117 private int keysize = -1;
118 private boolean rfc = false;
119 private long validity = (long)90;
120 private String alias = null;
121 private String dname = null;
122 private String dest = null;
123 private String filename = null;
124 private String infilename = null;
125 private String outfilename = null;
126 private String srcksfname = null;
127
128 // User-specified providers are added before any command is called.
129 // However, they are not removed before the end of the main() method.
130 // If you're calling KeyTool.main() directly in your own Java program,
131 // please programtically add any providers you need and do not specify
132 // them through the command line.
133
134 private Set<Pair <String, String>> providers = null;
135 private Set<Pair <String, String>> providerClasses = null;
136 private String storetype = null;
137 private boolean hasStoretypeOption = false;
138 private boolean hasSrcStoretypeOption = false;
139 private String srcProviderName = null;
140 private String providerName = null;
141 private String pathlist = null;
142 private char[] storePass = null;
143 private char[] storePassNew = null;
144 private char[] keyPass = null;
145 private char[] keyPassNew = null;
146 private char[] newPass = null;
147 private char[] destKeyPass = null;
148 private char[] srckeyPass = null;
149 private String ksfname = null;
150 private File ksfile = null;
151 private InputStream ksStream = null; // keystore stream
152 private String sslserver = null;
153 private String jarfile = null;
154 private KeyStore keyStore = null;
155 private boolean token = false;
156 private boolean nullStream = false;
157 private boolean kssave = false;
158 private boolean noprompt = false;
532 } else if (collator.compare(flags, "-conf") == 0) {
533 i++;
534 } else if (collator.compare(flags, "-nowarn") == 0) {
535 nowarn = true;
536 } else if (collator.compare(flags, "-keystore") == 0) {
537 ksfname = args[++i];
538 if (new File(ksfname).getCanonicalPath().equals(
539 new File(KeyStoreUtil.getCacerts()).getCanonicalPath())) {
540 System.err.println(rb.getString("warning.cacerts.option"));
541 }
542 } else if (collator.compare(flags, "-destkeystore") == 0) {
543 ksfname = args[++i];
544 } else if (collator.compare(flags, "-cacerts") == 0) {
545 cacerts = true;
546 } else if (collator.compare(flags, "-storepass") == 0 ||
547 collator.compare(flags, "-deststorepass") == 0) {
548 storePass = getPass(modifier, args[++i]);
549 passwords.add(storePass);
550 } else if (collator.compare(flags, "-storetype") == 0 ||
551 collator.compare(flags, "-deststoretype") == 0) {
552 storetype = args[++i];
553 hasStoretypeOption = true;
554 } else if (collator.compare(flags, "-srcstorepass") == 0) {
555 srcstorePass = getPass(modifier, args[++i]);
556 passwords.add(srcstorePass);
557 } else if (collator.compare(flags, "-srcstoretype") == 0) {
558 srcstoretype = args[++i];
559 hasSrcStoretypeOption = true;
560 } else if (collator.compare(flags, "-srckeypass") == 0) {
561 srckeyPass = getPass(modifier, args[++i]);
562 passwords.add(srckeyPass);
563 } else if (collator.compare(flags, "-srcprovidername") == 0) {
564 srcProviderName = args[++i];
565 } else if (collator.compare(flags, "-providername") == 0 ||
566 collator.compare(flags, "-destprovidername") == 0) {
567 providerName = args[++i];
568 } else if (collator.compare(flags, "-providerpath") == 0) {
569 pathlist = args[++i];
570 } else if (collator.compare(flags, "-keypass") == 0) {
571 keyPass = getPass(modifier, args[++i]);
572 passwords.add(keyPass);
573 } else if (collator.compare(flags, "-new") == 0) {
574 newPass = getPass(modifier, args[++i]);
575 passwords.add(newPass);
576 } else if (collator.compare(flags, "-destkeypass") == 0) {
577 destKeyPass = getPass(modifier, args[++i]);
578 passwords.add(destKeyPass);
579 } else if (collator.compare(flags, "-alias") == 0 ||
691 return args;
692 }
693
694 boolean isKeyStoreRelated(Command cmd) {
695 return cmd != PRINTCERT && cmd != PRINTCERTREQ;
696 }
697
698 /**
699 * Execute the commands.
