46 import java.security.cert.CertStoreException;
47 import java.security.cert.CRL;
48 import java.security.cert.X509Certificate;
49 import java.security.cert.CertificateException;
50 import java.text.Collator;
51 import java.text.MessageFormat;
52 import java.util.*;
53 import java.util.jar.JarEntry;
54 import java.util.jar.JarFile;
55 import java.lang.reflect.Constructor;
56 import java.math.BigInteger;
57 import java.net.URI;
58 import java.net.URL;
59 import java.net.URLClassLoader;
60 import java.security.cert.CertStore;
61
62 import java.security.cert.X509CRL;
63 import java.security.cert.X509CRLEntry;
64 import java.security.cert.X509CRLSelector;
65 import javax.security.auth.x500.X500Principal;
66 import sun.misc.BASE64Encoder;
67 import sun.security.util.ObjectIdentifier;
68 import sun.security.pkcs10.PKCS10;
69 import sun.security.pkcs10.PKCS10Attribute;
70 import sun.security.provider.X509Factory;
71 import sun.security.provider.certpath.CertStoreHelper;
72 import sun.security.util.Password;
73 import javax.crypto.KeyGenerator;
74 import javax.crypto.SecretKey;
75
76 import sun.misc.BASE64Decoder;
77 import sun.security.pkcs.PKCS9Attribute;
78 import sun.security.tools.KeyStoreUtil;
79 import sun.security.tools.PathList;
80 import sun.security.util.DerValue;
81 import sun.security.x509.*;
82
83 import static java.security.KeyStore.*;
84 import static sun.security.tools.keytool.Main.Command.*;
85 import static sun.security.tools.keytool.Main.Option.*;
86
87 /**
88 * This tool manages keystores.
89 *
90 * @author Jan Luehe
91 *
92 *
93 * @see java.security.KeyStore
94 * @see sun.security.provider.KeyProtector
95 * @see sun.security.provider.JavaKeyStore
96 *
339 if (verbose) {
340 e.printStackTrace(System.out);
341 }
342 if (!debug) {
343 System.exit(1);
344 } else {
345 throw e;
346 }
347 } finally {
348 for (char[] pass : passwords) {
349 if (pass != null) {
350 Arrays.fill(pass, ' ');
351 pass = null;
352 }
353 }
354
355 if (ksStream != null) {
356 ksStream.close();
357 }
358 }
359 }
360
361 /**
362 * Parse command line arguments.
363 */
364 void parseArgs(String[] args) {
365
366 int i=0;
367 boolean help = args.length == 0;
368
369 for (i=0; (i < args.length) && args[i].startsWith("-"); i++) {
370
371 String flags = args[i];
372
373 // Check if the last option needs an arg
374 if (i == args.length - 1) {
375 for (Option option: Option.values()) {
376 // Only options with an arg need to be checked
377 if (collator.compare(flags, option.toString()) == 0) {
378 if (option.arg != null) errorNeedArgument(flags);
538 tinyHelp();
539 }
540
541 if (command == null) {
542 if (help) {
543 usage();
544 } else {
545 System.err.println(rb.getString("Usage.error.no.command.provided"));
546 tinyHelp();
547 }
548 } else if (help) {
549 usage();
550 command = null;
551 }
552 }
553
554 boolean isKeyStoreRelated(Command cmd) {
555 return cmd != PRINTCERT && cmd != PRINTCERTREQ;
556 }
557
558 /**
559 * Execute the commands.
