security.KeyStore.*;
 100 import java.security.Security;
 101 import static sun.security.tools.keytool.Main.Command.*;
 102 import static sun.security.tools.keytool.Main.Option.*;
 103 import sun.security.util.DisabledAlgorithmConstraints;
 104 
 105 /**
 106  * This tool manages keystores.


1424         Certificate signerCert = keyStore.getCertificate(alias);
1425         byte[] encoded = signerCert.getEncoded();
1426         X509CertImpl signerCertImpl = new X509CertImpl(encoded);
1427         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
1428                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
1429         X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
1430                                            X509CertInfo.DN_NAME);
1431 
1432         Date firstDate = getStartDate(startDate);
1433         Date lastDate = new Date();
1434         lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
1435         CertificateValidity interval = new CertificateValidity(firstDate,
1436                                                                lastDate);
1437 
1438         PrivateKey privateKey =
1439                 (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
1440         if (sigAlgName == null) {
1441             sigAlgName = getCompatibleSigAlgName(privateKey);
1442         }
1443         Signature signature = Signature.getInstance(sigAlgName);
1444         signature.initSign(privateKey);



1445 
1446         X509CertInfo info = new X509CertInfo();
1447         AlgorithmParameterSpec params = AlgorithmId
1448                 .getDefaultAlgorithmParameterSpec(sigAlgName, privateKey);
1449         AlgorithmId algID = AlgorithmId.getWithParameterSpec(sigAlgName, params);
1450         info.set(X509CertInfo.VALIDITY, interval);
1451         info.set(X509CertInfo.SERIAL_NUMBER,
1452                 CertificateSerialNumber.newRandom64bit(new SecureRandom()));
1453         info.set(X509CertInfo.VERSION,
1454                     new CertificateVersion(CertificateVersion.V3));
1455         info.set(X509CertInfo.ALGORITHM_ID,
1456                     new CertificateAlgorithmId(algID));
1457         info.set(X509CertInfo.ISSUER, issuer);
1458 
1459         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
1460         boolean canRead = false;
1461         StringBuffer sb = new StringBuffer();
1462         while (true) {
1463             String s = reader.readLine();
1464             if (s == null) break;
1465             // OpenSSL does not use NEW
1466             //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
1467             if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
1468                 canRead = true;


1582 
1583         Certificate cert = keyStore.getCertificate(alias);
1584         if (cert == null) {
1585             MessageFormat form = new MessageFormat
1586                 (rb.getString("alias.has.no.public.key.certificate."));
1587             Object[] source = {alias};
1588             throw new Exception(form.format(source));
1589         }
1590         PKCS10 request = new PKCS10(cert.getPublicKey());
1591         CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
1592         // Attribute name is not significant
1593         request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
1594                 new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
1595 
1596         // Construct a Signature object, so that we can sign the request
1597         if (sigAlgName == null) {
1598             sigAlgName = getCompatibleSigAlgName(privKey);
1599         }
1600 
1601         Signature signature = Signature.getInstance(sigAlgName);
1602         signature.initSign(privKey);
1603         AlgorithmParameterSpec params = AlgorithmId
1604                 .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
1605         if (params != null) {
1606             signature.setParameter(params);
1607         }
1608 
1609         X500Name subject = dname == null?
1610                 new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
1611                 new X500Name(dname);
1612 
1613         // Sign the request and base-64 encode it
1614         request.encodeAndSign(subject, signature);
1615         request.print(out);
1616 
1617         checkWeak(rb.getString("the.generated.certificate.request"), request);
1618     }
1619 
1620     /**
1621      * Deletes an entry from the keystore.
1622      */
1623     private void doDeleteEntry(String alias) throws Exception {
1624         if (keyStore.containsAlias(alias) == false) {
1625             MessageFormat form = new MessageFormat
1626                 (rb.getString("Alias.alias.does.not.exist"));
1627             Object[] source = {alias};


< prev index next >