700 */
701 void doCommands(PrintStream out) throws Exception {
702
703 if (cacerts) {
704 if (ksfname != null || storetype != null) {
705 throw new IllegalArgumentException(rb.getString
706 ("the.keystore.or.storetype.option.cannot.be.used.with.the.cacerts.option"));
707 }
708 ksfname = KeyStoreUtil.getCacerts();
709 }
710
711 if (storetype == null) {
712 storetype = KeyStore.getDefaultType();
713 }
714 storetype = KeyStoreUtil.niceStoreTypeName(storetype);
715
716 if (srcstoretype == null) {
717 srcstoretype = KeyStore.getDefaultType();
718 }
719 srcstoretype = KeyStoreUtil.niceStoreTypeName(srcstoretype);
720
721 if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
722 KeyStoreUtil.isWindowsKeyStore(storetype)) {
723 token = true;
724 if (ksfname == null) {
725 ksfname = NONE;
726 }
727 }
728 if (NONE.equals(ksfname)) {
729 nullStream = true;
730 }
731
732 if (token && !nullStream) {
733 System.err.println(MessageFormat.format(rb.getString
734 (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype));
735 System.err.println();
736 tinyHelp();
737 }
738
739 if (token &&
740 (command == KEYPASSWD || command == STOREPASSWD)) {
741 throw new UnsupportedOperationException(MessageFormat.format(rb.getString
742 (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype));
743 }
744
745 if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
746 throw new UnsupportedOperationException(rb.getString
747 (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
748 }
749
750 if (token && (keyPass != null || newPass != null || destKeyPass != null)) {
751 throw new IllegalArgumentException(MessageFormat.format(rb.getString
752 (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype));
753 }
754
755 if (protectedPath) {
756 if (storePass != null || keyPass != null ||
757 newPass != null || destKeyPass != null) {
758 throw new IllegalArgumentException(rb.getString
759 ("if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified"));
760 }
761 }
762
763 if (srcprotectedPath) {
764 if (srcstorePass != null || srckeyPass != null) {
765 throw new IllegalArgumentException(rb.getString
766 ("if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified"));
767 }
768 }
769
906
907 if ((command == KEYCLONE || command == CHANGEALIAS)
908 && dest == null) {
909 dest = getAlias("destination");
910 if ("".equals(dest)) {
911 throw new Exception(rb.getString
912 ("Must.specify.destination.alias"));
913 }
914 }
915
916 if (command == DELETE && alias == null) {
917 alias = getAlias(null);
918 if ("".equals(alias)) {
919 throw new Exception(rb.getString("Must.specify.alias"));
920 }
921 }
922
923 // Create new keystore
924 // Probe for keystore type when filename is available
925 if (ksfile != null && ksStream != null && providerName == null &&
926 hasStoretypeOption == false && !inplaceImport) {
927 keyStore = KeyStore.getInstance(ksfile, storePass);
928 } else {
929 if (providerName == null) {
930 keyStore = KeyStore.getInstance(storetype);
931 } else {
932 keyStore = KeyStore.getInstance(storetype, providerName);
933 }
934
935 /*
936 * Load the keystore data.
937 *
938 * At this point, it's OK if no keystore password has been provided.
939 * We want to make sure that we can load the keystore data, i.e.,
940 * the keystore data has the right format. If we cannot load the
941 * keystore, why bother asking the user for his or her password?
942 * Only if we were able to load the keystore, and no keystore
943 * password has been provided, will we prompt the user for the
944 * keystore password to verify the keystore integrity.
945 * This means that the keystore is loaded twice: first load operation
946 * checks the keystore format, second load operation verifies the
947 * keystore integrity.
948 *
949 * If the keystore password has already been provided (at the
950 * command line), however, the keystore is loaded only once, and the
951 * keystore format and integrity are checked "at the same time".
952 *
953 * Null stream keystores are loaded later.
954 */
955 if (!nullStream) {
956 if (inplaceImport) {
957 keyStore.load(null, storePass);
958 } else {
959 keyStore.load(ksStream, storePass);
960 }
961 if (ksStream != null) {
962 ksStream.close();
963 }
964 }
965 }
966
967 // All commands that create or modify the keystore require a keystore
968 // password.
