keytool is not in jdk-base-image

Weijun Wang weijun.wang at oracle.com
Sun Sep 4 17:46:10 PDT 2011 

I see three kinds of solutions in your reply:

1. Move something to a module
2. Make a function optional
3. Re-write PathList inside keytool

I understand #3 is something I need to do and #1 is configured somewhere 
in class classification. What about #2? To make a function optional, 
what will the user experience be?

Does it mean when a module is not installed, the function just fails 
with a ClassNotFoundException? Or I can write something like 
Class.forName() inside to show user a warning message?

Thanks
Max


On 09/01/2011 11:28 PM, Sean Mullan wrote:
> On 8/31/11 8:46 PM, Weijun Wang wrote:
>>
>>
>> On 09/01/2011 05:53 AM, Mandy Chung wrote:
>>> On 8/31/11 2:34 PM, Sean Mullan wrote:
>>>> It will be difficult to sign modules without keytool. (It's possible,
>>>> but you
>>>> would have to have a keystore already setup with your keys and
>>>> certificates and
>>>> know the alias name, etc).
>>>
>>> But keytool depends on jsse and jndi. Can these dependencies be
>>> eliminated or as optional?
>>
>> The jndi dependence can be optional, but keytool needs the jsse module
>> to generate certs. See below:
>>
>>>
>>> sun.security.tools.JarSigner ->  sun.security.util.PathList (sun.jsse)
>>
>> JarSigner?
>>
>>> sun.security.tools.KeyTool ->  javax.net.ssl.HttpsURLConnection (sun.jsse)
>>> sun.security.tools.KeyTool ->  javax.net.ssl.SSLContext (sun.jsse)
>>> sun.security.tools.KeyTool ->  javax.net.ssl.TrustManager (sun.jsse)
>>   >  sun.security.tools.KeyTool$2 ->  javax.net.ssl.X509TrustManager (sun.jsse)
>>   >  sun.security.tools.KeyTool$3 ->  javax.net.ssl.HostnameVerifier (sun.jsse)
>>   >  sun.security.tools.KeyTool$3 ->  javax.net.ssl.SSLSession (sun.jsse)
>>
>> for keytool -printcert -sslserver<ssl_server>
>
> This option is very specific to SSL. Can we make this optional? The option would
> fail if sun.jsse is not installed.
>
>>> sun.security.tools.KeyTool ->  sun.security.pkcs.PKCS10 (sun.jsse)
>>> sun.security.tools.KeyTool ->  sun.security.pkcs.PKCS10Attribute (sun.jsse)
>>> sun.security.tools.KeyTool ->  sun.security.pkcs.PKCS10Attributes (sun.jsse)
>
> Move these into jdk.tools.base. I don't think anything else uses PKCS10.
>
>>
>> for keytool -certreq
>>
>>> sun.security.tools.KeyTool ->
>>> sun.security.provider.certpath.ldap.LDAPCertStoreHelper (sun.jndi)
>>
>> for keytool -printcrl -file ldap://....
>
> Ok, we should make that optional so jndi is not required.
>
>>
>>> sun.security.tools.KeyTool ->  sun.security.util.PathList (sun.jsse)
>>
>> PathList is a utility class to create "a:b:c" on Unix and "a;b;c" on
>> Windows. Is there a similar tool inside base?
>
> This class is simple enough that we can just copy the functionality into keytool.
>
>>> sun.security.tools.KeyTool ->  sun.security.x509.CertAndKeyGen (sun.jsse)
>>
>> for keytool -genkeypair and keytool -gencert
>
> Move CertAndKeyGen into jdk.tools.base. I don't think anything else uses it.
>
> --Sean

More information about the jigsaw-dev mailing list