archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8342062: Reformat keytool and jarsigner output for keys with a named parameter set

Browse source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2025-01-13 13:43:52 +00:00
parent cc19897202
commit fa5ff82eb3
12 changed files with 162 additions and 160 deletions
Download patch file Download diff file Expand all files Collapse all files

89
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,8 +39,8 @@ import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.URICertStoreParameters;
import java.security.spec.ECParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.*;
@ -61,19 +61,12 @@ import java.util.Base64;
import sun.security.pkcs12.PKCS12KeyStore;
import sun.security.provider.certpath.CertPathConstraintsParameters;
import sun.security.util.ConstraintsParameters;
import sun.security.util.ECKeySizeParameterSpec;
import sun.security.util.KeyUtil;
import sun.security.util.ObjectIdentifier;
import sun.security.util.*;
import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
import sun.security.provider.certpath.ssl.SSLServerCertStore;
import sun.security.util.KnownOIDs;
import sun.security.util.Password;
import sun.security.util.SecurityProperties;
import sun.security.util.SecurityProviderConstants;
import sun.security.util.SignatureUtil;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@ -82,15 +75,12 @@ import javax.crypto.spec.PBEKeySpec;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.tools.KeyStoreUtil;
import sun.security.tools.PathList;
import sun.security.util.DerValue;
import sun.security.util.Pem;
import sun.security.validator.Validator;
import sun.security.x509.*;
import static java.security.KeyStore.*;
import static sun.security.tools.keytool.Main.Command.*;
import static sun.security.tools.keytool.Main.Option.*;
import sun.security.util.DisabledAlgorithmConstraints;
/**
* This tool manages keystores.
@ -2035,20 +2025,18 @@ public final class Main {
Object[] source;
if (signerAlias != null) {
form = new MessageFormat(rb.getString
("Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.validality.days.for"));
("Generating.full.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.days.for"));
source = new Object[]{
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
KeyUtil.fullDisplayAlgName(privKey),
fullDisplayKeyName(privKey),
newCert.getSigAlgName(),
signerAlias,
validity,
x500Name};
} else {
form = new MessageFormat(rb.getString
("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
("Generating.full.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.days.for"));
source = new Object[]{
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
KeyUtil.fullDisplayAlgName(privKey),
fullDisplayKeyName(privKey),
newCert.getSigAlgName(),
validity,
x500Name};
@ -2073,6 +2061,38 @@ public final class Main {
keyStore.setKeyEntry(alias, privKey, keyPass, finalChain);
}
/**
* Returns the full display name of the given key object. Could be
* - "X25519", if its getParams() is NamedParameterSpec
* - "EC (secp256r1)", if it's an EC key
* - "1024-bit RSA", other known keys
* - plain algorithm name, otherwise
*
* Note: the same method appears in keytool and jarsigner which uses
* same resource string defined in their own Resources.java.
*
* @param key the key object, cannot be null
* @return the full name
*/
private static String fullDisplayKeyName(Key key) {
var alg = key.getAlgorithm();
if (key instanceof AsymmetricKey ak) {
var params = ak.getParams();
if (params instanceof NamedParameterSpec nps) {
return nps.getName(); // directly return
} else if (params instanceof ECParameterSpec eps) {
var nc = CurveDB.lookup(eps);
if (nc != null) {
alg += " (" + nc.getNameAndAliases()[0] + ")"; // append name
}
}
}
var size = KeyUtil.getKeySize(key);
return size >= 0
? String.format(rb.getString("size.bit.alg"), size, alg)
: alg;
}
private String ecGroupNameForSize(int size) throws Exception {
AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
ap.init(new ECKeySizeParameterSpec(size));
@ -3598,22 +3618,17 @@ public final class Main {
private String withWeakConstraint(Key key,
CertPathConstraintsParameters cpcp) {
int kLen = KeyUtil.getKeySize(key);
String displayAlg = KeyUtil.fullDisplayAlgName(key);
String displayAlg = fullDisplayKeyName(key);
try {
DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.disabled"), kLen, displayAlg);
return String.format(rb.getString("key.bit.disabled"), displayAlg);
}
try {
LEGACY_CHECK.permits(key.getAlgorithm(), cpcp, true);
if (kLen >= 0) {
return String.format(rb.getString("key.bit"), kLen, displayAlg);
} else {
return String.format(rb.getString("unknown.size.1"), displayAlg);
}
return String.format(rb.getString("key.bit"), displayAlg);
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.weak"), kLen, displayAlg);
return String.format(rb.getString("key.bit.weak"), displayAlg);
}
}
@ -4977,14 +4992,12 @@ public final class Main {
} catch (CertPathValidatorException e) {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
String.format(rb.getString("key.bit"), fullDisplayKeyName(key))));
}
} catch (CertPathValidatorException e) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
String.format(rb.getString("key.bit"), fullDisplayKeyName(key))));
}
}
}
@ -5004,13 +5017,11 @@ public final class Main {
if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
String.format(rb.getString("key.bit"), fullDisplayKeyName(key))));
} else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
String.format(rb.getString("key.bit"), fullDisplayKeyName(key))));
}
}
}
@ -5075,7 +5086,7 @@ public final class Main {
weakWarnings.add(String.format(
rb.getString("key.size.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(secKey), secKeyAlg)));
fullDisplayKeyName(secKey))));
} else {
weakWarnings.add(String.format(
rb.getString("key.algorithm.weak"), label, secKeyAlg));