< prev index next >
src/java.base/share/classes/sun/security/tools/keytool/Main.java
Print this page
rev 48217 : 8192988: keytool should support -storepasswd for pkcs12 keystores
@@ -1056,15 +1056,10 @@
if (keyPass != null && !Arrays.equals(storePass, keyPass)) {
Object[] source = {"-keypass"};
System.err.println(form.format(source));
keyPass = storePass;
}
- if (newPass != null && !Arrays.equals(storePass, newPass)) {
- Object[] source = {"-new"};
- System.err.println(form.format(source));
- newPass = storePass;
- }
if (destKeyPass != null && !Arrays.equals(storePass, destKeyPass)) {
Object[] source = {"-destkeypass"};
System.err.println(form.format(source));
destKeyPass = storePass;
}
@@ -1241,14 +1236,11 @@
doPrintCert(out);
} else if (command == SELFCERT) {
doSelfCert(alias, dname, sigAlgName);
kssave = true;
} else if (command == STOREPASSWD) {
- storePassNew = newPass;
- if (storePassNew == null) {
- storePassNew = getNewPasswd("keystore password", storePass);
- }
+ doChangeStorePasswd();
kssave = true;
} else if (command == GENCERT) {
if (alias == null) {
alias = keyAlias;
}
@@ -2256,12 +2248,13 @@
char[] newPass = null;
if (destKeyPass != null) {
newPass = destKeyPass;
pp = new PasswordProtection(destKeyPass);
} else if (objs.snd != null) {
- newPass = objs.snd;
- pp = new PasswordProtection(objs.snd);
+ newPass = P12KEYSTORE.equalsIgnoreCase(storetype) ?
+ storePass : objs.snd;
+ pp = new PasswordProtection(newPass);
}
try {
Certificate c = srckeystore.getCertificate(alias);
if (c != null) {
@@ -2760,10 +2753,32 @@
} else {
printCertFromStream(System.in, out);
}
}
}
+
+ private void doChangeStorePasswd() throws Exception {
+ storePassNew = newPass;
+ if (storePassNew == null) {
+ storePassNew = getNewPasswd("keystore password", storePass);
+ }
+ if (P12KEYSTORE.equalsIgnoreCase(storetype)) {
+ // When storetype is PKCS12, we need to change all keypass as well
+ for (String alias : Collections.list(keyStore.aliases())) {
+ if (!keyStore.isCertificateEntry(alias)) {
+ // keyPass should be either null or same with storePass,
+ // but keep it in case one day we want to "normalize"
+ // a PKCS12 keystore having different passwords.
+ Pair<Entry, char[]> objs
+ = recoverEntry(keyStore, alias, storePass, keyPass);
+ keyStore.setEntry(alias, objs.fst,
+ new PasswordProtection(storePassNew));
+ }
+ }
+ }
+ }
+
/**
* Creates a self-signed certificate, and stores it as a single-element
* certificate chain.
*/
private void doSelfCert(String alias, String dname, String sigAlgName)
< prev index next >