RFR 8023197: Pre-configured command line options for keytool and jarsigner
Wang Weijun
weijun.wang at oracle.com
Tue Jun 10 04:37:16 UTC 2014
On Jun 6, 2014, at 20:22, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> src/share/classes/sun/security/tools/KeyStoreUtil.java
> ======================================================
> 224 throw new IOException("Cannot have both " + c1 + " and " + c2);
> "Cannot have both pre-configured options ..."?
This means you cannot define both "keytool.genkeypair" and "keytool.genkey". -genkey is an obsolete command name but we still support it secretly.
>
> 176 st.whitespaceChars(0x00, 0x20);
> 177 st.wordChars(0x21, 0xFF);
> I'm not sure of the code above, would you like have to test for
> none-ASCII characters?
I cannot find any spec on this, but the source has
ctype = c < 256 ? ct[c] : CT_ALPHA;
which means every non-ASCII is a word char (no support for wide numerals).
StreamTokenizer only allows you to categorize the ASCII chars.
>
> 194 * @param c1 the name of the command, must not be null
> 195 * @param c2 the alternative command name, null if none.
> Mention that c1 and c2 need to come with leading '-'?
I'll add "with the "-" prefix".
>
> src/share/classes/sun/security/tools/jarsigner/Main.java
> ========================================================
> 293 for (n=0; n < args.length; n++) {
> Break after the found of the target options?
I'm looking for both -conf and -verify (and their last appearances). It will be complex to maintain two flags.
>
> 313 System.out.println("Command line args: " +
> Define a new resource?
I suppose it's not necessary to localize debug outputs. The -debug option is also not documented.
>
> src/share/classes/sun/security/tools/keytool/Main.java
> 404 for (i=0; i < args.length; i++) {
> Break after the found of the target options? Or loop from the end of
> the array?
Same reason as above.
>
> 429 System.out.println("Command line args: " +
> Define a new resource?
Same reason as above.
Thanks
Max
>
> Otherwise, looks fine to me.
>
> Thanks,
> Xuelei
>
> On 6/6/2014 3:27 PM, Wang Weijun wrote:
>> Please review the code changes in
>>
>> http://cr.openjdk.java.net/~weijun/8023197/webrev.02
>>
>> This enhancement allows you to put frequently used keytool/jarsigner options into a property file and use -conf to load it. Like this:
>>
>> # A Pre-configured options file
>> keytool.all = -storepass:env PASS -keypass:env PASS -keystore ${user.dir}/.p12 -storetype pkcs12
>> keytool.genkeypair = -keyalg rsa -keysize 2048 -sigalg SHA256withRSA -validity 365
>>
>> Thanks
>> Max
>>
>
More information about the security-dev
mailing list