|
 |
045ef6 |
# HG changeset patch
|
|
|
045ef6 |
# User andrew
|
|
|
045ef6 |
# Date 1464316115 -3600
|
|
|
045ef6 |
# Fri May 27 03:28:35 2016 +0100
|
|
|
045ef6 |
# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee
|
|
|
045ef6 |
# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a
|
|
|
045ef6 |
PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
|
|
|
045ef6 |
Summary: Add -systemlineendings option to keytool to allow system line endings to be used again.
|
|
|
045ef6 |
|
|
|
045ef6 |
diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/classes/sun/security/pkcs10/PKCS10.java
|
|
|
045ef6 |
--- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
|
|
|
045ef6 |
+++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
|
|
|
045ef6 |
@@ -30,6 +30,7 @@
|
|
|
045ef6 |
import java.io.IOException;
|
|
|
045ef6 |
import java.math.BigInteger;
|
|
|
045ef6 |
|
|
|
045ef6 |
+import java.security.AccessController;
|
|
|
045ef6 |
import java.security.cert.CertificateException;
|
|
|
045ef6 |
import java.security.NoSuchAlgorithmException;
|
|
|
045ef6 |
import java.security.InvalidKeyException;
|
|
|
045ef6 |
@@ -39,6 +40,7 @@
|
|
|
045ef6 |
|
|
|
045ef6 |
import java.util.Base64;
|
|
|
045ef6 |
|
|
|
045ef6 |
+import sun.security.action.GetPropertyAction;
|
|
|
045ef6 |
import sun.security.util.*;
|
|
|
045ef6 |
import sun.security.x509.AlgorithmId;
|
|
|
045ef6 |
import sun.security.x509.X509Key;
|
|
|
045ef6 |
@@ -76,6 +78,14 @@
|
|
|
045ef6 |
* @author Hemma Prafullchandra
|
|
|
045ef6 |
*/
|
|
|
045ef6 |
public class PKCS10 {
|
|
|
045ef6 |
+
|
|
|
045ef6 |
+ private static final byte[] sysLineEndings;
|
|
|
045ef6 |
+
|
|
|
045ef6 |
+ static {
|
|
|
045ef6 |
+ sysLineEndings =
|
|
|
045ef6 |
+ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes();
|
|
|
045ef6 |
+ }
|
|
|
045ef6 |
+
|
|
|
045ef6 |
/**
|
|
|
045ef6 |
* Constructs an unsigned PKCS #10 certificate request. Before this
|
|
|
045ef6 |
* request may be used, it must be encoded and signed. Then it
|
|
|
045ef6 |
@@ -293,13 +303,39 @@
|
|
|
045ef6 |
*/
|
|
|
045ef6 |
public void print(PrintStream out)
|
|
|
045ef6 |
throws IOException, SignatureException {
|
|
|
045ef6 |
+ print(out, false);
|
|
|
045ef6 |
+ }
|
|
|
045ef6 |
+
|
|
|
045ef6 |
+ /**
|
|
|
045ef6 |
+ * Prints an E-Mailable version of the certificate request on the print
|
|
|
045ef6 |
+ * stream passed. The format is a common base64 encoded one, supported
|
|
|
045ef6 |
+ * by most Certificate Authorities because Netscape web servers have
|
|
|
045ef6 |
+ * used this for some time. Some certificate authorities expect some
|
|
|
045ef6 |
+ * more information, in particular contact information for the web
|
|
|
045ef6 |
+ * server administrator.
|
|
|
045ef6 |
+ *
|
|
|
045ef6 |
+ * @param out the print stream where the certificate request
|
|
|
045ef6 |
+ * will be printed.
|
|
|
045ef6 |
+ * @param systemLineEndings true if the request should be terminated
|
|
|
045ef6 |
+ * using the system line endings.
|
|
|
045ef6 |
+ * @exception IOException when an output operation failed
|
|
|
045ef6 |
+ * @exception SignatureException when the certificate request was
|
|
|
045ef6 |
+ * not yet signed.
