8212003: Deprecating the default keytool -keyalg option

Reviewed-by: mullan, xuelei
2025-08-26 22:34:27 +02:00 · 2018-11-17 18:11:23 +08:00 · 2018-11-17 18:11:23 +08:00 · c20332c412
commit c20332c412
parent 3e936d3cd9
5 changed files with 88 additions and 22 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -1123,12 +1123,16 @@ public final class Main {
        } else if (command == GENKEYPAIR) {
            if (keyAlgName == null) {
                keyAlgName = "DSA";
+                weakWarnings.add(String.format(rb.getString(
+                        "keyalg.option.1.missing.warning"), keyAlgName));
            }
            doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
            kssave = true;
        } else if (command == GENSECKEY) {
            if (keyAlgName == null) {
                keyAlgName = "DES";
+                weakWarnings.add(String.format(rb.getString(
+                        "keyalg.option.1.missing.warning"), keyAlgName));
            }
            doGenSecretKey(alias, keyAlgName, keysize);
            kssave = true;
@ -1758,13 +1762,11 @@ public final class Main {
            keygen.init(keysize);
            secKey = keygen.generateKey();

-            if (verbose) {
-                MessageFormat form = new MessageFormat(rb.getString
-                    ("Generated.keysize.bit.keyAlgName.secret.key"));
-                Object[] source = {keysize,
-                                    secKey.getAlgorithm()};
-                System.err.println(form.format(source));
-            }
+            MessageFormat form = new MessageFormat(rb.getString
+                ("Generated.keysize.bit.keyAlgName.secret.key"));
+            Object[] source = {keysize,
+                                secKey.getAlgorithm()};
+            System.err.println(form.format(source));
        }

        if (keyPass == null) {
@ -1841,6 +1843,7 @@ public final class Main {
        // If DN is provided, parse it. Otherwise, prompt the user for it.
        X500Name x500Name;
        if (dname == null) {
+            printWeakWarnings(true);
            x500Name = getX500Name();
        } else {
            x500Name = new X500Name(dname);
@ -1866,16 +1869,14 @@ public final class Main {
        chain[0] = keypair.getSelfCertificate(
                x500Name, getStartDate(startDate), validity*24L*60L*60L, ext);

-        if (verbose) {
-            MessageFormat form = new MessageFormat(rb.getString
-                ("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
-            Object[] source = {keysize,
-                                privKey.getAlgorithm(),
-                                chain[0].getSigAlgName(),
-                                validity,
-                                x500Name};
-            System.err.println(form.format(source));
-        }
+        MessageFormat form = new MessageFormat(rb.getString
+            ("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
+        Object[] source = {keysize,
+                            privKey.getAlgorithm(),
+                            chain[0].getSigAlgName(),
+                            validity,
+                            x500Name};
+        System.err.println(form.format(source));

        if (keyPass == null) {
            keyPass = promptForKeyPass(alias, null, storePass);