560 */
561 void doCommands(PrintStream out) throws Exception {
562
563 if (storetype == null) {
564 storetype = KeyStore.getDefaultType();
565 }
566 storetype = KeyStoreUtil.niceStoreTypeName(storetype);
567
568 if (srcstoretype == null) {
569 srcstoretype = KeyStore.getDefaultType();
570 }
571 srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype);
572
573 if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
574 KeyStoreUtil.isWindowsKeyStore(storetype)) {
575 token = true;
576 if (ksfname == null) {
577 ksfname = NONE;
1172 AlgorithmId.get(sigAlgName)));
1173 info.set(X509CertInfo.ISSUER, issuer);
1174
1175 BufferedReader reader = new BufferedReader(new InputStreamReader(in));
1176 boolean canRead = false;
1177 StringBuffer sb = new StringBuffer();
1178 while (true) {
1179 String s = reader.readLine();
1180 if (s == null) break;
1181 // OpenSSL does not use NEW
1182 //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
1183 if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
1184 canRead = true;
1185 //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
1186 } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
1187 break;
1188 } else if (canRead) {
1189 sb.append(s);
1190 }
1191 }
1192 byte[] rawReq = new BASE64Decoder().decodeBuffer(new String(sb));
1193 PKCS10 req = new PKCS10(rawReq);
1194
1195 info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
1196 info.set(X509CertInfo.SUBJECT,
1197 dname==null?req.getSubjectName():new X500Name(dname));
1198 CertificateExtensions reqex = null;
1199 Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
1200 while (attrs.hasNext()) {
1201 PKCS10Attribute attr = attrs.next();
1202 if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
1203 reqex = (CertificateExtensions)attr.getAttributeValue();
1204 }
1205 }
1206 CertificateExtensions ext = createV3Extensions(
1207 reqex,
1208 null,
1209 v3ext,
1210 req.getSubjectPublicKeyInfo(),
1211 signerCert.getPublicKey());
1212 info.set(X509CertInfo.EXTENSIONS, ext);
1249 sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
1250 }
1251
1252 X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
1253 for (int i=0; i<ids.size(); i++) {
1254 String id = ids.get(i);
1255 int d = id.indexOf(':');
1256 if (d >= 0) {
1257 CRLExtensions ext = new CRLExtensions();
1258 ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
1259 badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
1260 firstDate, ext);
1261 } else {
1262 badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
1263 }
1264 }
1265 X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
1266 crl.sign(privateKey, sigAlgName);
1267 if (rfc) {
1268 out.println("-----BEGIN X509 CRL-----");
1269 new BASE64Encoder().encodeBuffer(crl.getEncodedInternal(), out);
1270 out.println("-----END X509 CRL-----");
1271 } else {
1272 out.write(crl.getEncodedInternal());
1273 }
1274 }
1275
1276 /**
1277 * Creates a PKCS#10 cert signing request, corresponding to the
1278 * keys (and name) associated with a given alias.
1279 */
1280 private void doCertReq(String alias, String sigAlgName, PrintStream out)
1281 throws Exception
1282 {
1283 if (alias == null) {
1284 alias = keyAlias;
1285 }
1286
1287 Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
1288 PrivateKey privKey = (PrivateKey)objs.fst;
1289 if (keyPass == null) {
2131 "verified.by.s.in.s"), issuer, "keystore");
2132 out.println();
2133 }
2134 }
2135 if (issuer == null) {
2136 out.println(rb.getString
2137 ("STAR"));
2138 out.println(rb.getString
2139 ("warning.not.verified.make.sure.keystore.is.correct"));
2140 out.println(rb.getString
2141 ("STARNN"));
2142 }
2143 }
2144 }
2145
2146 private void printCRL(CRL crl, PrintStream out)
2147 throws Exception {
2148 if (rfc) {
2149 X509CRL xcrl = (X509CRL)crl;
2150 out.println("-----BEGIN X509 CRL-----");
2151 new BASE64Encoder().encodeBuffer(xcrl.getEncoded(), out);
2152 out.println("-----END X509 CRL-----");
2153 } else {
2154 out.println(crl.toString());
2155 }
2156 }
2157
2158 private void doPrintCertReq(InputStream in, PrintStream out)
2159 throws Exception {
2160
2161 BufferedReader reader = new BufferedReader(new InputStreamReader(in));
2162 StringBuffer sb = new StringBuffer();
2163 boolean started = false;
2164 while (true) {
2165 String s = reader.readLine();
2166 if (s == null) break;
2167 if (!started) {
2168 if (s.startsWith("-----")) {
2169 started = true;
2170 }
2171 } else {
2172 if (s.startsWith("-----")) {
2173 break;
2174 }
2175 sb.append(s);
2176 }
2177 }
2178 PKCS10 req = new PKCS10(new BASE64Decoder().decodeBuffer(new String(sb)));
2179
2180 PublicKey pkey = req.getSubjectPublicKeyInfo();
2181 out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
2182 req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
2183 for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
2184 ObjectIdentifier oid = attr.getAttributeId();
2185 if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
2186 CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
2187 if (exts != null) {
2188 printExtensions(rb.getString("Extension.Request."), exts, out);
2189 }
2190 } else {
2191 out.println(attr.getAttributeId());
2192 out.println(attr.getAttributeValue());
2193 }
2194 }
2195 if (debug) {
2196 out.println(req); // Just to see more, say, public key length...