|
|
|
045ef6 |
+ */
|
|
|
045ef6 |
+ public void print(PrintStream out, boolean systemLineEndings)
|
|
|
045ef6 |
+ throws IOException, SignatureException {
|
|
|
045ef6 |
+ byte[] lineEndings;
|
|
|
045ef6 |
+
|
|
|
045ef6 |
if (encoded == null)
|
|
|
045ef6 |
throw new SignatureException("Cert request was not signed");
|
|
|
045ef6 |
|
|
|
045ef6 |
+ if (systemLineEndings)
|
|
|
045ef6 |
+ lineEndings = sysLineEndings;
|
|
|
045ef6 |
+ else
|
|
|
045ef6 |
+ lineEndings = new byte[] {'\r', '\n'}; // CRLF
|
|
|
045ef6 |
|
|
|
045ef6 |
- byte[] CRLF = new byte[] {'\r', '\n'};
|
|
|
045ef6 |
out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
|
|
|
045ef6 |
- out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(encoded));
|
|
|
045ef6 |
+ out.println(Base64.getMimeEncoder(64, lineEndings).encodeToString(encoded));
|
|
|
045ef6 |
out.println("-----END NEW CERTIFICATE REQUEST-----");
|
|
|
045ef6 |
}
|
|
|
045ef6 |
|
|
|
045ef6 |
diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java
|
|
|
045ef6 |
--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
|
|
|
045ef6 |
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
|
|
|
045ef6 |
@@ -124,6 +124,7 @@
|
|
|
045ef6 |
private String infilename = null;
|
|
|
045ef6 |
private String outfilename = null;
|
|
|
045ef6 |
private String srcksfname = null;
|
|
|
045ef6 |
+ private boolean systemLineEndings = false;
|
|
|
045ef6 |
|
|
|
045ef6 |
// User-specified providers are added before any command is called.
|
|
|
045ef6 |
// However, they are not removed before the end of the main() method.
|
|
|
045ef6 |
@@ -186,7 +187,7 @@
|
|
|
045ef6 |
CERTREQ("Generates.a.certificate.request",
|
|
|
045ef6 |
ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
|
|
|
045ef6 |
STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
|
|
|
045ef6 |
- PROVIDERARG, PROVIDERPATH, V, PROTECTED),
|
|
|
045ef6 |
+ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED),
|
|
|
045ef6 |
CHANGEALIAS("Changes.an.entry.s.alias",
|
|
|
045ef6 |
ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
|
|
|
045ef6 |
STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
|
|
|
045ef6 |
@@ -319,6 +320,7 @@
|
|
|
045ef6 |
STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
|
|
|
045ef6 |
STOREPASS("storepass", "<arg>", "keystore.password"),
|
|
|
045ef6 |
STORETYPE("storetype", "<storetype>", "keystore.type"),
|
|
|
045ef6 |
+ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"),
|
|
|
045ef6 |
TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
|
|
|
045ef6 |
V("v", null, "verbose.output"),
|
|
|
045ef6 |
VALIDITY("validity", "<valDays>", "validity.number.of.days");
|
|
|
045ef6 |
@@ -559,6 +561,8 @@
|
|
|
045ef6 |
protectedPath = true;
|
|
|
045ef6 |
} else if (collator.compare(flags, "-srcprotected") == 0) {
|
|
|
045ef6 |
srcprotectedPath = true;
|
|
|
045ef6 |
+ } else if (collator.compare(flags, "-systemlineendings") == 0) {
|
|
|
045ef6 |
+ systemLineEndings = true;
|
|
|
045ef6 |
} else {
|
|
|
045ef6 |
System.err.println(rb.getString("Illegal.option.") + flags);
|
|
|
045ef6 |
tinyHelp();
|
|
|
045ef6 |
@@ -1463,7 +1467,7 @@
|
|
|
045ef6 |
|
|
|
045ef6 |
// Sign the request and base-64 encode it
|
|
|
045ef6 |
request.encodeAndSign(subject, signature);
|
|
|
045ef6 |
- request.print(out);
|
|
|
045ef6 |
+ request.print(out, systemLineEndings);
|
|
|
045ef6 |
|
|
|
045ef6 |
checkWeak(rb.getString("the.generated.certificate.request"), request);
|
|
|
045ef6 |
}
|
|
|
045ef6 |
@@ -4540,4 +4544,3 @@
|
|
|
045ef6 |
return new Pair<>(a,b);
|
|
|
045ef6 |
}
|
|
|
045ef6 |
}
|
|
|
045ef6 |
-
|
|
|
045ef6 |
diff --git a/src/share/classes/sun/security/tools/keytool/Resources.java b/src/share/classes/sun/security/tools/keytool/Resources.java
|
|
|
045ef6 |
--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
|
|
|
045ef6 |
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
|
|
|
045ef6 |
@@ -168,6 +168,8 @@
|
|
|
045ef6 |
"keystore password"}, //-storepass
|
|
|
045ef6 |
{"keystore.type",
|
|
|
045ef6 |
"keystore type"}, //-storetype
|
|
|
045ef6 |
+ {"system.line.endings",
|
|
|
045ef6 |
+ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings
|
|
|
045ef6 |
{"trust.certificates.from.cacerts",
|
|
|
045ef6 |
"trust certificates from cacerts"}, //-trustcacerts
|
|
|
045ef6 |
{"verbose.output",
|