7109096
: keytool -genkeypair needn't call -selfcert
Reviewed-by: xuelei
This commit is contained in:
parent
890f9e2884
commit
54229dbc54
@ -33,18 +33,7 @@ import java.security.*;
|
||||
import java.util.Date;
|
||||
|
||||
import sun.security.pkcs10.PKCS10;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
import sun.security.x509.CertificateAlgorithmId;
|
||||
import sun.security.x509.CertificateIssuerName;
|
||||
import sun.security.x509.CertificateSerialNumber;
|
||||
import sun.security.x509.CertificateSubjectName;
|
||||
import sun.security.x509.CertificateValidity;
|
||||
import sun.security.x509.CertificateVersion;
|
||||
import sun.security.x509.CertificateX509Key;
|
||||
import sun.security.x509.X500Name;
|
||||
import sun.security.x509.X509CertImpl;
|
||||
import sun.security.x509.X509CertInfo;
|
||||
import sun.security.x509.X509Key;
|
||||
import sun.security.x509.*;
|
||||
|
||||
|
||||
/**
|
||||
@ -165,6 +154,13 @@ public final class CertAndKeyGen {
|
||||
|
||||
publicKey = pair.getPublic();
|
||||
privateKey = pair.getPrivate();
|
||||
|
||||
// publicKey's format must be X.509 otherwise
|
||||
// the whole CertGen part of this class is broken.
|
||||
if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
|
||||
throw new IllegalArgumentException("publicKey's is not X.509, but "
|
||||
+ publicKey.getFormat());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -186,6 +182,16 @@ public final class CertAndKeyGen {
|
||||
return (X509Key)publicKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Always returns the public key of the generated key pair. Used
|
||||
* by KeyTool only.
|
||||
*
|
||||
* The publicKey is not necessarily to be an instance of
|
||||
* X509Key in some JCA/JCE providers, for example SunPKCS11.
|
||||
*/
|
||||
public PublicKey getPublicKeyAnyway() {
|
||||
return publicKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the private key of the generated key pair.
|
||||
@ -200,7 +206,6 @@ public final class CertAndKeyGen {
|
||||
return privateKey;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns a self-signed X.509v3 certificate for the public key.
|
||||
* The certificate is immediately valid. No extensions.
|
||||
@ -224,6 +229,15 @@ public final class CertAndKeyGen {
|
||||
X500Name myname, Date firstDate, long validity)
|
||||
throws CertificateException, InvalidKeyException, SignatureException,
|
||||
NoSuchAlgorithmException, NoSuchProviderException
|
||||
{
|
||||
return getSelfCertificate(myname, firstDate, validity, null);
|
||||
}
|
||||
|
||||
// Like above, plus a CertificateExtensions argument, which can be null.
|
||||
public X509Certificate getSelfCertificate (X500Name myname, Date firstDate,
|
||||
long validity, CertificateExtensions ext)
|
||||
throws CertificateException, InvalidKeyException, SignatureException,
|
||||
NoSuchAlgorithmException, NoSuchProviderException
|
||||
{
|
||||
X509CertImpl cert;
|
||||
Date lastDate;
|
||||
@ -248,6 +262,7 @@ public final class CertAndKeyGen {
|
||||
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
|
||||
info.set(X509CertInfo.VALIDITY, interval);
|
||||
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
|
||||
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
|
||||
|
||||
cert = new X509CertImpl(info);
|
||||
cert.sign(privateKey, this.sigAlg);
|
||||
|
@ -1518,9 +1518,16 @@ public final class KeyTool {
|
||||
keypair.generate(keysize);
|
||||
PrivateKey privKey = keypair.getPrivateKey();
|
||||
|
||||
CertificateExtensions ext = createV3Extensions(
|
||||
null,
|
||||
null,
|
||||
v3ext,
|
||||
keypair.getPublicKeyAnyway(),
|
||||
null);
|
||||
|
||||
X509Certificate[] chain = new X509Certificate[1];
|
||||
chain[0] = keypair.getSelfCertificate(
|
||||
x500Name, getStartDate(startDate), validity*24L*60L*60L);
|
||||
x500Name, getStartDate(startDate), validity*24L*60L*60L, ext);
|
||||
|
||||
if (verbose) {
|
||||
MessageFormat form = new MessageFormat(rb.getString
|
||||
@ -1537,9 +1544,6 @@ public final class KeyTool {
|
||||
keyPass = promptForKeyPass(alias, null, storePass);
|
||||
}
|
||||
keyStore.setKeyEntry(alias, privKey, keyPass, chain);
|
||||
|
||||
// resign so that -ext are applied.
|
||||
doSelfCert(alias, null, sigAlgName);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user