RFR: 8260693: Provide the support for specifying a signer in keytool -genkeypair [v4]

Weijun Wang weijun at openjdk.java.net
Fri Apr 2 01:47:16 UTC 2021

On Thu, 1 Apr 2021 23:36:04 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the changes that adds the -signer option to keytool -genkeypair command. As key agreement algorithms do not have a signing algorithm, the specified signer's private key will be used to sign and generate a key agreement certificate.
>> CSR review is at: https://bugs.openjdk.java.net/browse/JDK-8264325
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>   update with review comments

Only a few minor comments. Approved.

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1978:

> 1976:                     keypair.getPublicKeyAnyway(),
> 1977:                     signerSubjectKeyId);
> 1978:         } else {

No need for an if-else block? `signerSubjectKeyId` is null in this case.

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2013:

> 2011:                     x500Name};
> 2012:             System.err.println(form.format(source));
> 2013:         }

Either put the declaration of `source` outside the if-else block and move the println line outside; or, move the declaration of `form` inside. It looks confusing that `form` is declared outside and `source` inside.

src/java.base/share/classes/sun/security/tools/keytool/Resources.java line 310:

> 308:                 "Generating {0} bit {1} key pair and self-signed certificate ({2}) with a validity of {3} days\n\tfor: {4}"},
> 309:         {"Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.an.entry.signerAlias.with.a.validity.of.validality.days.for",
> 310:                 "Generating {0} bit {1} key pair and a certificate ({2}) issued by an entry <{3}> with a validity of {4} days\n\tfor: {5}"},

I feel "issued by <{3}>" sounds more normal. No need to say "an entry". You decide it.


Marked as reviewed by weijun (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/3281

More information about the security-dev mailing list