How about a ToolProvider for jarsigner (and maybe keytool)?

[Weijun Wang]

Hi Philipp,

Thanks for looking into this. 

We have thought about this several years ago (when ToolProvider was created and javac became a tool) but had decided not to do it. 

There were several reasons:

1. These tools have too many functions, esp, keytool. 

2. There are user interactions that do not match the ToolProvider style, especially, the password input. 

3. A lot of functions are already available through public APIs, for example, verification of signed jars, reading certificates, managing entries in a keystore. 

So at last we decided to only extract some
functions (that can only be down with the tool) into individual APIs and let these tools call them. This includes:

1. Signing of jars. 

2. Generating certificates and certificate requests. 

The first is now a JDK API. The second one is stalled. We are not sure how useful it is and it’s a pain describing X.509 extensions.

Any more discussion is welcome. 

Thanks,
Max

> 在 2019年2月27日，15:25，Philipp Kunz <philipp.kunz at paratix.ch> 写道：
> 
> Quite a few command line tools are available through java.util.spi.ToolProvider. But not so jarsigner and keytool.