RFR: 8284194: Allow empty subject fields in keytool

Weijun Wang weijun at openjdk.java.net
Wed May 11 22:02:31 UTC 2022 

This code change allows one entering "." at a distinguished name prompt to skip a sub-component when running `keytool -genkeyapir`. Several new resource strings are added.

There is no detailed description in `keytool.html`, so I think there's no need to update it.

I'll file a CSR to describe the behavior change.

Here is an example after this change:

$ keytool -genkeypair -keystore ks -storepass changeit -alias b -keyalg EC
Enter the distinguished name. Enter a single dot (.) to leave the sub-component empty.
What is your first and last name?
  [Unknown]:  .
What is the name of your organizational unit?
  [Unknown]:  .
What is the name of your organization?
  [Unknown]:  .
What is the name of your City or Locality?
  [Unknown]:  .
What is the name of your State or Province?
  [Unknown]:  .
What is the two-letter country code for this unit?
  [Unknown]:  .
At least one field must be provided. Enter again.
Enter the distinguished name. Enter a single dot (.) to leave the sub-component empty.
What is your first and last name?
  [EMPTY]:  Duke
What is the name of your organizational unit?
  [EMPTY]:
What is the name of your organization?
  [EMPTY]:
What is the name of your City or Locality?
  [EMPTY]:
What is the name of your State or Province?
  [EMPTY]:
What is the two-letter country code for this unit?
  [EMPTY]:
Is CN=Duke correct?
  [no]:  yes

Generating 384 bit EC (secp384r1) key pair and self-signed certificate (SHA384withECDSA) with a validity of 90 days
	for: CN=Duke

In the first round, "." is entered for all fields and keytool rejected it. In the second round, CN is entered but the others are unchanged (just type enter, because they are already entered previously). At the end, the name is "CN=Duke".

-------------

Commit messages:
 - the fix

Changes: https://git.openjdk.java.net/jdk/pull/8667/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=8667&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8284194
  Stats: 128 lines in 4 files changed: 91 ins; 3 del; 34 mod
  Patch: https://git.openjdk.java.net/jdk/pull/8667.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/8667/head:pull/8667

PR: https://git.openjdk.java.net/jdk/pull/8667

More information about the security-dev mailing list