969
970 if (nullStream && storePass != null) {
971 keyStore.load(null, storePass);
972 } else if (!nullStream && storePass != null) {
973 // If we are creating a new non nullStream-based keystore,
974 // insist that the password be at least 6 characters
975 if (ksStream == null && storePass.length < 6) {
976 throw new Exception(rb.getString
977 ("Keystore.password.must.be.at.least.6.characters"));
978 }
979 } else if (storePass == null) {
980
981 // only prompt if (protectedPath == false)
982
983 if (!protectedPath && !KeyStoreUtil.isWindowsKeyStore(storetype) &&
984 (command == CERTREQ ||
985 command == DELETE ||
986 command == GENKEYPAIR ||
2105
2106 InputStream is = null;
2107 File srcksfile = null;
2108
2109 if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
2110 KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
2111 if (!NONE.equals(srcksfname)) {
2112 System.err.println(MessageFormat.format(rb.getString
2113 (".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
2114 System.err.println();
2115 tinyHelp();
2116 }
2117 } else {
2118 srcksfile = new File(srcksfname);
2119 is = new FileInputStream(srcksfile);
2120 }
2121
2122 KeyStore store;
2123 try {
2124 // Probe for keystore type when filename is available
2125 if (srcksfile != null && is != null && srcProviderName == null &&
2126 hasSrcStoretypeOption == false) {
2127 store = KeyStore.getInstance(srcksfile, srcstorePass);
2128 } else {
2129 if (srcProviderName == null) {
2130 store = KeyStore.getInstance(srcstoretype);
2131 } else {
2132 store = KeyStore.getInstance(srcstoretype, srcProviderName);
2133 }
2134 }
2135
2136 if (srcstorePass == null
2137 && !srcprotectedPath
2138 && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
2139 System.err.print(rb.getString("Enter.source.keystore.password."));
2140 System.err.flush();
2141 srcstorePass = Password.readPassword(System.in);
2142 passwords.add(srcstorePass);
2143 }
2144
2145 // always let keypass be storepass when using pkcs12
2146 if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
2147 if (srckeyPass != null && srcstorePass != null &&
2148 !Arrays.equals(srcstorePass, srckeyPass)) {
|
117 private int keysize = -1;
118 private boolean rfc = false;
119 private long validity = (long)90;
120 private String alias = null;
121 private String dname = null;
122 private String dest = null;
123 private String filename = null;
124 private String infilename = null;
125 private String outfilename = null;
126 private String srcksfname = null;
127
128 // User-specified providers are added before any command is called.
129 // However, they are not removed before the end of the main() method.
130 // If you're calling KeyTool.main() directly in your own Java program,
131 // please programtically add any providers you need and do not specify
132 // them through the command line.
133
134 private Set<Pair <String, String>> providers = null;
135 private Set<Pair <String, String>> providerClasses = null;
136 private String storetype = null;
137 private String srcProviderName = null;
138 private String providerName = null;
139 private String pathlist = null;
140 private char[] storePass = null;
141 private char[] storePassNew = null;
142 private char[] keyPass = null;
143 private char[] keyPassNew = null;
144 private char[] newPass = null;
145 private char[] destKeyPass = null;
146 private char[] srckeyPass = null;
147 private String ksfname = null;
148 private File ksfile = null;
149 private InputStream ksStream = null; // keystore stream
150 private String sslserver = null;
151 private String jarfile = null;
152 private KeyStore keyStore = null;
153 private boolean token = false;
154 private boolean nullStream = false;
155 private boolean kssave = false;
156 private boolean noprompt = false;
530 } else if (collator.compare(flags, "-conf") == 0) {
531 i++;
532 } else if (collator.compare(flags, "-nowarn") == 0) {
533 nowarn = true;
534 } else if (collator.compare(flags, "-keystore") == 0) {
535 ksfname = args[++i];
536 if (new File(ksfname).getCanonicalPath().equals(
537 new File(KeyStoreUtil.getCacerts()).getCanonicalPath())) {
538 System.err.println(rb.getString("warning.cacerts.option"));
539 }
540 } else if (collator.compare(flags, "-destkeystore") == 0) {
541 ksfname = args[++i];
542 } else if (collator.compare(flags, "-cacerts") == 0) {
543 cacerts = true;
544 } else if (collator.compare(flags, "-storepass") == 0 ||