2197 }
2198 }
2210 } catch (CertificateException ce) {
2211 throw new Exception(rb.getString("Failed.to.parse.input"), ce);
2212 }
2213 if (c.isEmpty()) {
2214 throw new Exception(rb.getString("Empty.input"));
2215 }
2216 Certificate[] certs = c.toArray(new Certificate[c.size()]);
2217 for (int i=0; i<certs.length; i++) {
2218 X509Certificate x509Cert = null;
2219 try {
2220 x509Cert = (X509Certificate)certs[i];
2221 } catch (ClassCastException cce) {
2222 throw new Exception(rb.getString("Not.X.509.certificate"));
2223 }
2224 if (certs.length > 1) {
2225 MessageFormat form = new MessageFormat
2226 (rb.getString("Certificate.i.1."));
2227 Object[] source = {new Integer(i + 1)};
2228 out.println(form.format(source));
2229 }
2230 if (rfc) dumpCert(x509Cert, out);
2231 else printX509Cert(x509Cert, out);
2232 if (i < (certs.length-1)) {
2233 out.println();
2234 }
2235 }
2236 }
2237
2238 private void doPrintCert(final PrintStream out) throws Exception {
2239 if (jarfile != null) {
2240 JarFile jf = new JarFile(jarfile, true);
2241 Enumeration<JarEntry> entries = jf.entries();
2242 Set<CodeSigner> ss = new HashSet<>();
2243 byte[] buffer = new byte[8192];
2244 int pos = 0;
2245 while (entries.hasMoreElements()) {
2246 JarEntry je = entries.nextElement();
2247 try (InputStream is = jf.getInputStream(je)) {
2248 while (is.read(buffer) != -1) {
2249 // we just read. this will throw a SecurityException
2250 // if a signature/digest check fails. This also
2251 // populate the signers
2929 (rb.getString(".defaultValue."));
2930 Object[] source = {defaultValue};
2931 System.err.print(form.format(source));
2932 System.err.flush();
2933
2934 String value = in.readLine();
2935 if (value == null || collator.compare(value, "") == 0) {
2936 value = defaultValue;
2937 }
2938 return value;
2939 }
2940
2941 /**
2942 * Writes an X.509 certificate in base64 or binary encoding to an output
2943 * stream.
