RFR 8023197: Pre-configured command line options for keytool and jarsigner

Wang Weijun weijun.wang at oracle.com
Tue Jun 10 04:37:16 UTC 2014 

On Jun 6, 2014, at 20:22, Xuelei Fan <xuelei.fan at oracle.com> wrote:

> src/share/classes/sun/security/tools/KeyStoreUtil.java
> ======================================================
> 224   throw new IOException("Cannot have both " + c1 + " and " + c2);
> "Cannot have both pre-configured options ..."?

This means you cannot define both "keytool.genkeypair" and "keytool.genkey". -genkey is an obsolete command name but we still support it secretly.

> 
> 176         st.whitespaceChars(0x00, 0x20);
> 177         st.wordChars(0x21, 0xFF);
> I'm not sure of the code above, would you like have to test for
> none-ASCII characters?

I cannot find any spec on this, but the source has

  ctype = c < 256 ? ct[c] : CT_ALPHA;

which means every non-ASCII is a word char (no support for wide numerals).

StreamTokenizer only allows you to categorize the ASCII chars.

> 
> 194  * @param c1 the name of the command, must not be null
> 195  * @param c2 the alternative command name, null if none.
> Mention that c1 and c2 need to come with leading '-'?

I'll add "with the "-" prefix".

> 
> src/share/classes/sun/security/tools/jarsigner/Main.java
> ========================================================
> 293    for (n=0; n < args.length; n++) {
> Break after the found of the target options?

I'm looking for both -conf and -verify (and their last appearances). It will be complex to maintain two flags.

> 
> 313    System.out.println("Command line args: " +
> Define a new resource?

I suppose it's not necessary to localize debug outputs. The -debug option is also not documented.

> 
> src/share/classes/sun/security/tools/keytool/Main.java
> 404    for (i=0; i < args.length; i++) {
> Break after the found of the target options?  Or loop from the end of
> the array?

Same reason as above.

> 
> 429   System.out.println("Command line args: " +
> Define a new resource?

Same reason as above.

Thanks
Max

> 
> Otherwise, looks fine to me.
> 
> Thanks,
> Xuelei
> 
> On 6/6/2014 3:27 PM, Wang Weijun wrote:
>> Please review the code changes in
>> 
>>  http://cr.openjdk.java.net/~weijun/8023197/webrev.02
>> 
>> This enhancement allows you to put frequently used keytool/jarsigner options into a property file and use -conf to load it. Like this:
>> 
>>  # A Pre-configured options file
>>  keytool.all = -storepass:env PASS -keypass:env PASS -keystore ${user.dir}/.p12 -storetype pkcs12
>>  keytool.genkeypair = -keyalg rsa -keysize 2048 -sigalg SHA256withRSA -validity 365
>> 
>> Thanks
>> Max
>> 
>

More information about the security-dev mailing list