545 collator.compare(flags, "-deststorepass") == 0) {
546 storePass = getPass(modifier, args[++i]);
547 passwords.add(storePass);
548 } else if (collator.compare(flags, "-storetype") == 0 ||
549 collator.compare(flags, "-deststoretype") == 0) {
550 storetype = KeyStoreUtil.niceStoreTypeName(args[++i]);
551 } else if (collator.compare(flags, "-srcstorepass") == 0) {
552 srcstorePass = getPass(modifier, args[++i]);
553 passwords.add(srcstorePass);
554 } else if (collator.compare(flags, "-srcstoretype") == 0) {
555 srcstoretype = KeyStoreUtil.niceStoreTypeName(args[++i]);
556 } else if (collator.compare(flags, "-srckeypass") == 0) {
557 srckeyPass = getPass(modifier, args[++i]);
558 passwords.add(srckeyPass);
559 } else if (collator.compare(flags, "-srcprovidername") == 0) {
560 srcProviderName = args[++i];
561 } else if (collator.compare(flags, "-providername") == 0 ||
562 collator.compare(flags, "-destprovidername") == 0) {
563 providerName = args[++i];
564 } else if (collator.compare(flags, "-providerpath") == 0) {
565 pathlist = args[++i];
566 } else if (collator.compare(flags, "-keypass") == 0) {
567 keyPass = getPass(modifier, args[++i]);
568 passwords.add(keyPass);
569 } else if (collator.compare(flags, "-new") == 0) {
570 newPass = getPass(modifier, args[++i]);
571 passwords.add(newPass);
572 } else if (collator.compare(flags, "-destkeypass") == 0) {
573 destKeyPass = getPass(modifier, args[++i]);
574 passwords.add(destKeyPass);
575 } else if (collator.compare(flags, "-alias") == 0 ||
687 return args;
688 }
689
690 boolean isKeyStoreRelated(Command cmd) {
691 return cmd != PRINTCERT && cmd != PRINTCERTREQ;
692 }
693
694 /**
695 * Execute the commands.
696 */
697 void doCommands(PrintStream out) throws Exception {
698
699 if (cacerts) {
700 if (ksfname != null || storetype != null) {
701 throw new IllegalArgumentException(rb.getString
702 ("the.keystore.or.storetype.option.cannot.be.used.with.the.cacerts.option"));
703 }
704 ksfname = KeyStoreUtil.getCacerts();
705 }
706
707 if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
708 KeyStoreUtil.isWindowsKeyStore(storetype)) {
709 token = true;
710 if (ksfname == null) {
711 ksfname = NONE;
712 }
713 }
714 if (NONE.equals(ksfname)) {
715 nullStream = true;
716 }
717
718 if (token && !nullStream) {
719 System.err.println(MessageFormat.format(rb.getString
720 (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype));
721 System.err.println();
722 tinyHelp();
723 }
724
725 if (token &&
726 (command == KEYPASSWD || command == STOREPASSWD)) {
727 throw new UnsupportedOperationException(MessageFormat.format(rb.getString
728 (".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}"), storetype));
729 }
730
731 if (token && (keyPass != null || newPass != null || destKeyPass != null)) {
732 throw new IllegalArgumentException(MessageFormat.format(rb.getString
733 (".keypass.and.new.can.not.be.specified.if.storetype.is.{0}"), storetype));
734 }
735
736 if (protectedPath) {
737 if (storePass != null || keyPass != null ||
738 newPass != null || destKeyPass != null) {
739 throw new IllegalArgumentException(rb.getString
740 ("if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified"));
741 }
742 }
743
744 if (srcprotectedPath) {
745 if (srcstorePass != null || srckeyPass != null) {
746 throw new IllegalArgumentException(rb.getString
747 ("if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified"));
748 }
749 }
750
887
888 if ((command == KEYCLONE || command == CHANGEALIAS)
889 && dest == null) {
890 dest = getAlias("destination");
891 if ("".equals(dest)) {
892 throw new Exception(rb.getString
893 ("Must.specify.destination.alias"));
894 }
895 }
896
897 if (command == DELETE && alias == null) {
898 alias = getAlias(null);
899 if ("".equals(alias)) {
900 throw new Exception(rb.getString("Must.specify.alias"));
901 }
902 }
903
904 // Create new keystore
905 // Probe for keystore type when filename is available
906 if (ksfile != null && ksStream != null && providerName == null &&
907 !inplaceImport) {
908 keyStore = KeyStore.getInstance(ksfile, storePass);
909 storetype = keyStore.getType();
910 } else {
911 if (storetype == null) {
912 storetype = KeyStore.getDefaultType();
913 }
914 if (providerName == null) {
915 keyStore = KeyStore.getInstance(storetype);
916 } else {
917 keyStore = KeyStore.getInstance(storetype, providerName);
918 }
919
920 /*
921 * Load the keystore data.