2944 */
2945 private void dumpCert(Certificate cert, PrintStream out)
2946 throws IOException, CertificateException
2947 {
2948 if (rfc) {
2949 BASE64Encoder encoder = new BASE64Encoder();
2950 out.println(X509Factory.BEGIN_CERT);
2951 encoder.encodeBuffer(cert.getEncoded(), out);
2952 out.println(X509Factory.END_CERT);
2953 } else {
2954 out.write(cert.getEncoded()); // binary
2955 }
2956 }
2957
2958 /**
2959 * Converts a byte to hex digit and writes to the supplied buffer
2960 */
2961 private void byte2hex(byte b, StringBuffer buf) {
2962 char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
2963 '9', 'A', 'B', 'C', 'D', 'E', 'F' };
2964 int high = ((b & 0xf0) >> 4);
2965 int low = (b & 0x0f);
2966 buf.append(hexChars[high]);
2967 buf.append(hexChars[low]);
2968 }
2969
2970 /**
2971 * Converts a byte array to hex string
|
46 import java.security.cert.CertStoreException;
47 import java.security.cert.CRL;
48 import java.security.cert.X509Certificate;
49 import java.security.cert.CertificateException;
50 import java.text.Collator;
51 import java.text.MessageFormat;
52 import java.util.*;
53 import java.util.jar.JarEntry;
54 import java.util.jar.JarFile;
55 import java.lang.reflect.Constructor;
56 import java.math.BigInteger;
57 import java.net.URI;
58 import java.net.URL;
59 import java.net.URLClassLoader;
60 import java.security.cert.CertStore;
61
62 import java.security.cert.X509CRL;
63 import java.security.cert.X509CRLEntry;
64 import java.security.cert.X509CRLSelector;
65 import javax.security.auth.x500.X500Principal;
66 import java.util.Base64;
67 import sun.security.util.ObjectIdentifier;
68 import sun.security.pkcs10.PKCS10;
69 import sun.security.pkcs10.PKCS10Attribute;
70 import sun.security.provider.X509Factory;
71 import sun.security.provider.certpath.CertStoreHelper;
72 import sun.security.util.Password;
73 import javax.crypto.KeyGenerator;
74 import javax.crypto.SecretKey;
75
76 import sun.security.pkcs.PKCS9Attribute;
77 import sun.security.tools.KeyStoreUtil;
78 import sun.security.tools.PathList;
79 import sun.security.util.DerValue;
80 import sun.security.x509.*;
81
82 import static java.security.KeyStore.*;
83 import static sun.security.tools.keytool.Main.Command.*;
84 import static sun.security.tools.keytool.Main.Option.*;
85
86 /**
87 * This tool manages keystores.
88 *
89 * @author Jan Luehe
90 *
91 *
92 * @see java.security.KeyStore
93 * @see sun.security.provider.KeyProtector
94 * @see sun.security.provider.JavaKeyStore
95 *
338 if (verbose) {
339 e.printStackTrace(System.out);
340 }
341 if (!debug) {
342 System.exit(1);
343 } else {
344 throw e;
345 }
346 } finally {
347 for (char[] pass : passwords) {
348 if (pass != null) {
349 Arrays.fill(pass, ' ');
350 pass = null;
351 }
352 }
353
354 if (ksStream != null) {
355 ksStream.close();
356 }
357 }
358
359 }
360
361 /**
362 * Parse command line arguments.
363 */
364 void parseArgs(String[] args) {
365
366 int i=0;
367 boolean help = args.length == 0;
368
369 for (i=0; (i < args.length) && args[i].startsWith("-"); i++) {
370
371 String flags = args[i];
372
373 // Check if the last option needs an arg
374 if (i == args.length - 1) {
375 for (Option option: Option.values()) {
376 // Only options with an arg need to be checked
377 if (collator.compare(flags, option.toString()) == 0) {
378 if (option.arg != null) errorNeedArgument(flags);
538 tinyHelp();
539 }
540
541 if (command == null) {
542 if (help) {
543 usage();
544 } else {
545 System.err.println(rb.getString("Usage.error.no.command.provided"));
546 tinyHelp();
547 }
548 } else if (help) {
549 usage();
550 command = null;
551 }
552 }
553
554 boolean isKeyStoreRelated(Command cmd) {
555 return cmd != PRINTCERT && cmd != PRINTCERTREQ;
556 }
557
558
559 /**
560 * Execute the commands.
