RFR 8023197: Pre-configured command line options for keytool and jarsigner

Xuelei Fan xuelei.fan at oracle.com
Tue Jun 10 06:01:52 UTC 2014 

On 6/10/2014 12:37 PM, Wang Weijun wrote:
> 
> On Jun 6, 2014, at 20:22, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
>> src/share/classes/sun/security/tools/KeyStoreUtil.java
>> ======================================================
>> 224   throw new IOException("Cannot have both " + c1 + " and " + c2);
>> "Cannot have both pre-configured options ..."?
> 
> This means you cannot define both "keytool.genkeypair" and "keytool.genkey". -genkey is an obsolete command name but we still support it secretly.
> 
I mean you may want to mention that this exception occurs in
"pre-configured options".

>>
>> 176         st.whitespaceChars(0x00, 0x20);
>> 177         st.wordChars(0x21, 0xFF);
>> I'm not sure of the code above, would you like have to test for
>> none-ASCII characters?
> 
> I cannot find any spec on this, but the source has
> 
>   ctype = c < 256 ? ct[c] : CT_ALPHA;
> 
> which means every non-ASCII is a word char (no support for wide numerals).
> 
> StreamTokenizer only allows you to categorize the ASCII chars.
> 
I'm not sure too.  If "0x01 0x05" is a character, does the above code
treat the "0x01" and "0x05" as white space?

Here is a Unicode table:
   http://www.tamasoft.co.jp/en/general-info/unicode.html

>>
>> 194  * @param c1 the name of the command, must not be null
>> 195  * @param c2 the alternative command name, null if none.
>> Mention that c1 and c2 need to come with leading '-'?
> 
> I'll add "with the "-" prefix".
> 
>>
>> src/share/classes/sun/security/tools/jarsigner/Main.java
>> ========================================================
>> 293    for (n=0; n < args.length; n++) {
>> Break after the found of the target options?
> 
> I'm looking for both -conf and -verify (and their last appearances). It will be complex to maintain two flags.
> 
One int flag (0, 1, 2) should be enough, and simple.

>>
>> 313    System.out.println("Command line args: " +
>> Define a new resource?
> 
> I suppose it's not necessary to localize debug outputs. The -debug option is also not documented.
> 
OK, please add a comment line.

>>
>> src/share/classes/sun/security/tools/keytool/Main.java
>> 404    for (i=0; i < args.length; i++) {
>> Break after the found of the target options?  Or loop from the end of
>> the array?
> 
> Same reason as above.
> 
See above.

>>
>> 429   System.out.println("Command line args: " +
>> Define a new resource?
> 
> Same reason as above.
> 
See above.

Xuelei

> Thanks
> Max
> 
>>
>> Otherwise, looks fine to me.
>>
>> Thanks,
>> Xuelei
>>
>> On 6/6/2014 3:27 PM, Wang Weijun wrote:
>>> Please review the code changes in
>>>
>>>  http://cr.openjdk.java.net/~weijun/8023197/webrev.02
>>>
>>> This enhancement allows you to put frequently used keytool/jarsigner options into a property file and use -conf to load it. Like this:
>>>
>>>  # A Pre-configured options file
>>>  keytool.all = -storepass:env PASS -keypass:env PASS -keystore ${user.dir}/.p12 -storetype pkcs12
>>>  keytool.genkeypair = -keyalg rsa -keysize 2048 -sigalg SHA256withRSA -validity 365
>>>
>>> Thanks
>>> Max
>>>
>>
>

More information about the security-dev mailing list