922 *
923 * At this point, it's OK if no keystore password has been provided.
924 * We want to make sure that we can load the keystore data, i.e.,
925 * the keystore data has the right format. If we cannot load the
926 * keystore, why bother asking the user for his or her password?
927 * Only if we were able to load the keystore, and no keystore
928 * password has been provided, will we prompt the user for the
929 * keystore password to verify the keystore integrity.
930 * This means that the keystore is loaded twice: first load operation
931 * checks the keystore format, second load operation verifies the
932 * keystore integrity.
933 *
934 * If the keystore password has already been provided (at the
935 * command line), however, the keystore is loaded only once, and the
936 * keystore format and integrity are checked "at the same time".
937 *
938 * Null stream keystores are loaded later.
939 */
940 if (!nullStream) {
941 if (inplaceImport) {
942 keyStore.load(null, storePass);
943 } else {
944 keyStore.load(ksStream, storePass);
945 }
946 if (ksStream != null) {
947 ksStream.close();
948 }
949 }
950 }
951
952 if (P12KEYSTORE.equalsIgnoreCase(storetype) && command == KEYPASSWD) {
953 throw new UnsupportedOperationException(rb.getString
954 (".keypasswd.commands.not.supported.if.storetype.is.PKCS12"));
955 }
956
957 // All commands that create or modify the keystore require a keystore
958 // password.
959
960 if (nullStream && storePass != null) {
961 keyStore.load(null, storePass);
962 } else if (!nullStream && storePass != null) {
963 // If we are creating a new non nullStream-based keystore,
964 // insist that the password be at least 6 characters
965 if (ksStream == null && storePass.length < 6) {
966 throw new Exception(rb.getString
967 ("Keystore.password.must.be.at.least.6.characters"));
968 }
969 } else if (storePass == null) {
970
971 // only prompt if (protectedPath == false)
972
973 if (!protectedPath && !KeyStoreUtil.isWindowsKeyStore(storetype) &&
974 (command == CERTREQ ||
975 command == DELETE ||
976 command == GENKEYPAIR ||
2095
2096 InputStream is = null;
2097 File srcksfile = null;
2098
2099 if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
2100 KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
2101 if (!NONE.equals(srcksfname)) {
2102 System.err.println(MessageFormat.format(rb.getString
2103 (".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
2104 System.err.println();
2105 tinyHelp();
2106 }
2107 } else {
2108 srcksfile = new File(srcksfname);
2109 is = new FileInputStream(srcksfile);
2110 }
2111
2112 KeyStore store;
2113 try {
2114 // Probe for keystore type when filename is available
2115 if (srcksfile != null && is != null && srcProviderName == null) {
2116 store = KeyStore.getInstance(srcksfile, srcstorePass);
2117 srcstoretype = store.getType();
2118 } else {
2119 if (srcstoretype == null) {
2120 srcstoretype = KeyStore.getDefaultType();
2121 }
2122 if (srcProviderName == null) {
2123 store = KeyStore.getInstance(srcstoretype);
2124 } else {
2125 store = KeyStore.getInstance(srcstoretype, srcProviderName);
2126 }
2127 }
2128
2129 if (srcstorePass == null
2130 && !srcprotectedPath
2131 && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
2132 System.err.print(rb.getString("Enter.source.keystore.password."));
2133 System.err.flush();
2134 srcstorePass = Password.readPassword(System.in);
2135 passwords.add(srcstorePass);
2136 }
2137
2138 // always let keypass be storepass when using pkcs12
2139 if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
2140 if (srckeyPass != null && srcstorePass != null &&
2141 !Arrays.equals(srcstorePass, srckeyPass)) {
|