561 */
562 void doCommands(PrintStream out) throws Exception {
563
564 if (storetype == null) {
565 storetype = KeyStore.getDefaultType();
566 }
567 storetype = KeyStoreUtil.niceStoreTypeName(storetype);
568
569 if (srcstoretype == null) {
570 srcstoretype = KeyStore.getDefaultType();
571 }
572 srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype);
573
574 if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
575 KeyStoreUtil.isWindowsKeyStore(storetype)) {
576 token = true;
577 if (ksfname == null) {
578 ksfname = NONE;
1173 AlgorithmId.get(sigAlgName)));
1174 info.set(X509CertInfo.ISSUER, issuer);
1175
1176 BufferedReader reader = new BufferedReader(new InputStreamReader(in));
1177 boolean canRead = false;
1178 StringBuffer sb = new StringBuffer();
1179 while (true) {
1180 String s = reader.readLine();
1181 if (s == null) break;
1182 // OpenSSL does not use NEW
1183 //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
1184 if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
1185 canRead = true;
1186 //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
1187 } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
1188 break;
1189 } else if (canRead) {
1190 sb.append(s);
1191 }
1192 }
1193 byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb));
1194 PKCS10 req = new PKCS10(rawReq);
1195
1196 info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
1197 info.set(X509CertInfo.SUBJECT,
1198 dname==null?req.getSubjectName():new X500Name(dname));
1199 CertificateExtensions reqex = null;
1200 Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
1201 while (attrs.hasNext()) {
1202 PKCS10Attribute attr = attrs.next();
1203 if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
1204 reqex = (CertificateExtensions)attr.getAttributeValue();
1205 }
1206 }
1207 CertificateExtensions ext = createV3Extensions(
1208 reqex,
1209 null,
1210 v3ext,
1211 req.getSubjectPublicKeyInfo(),
1212 signerCert.getPublicKey());
1213 info.set(X509CertInfo.EXTENSIONS, ext);
1250 sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
1251 }
1252
1253 X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
1254 for (int i=0; i<ids.size(); i++) {
1255 String id = ids.get(i);
1256 int d = id.indexOf(':');
1257 if (d >= 0) {
1258 CRLExtensions ext = new CRLExtensions();
1259 ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d+1))));
1260 badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)),
1261 firstDate, ext);
1262 } else {
1263 badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
1264 }
1265 }
1266 X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
1267 crl.sign(privateKey, sigAlgName);
1268 if (rfc) {
1269 out.println("-----BEGIN X509 CRL-----");
1270 String base64EncodedCrlString = Base64.getMimeEncoder().encodeToString(crl.getEncodedInternal());
1271 out.println(base64EncodedCrlString);
1272 out.println("-----END X509 CRL-----");
1273 } else {
1274 out.write(crl.getEncodedInternal());
1275 }
1276 }
1277
1278 /**
1279 * Creates a PKCS#10 cert signing request, corresponding to the
1280 * keys (and name) associated with a given alias.
1281 */
1282 private void doCertReq(String alias, String sigAlgName, PrintStream out)
1283 throws Exception
1284 {
1285 if (alias == null) {
1286 alias = keyAlias;
1287 }
1288
1289 Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
1290 PrivateKey privKey = (PrivateKey)objs.fst;
1291 if (keyPass == null) {
2133 "verified.by.s.in.s"), issuer, "keystore");
2134 out.println();
2135 }
2136 }
2137 if (issuer == null) {
2138 out.println(rb.getString
2139 ("STAR"));
2140 out.println(rb.getString
2141 ("warning.not.verified.make.sure.keystore.is.correct"));
2142 out.println(rb.getString
2143 ("STARNN"));
2144 }
2145 }
2146 }
2147
2148 private void printCRL(CRL crl, PrintStream out)
2149 throws Exception {
2150 if (rfc) {
2151 X509CRL xcrl = (X509CRL)crl;
2152 out.println("-----BEGIN X509 CRL-----");
2153 String base64EncodedCrlString = Base64.getMimeEncoder().encodeToString(xcrl.getEncoded());
2154 out.println(base64EncodedCrlString);
2155 out.println("-----END X509 CRL-----");
2156 } else {
2157 out.println(crl.toString());
2158 }
2159 }
2160
2161 private void doPrintCertReq(InputStream in, PrintStream out)
2162 throws Exception {
2163
2164 BufferedReader reader = new BufferedReader(new InputStreamReader(in));
2165 StringBuffer sb = new StringBuffer();
2166 boolean started = false;
2167 while (true) {
2168 String s = reader.readLine();
2169 if (s == null) break;
2170 if (!started) {
2171 if (s.startsWith("-----")) {
2172 started = true;
2173 }
2174 } else {
2175 if (s.startsWith("-----")) {
2176 break;
2177 }
2178 sb.append(s);
2179 }
2180 }
2181 PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));
2182
2183 PublicKey pkey = req.getSubjectPublicKeyInfo();
2184 out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
2185 req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
2186 for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
2187 ObjectIdentifier oid = attr.getAttributeId();
2188 if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
2189 CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
2190 if (exts != null) {
2191 printExtensions(rb.getString("Extension.Request."), exts, out);
2192 }
2193 } else {
2194 out.println(attr.getAttributeId());
2195 out.println(attr.getAttributeValue());
2196 }
2197 }
2198 if (debug) {
2199 out.println(req); // Just to see more, say, public key length...
