8284194: Allow empty subject fields in keytool

Reviewed-by: jnimeh, hchao
2025-08-26 14:24:46 +02:00 · 2022-05-15 22:30:06 +00:00 · 2022-05-15 22:30:06 +00:00 · f4f1dddfef
commit f4f1dddfef
parent dc9462137c
4 changed files with 125 additions and 37 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -37,12 +37,10 @@ import java.security.cert.CertStoreException;
 import java.security.cert.CRL;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
-import java.security.cert.CertificateParsingException;
 import java.security.cert.TrustAnchor;
 import java.security.cert.URICertStoreParameters;


-import java.security.spec.ECParameterSpec;
 import java.text.Collator;
 import java.text.MessageFormat;
 import java.util.*;
@ -66,7 +64,6 @@ import sun.security.provider.certpath.CertPathConstraintsParameters;
 import sun.security.util.ConstraintsParameters;
 import sun.security.util.ECKeySizeParameterSpec;
 import sun.security.util.KeyUtil;
-import sun.security.util.NamedCurve;
 import sun.security.util.ObjectIdentifier;
 import sun.security.pkcs10.PKCS10;
 import sun.security.pkcs10.PKCS10Attribute;
@ -3731,11 +3728,13 @@ public final class Main {
        String userInput = null;

        int maxRetry = 20;
+        boolean needRepeat;
        do {
            if (maxRetry-- < 0) {
                throw new RuntimeException(rb.getString(
                        "Too.many.retries.program.terminated"));
            }
+            System.err.println(rb.getString("enter.dname.components"));
            commonName = inputString(in,
                    rb.getString("What.is.your.first.and.last.name."),
                    commonName);
@ -3756,20 +3755,32 @@ public final class Main {
                    rb.getString
                        ("What.is.the.two.letter.country.code.for.this.unit."),
                    country);
-            name = new X500Name(commonName, organizationalUnit, organization,
-                                city, state, country);
-            MessageFormat form = new MessageFormat
-                (rb.getString("Is.name.correct."));
-            Object[] source = {name};
-            userInput = inputString
-                (in, form.format(source), rb.getString("no"));
-        } while (collator.compare(userInput, rb.getString("yes")) != 0 &&
-                 collator.compare(userInput, rb.getString("y")) != 0);
+            name = new X500Name(
+                    dotToNull(commonName), dotToNull(organizationalUnit),
+                    dotToNull(organization), dotToNull(city),
+                    dotToNull(state), dotToNull(country));
+            if (name.isEmpty()) {
+                System.err.println(rb.getString("no.field.in.dname"));
+                needRepeat = true;
+            } else {
+                MessageFormat form = new MessageFormat
+                        (rb.getString("Is.name.correct."));
+                Object[] source = {name};
+                userInput = inputString
+                        (in, form.format(source), rb.getString("no"));
+                needRepeat = collator.compare(userInput, rb.getString("yes")) != 0 &&
+                        collator.compare(userInput, rb.getString("y")) != 0;
+            }
+        } while (needRepeat);

        System.err.println();
        return name;
    }

+    private static String dotToNull(String input) {
+        return ".".equals(input) ? null : input;
+    }
+
    private String inputString(BufferedReader in, String prompt,
                               String defaultValue)
        throws IOException
@ -3777,7 +3788,7 @@ public final class Main {
        System.err.println(prompt);
        MessageFormat form = new MessageFormat
                (rb.getString(".defaultValue."));
-        Object[] source = {defaultValue};
+        Object[] source = { ".".equals(defaultValue) ? "" : defaultValue };
        System.err.print(form.format(source));
        System.err.flush();