< prev index next >
src/java.base/share/classes/sun/security/tools/keytool/Main.java
Print this page
rev 48217 : 8192988: keytool should support -storepasswd for pkcs12 keystores
*** 1056,1070 ****
if (keyPass != null && !Arrays.equals(storePass, keyPass)) {
Object[] source = {"-keypass"};
System.err.println(form.format(source));
keyPass = storePass;
}
- if (newPass != null && !Arrays.equals(storePass, newPass)) {
- Object[] source = {"-new"};
- System.err.println(form.format(source));
- newPass = storePass;
- }
if (destKeyPass != null && !Arrays.equals(storePass, destKeyPass)) {
Object[] source = {"-destkeypass"};
System.err.println(form.format(source));
destKeyPass = storePass;
}
--- 1056,1065 ----
*** 1241,1254 ****
doPrintCert(out);
} else if (command == SELFCERT) {
doSelfCert(alias, dname, sigAlgName);
kssave = true;
} else if (command == STOREPASSWD) {
! storePassNew = newPass;
! if (storePassNew == null) {
! storePassNew = getNewPasswd("keystore password", storePass);
! }
kssave = true;
} else if (command == GENCERT) {
if (alias == null) {
alias = keyAlias;
}
--- 1236,1246 ----
doPrintCert(out);
} else if (command == SELFCERT) {
doSelfCert(alias, dname, sigAlgName);
kssave = true;
} else if (command == STOREPASSWD) {
! doChangeStorePasswd();
kssave = true;
} else if (command == GENCERT) {
if (alias == null) {
alias = keyAlias;
}
*** 2256,2267 ****
char[] newPass = null;
if (destKeyPass != null) {
newPass = destKeyPass;
pp = new PasswordProtection(destKeyPass);
} else if (objs.snd != null) {
! newPass = objs.snd;
! pp = new PasswordProtection(objs.snd);
}
try {
Certificate c = srckeystore.getCertificate(alias);
if (c != null) {
--- 2248,2260 ----
char[] newPass = null;
if (destKeyPass != null) {
newPass = destKeyPass;
pp = new PasswordProtection(destKeyPass);
} else if (objs.snd != null) {
! newPass = P12KEYSTORE.equalsIgnoreCase(storetype) ?
! storePass : objs.snd;
! pp = new PasswordProtection(newPass);
}
try {
Certificate c = srckeystore.getCertificate(alias);
if (c != null) {
*** 2760,2769 ****
--- 2753,2784 ----
} else {
printCertFromStream(System.in, out);
}
}
}
+
+ private void doChangeStorePasswd() throws Exception {
+ storePassNew = newPass;
+ if (storePassNew == null) {
+ storePassNew = getNewPasswd("keystore password", storePass);
+ }
+ if (P12KEYSTORE.equalsIgnoreCase(storetype)) {
+ // When storetype is PKCS12, we need to change all keypass as well
+ for (String alias : Collections.list(keyStore.aliases())) {
+ if (!keyStore.isCertificateEntry(alias)) {
+ // keyPass should be either null or same with storePass,
+ // but keep it in case one day we want to "normalize"
+ // a PKCS12 keystore having different passwords.
+ Pair<Entry, char[]> objs
+ = recoverEntry(keyStore, alias, storePass, keyPass);
+ keyStore.setEntry(alias, objs.fst,
+ new PasswordProtection(storePassNew));
+ }
+ }
+ }
+ }
+
/**
* Creates a self-signed certificate, and stores it as a single-element
* certificate chain.
*/
private void doSelfCert(String alias, String dname, String sigAlgName)
< prev index next >