2200 }
2201 }
2213 } catch (CertificateException ce) {
2214 throw new Exception(rb.getString("Failed.to.parse.input"), ce);
2215 }
2216 if (c.isEmpty()) {
2217 throw new Exception(rb.getString("Empty.input"));
2218 }
2219 Certificate[] certs = c.toArray(new Certificate[c.size()]);
2220 for (int i=0; i<certs.length; i++) {
2221 X509Certificate x509Cert = null;
2222 try {
2223 x509Cert = (X509Certificate)certs[i];
2224 } catch (ClassCastException cce) {
2225 throw new Exception(rb.getString("Not.X.509.certificate"));
2226 }
2227 if (certs.length > 1) {
2228 MessageFormat form = new MessageFormat
2229 (rb.getString("Certificate.i.1."));
2230 Object[] source = {new Integer(i + 1)};
2231 out.println(form.format(source));
2232 }
2233 if (rfc)
2234 dumpCert(x509Cert, out);
2235 else
2236 printX509Cert(x509Cert, out);
2237 if (i < (certs.length-1)) {
2238 out.println();
2239 }
2240 }
2241 }
2242
2243 private void doPrintCert(final PrintStream out) throws Exception {
2244 if (jarfile != null) {
2245 JarFile jf = new JarFile(jarfile, true);
2246 Enumeration<JarEntry> entries = jf.entries();
2247 Set<CodeSigner> ss = new HashSet<>();
2248 byte[] buffer = new byte[8192];
2249 int pos = 0;
2250 while (entries.hasMoreElements()) {
2251 JarEntry je = entries.nextElement();
2252 try (InputStream is = jf.getInputStream(je)) {
2253 while (is.read(buffer) != -1) {
2254 // we just read. this will throw a SecurityException
2255 // if a signature/digest check fails. This also
2256 // populate the signers
2934 (rb.getString(".defaultValue."));
2935 Object[] source = {defaultValue};
2936 System.err.print(form.format(source));
2937 System.err.flush();
2938
2939 String value = in.readLine();
2940 if (value == null || collator.compare(value, "") == 0) {
2941 value = defaultValue;
2942 }
2943 return value;
2944 }
2945
2946 /**
2947 * Writes an X.509 certificate in base64 or binary encoding to an output
2948 * stream.
2949 */
2950 private void dumpCert(Certificate cert, PrintStream out)
2951 throws IOException, CertificateException
2952 {
2953 if (rfc) {
2954 out.println(X509Factory.BEGIN_CERT);
2955 String base64EncodedCertString = Base64.getMimeEncoder().encodeToString(cert.getEncoded());
2956 out.println(base64EncodedCertString);
2957 out.println(X509Factory.END_CERT);
2958 } else {
2959 out.write(cert.getEncoded()); // binary
2960 }
2961 }
2962
2963 /**
2964 * Converts a byte to hex digit and writes to the supplied buffer
2965 */
2966 private void byte2hex(byte b, StringBuffer buf) {
2967 char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
2968 '9', 'A', 'B', 'C', 'D', 'E', 'F' };
2969 int high = ((b & 0xf0) >> 4);
2970 int low = (b & 0x0f);
2971 buf.append(hexChars[high]);
2972 buf.append(hexChars[low]);
2973 }
2974
2975 /**
2976 * Converts a byte array to hex string
|