jdk Sdiff src/share/classes/sun/security/tools/keytool

src/share/classes/sun/security/tools/keytool/Main.java

@  rev 14334 : 8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
|  Reviewed-by: mullan
~
o  rev 14333 : 8172404: Tools should warn if weak algorithms are used before restricting them
|  Reviewed-by: mullan, weijun
|  Contributed-by: Hai-May Chao <hai-may.chao@oracle.com>
o  rev 14330 : 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
|  Reviewed-by: mullan, xuelei, weijun
o  rev 14329 : 8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
|  Reviewed-by: mullan
~

3074             count++;
3075         } while ((keyPass == null) && count < 3);
3076 
3077         if (keyPass == null) {
3078             throw new Exception(rb.getString("Too.many.failures.try.later"));
3079         }
3080 
3081         return keyPass;
3082     }
3083 
3084     private String withWeak(String alg) {
3085         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
3086             return alg;
3087         } else {
3088             return String.format(rb.getString("with.weak"), alg);
3089         }
3090     }
3091 
3092     private String withWeak(PublicKey key) {
3093         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {


3094             return String.format(rb.getString("key.bit"),
3095                     KeyUtil.getKeySize(key), key.getAlgorithm());




3096         } else {
3097             return String.format(rb.getString("key.bit.weak"),
3098                     KeyUtil.getKeySize(key), key.getAlgorithm());
3099         }
3100     }
3101 
3102     /**
3103      * Prints a certificate in a human readable format.
3104      */
3105     private void printX509Cert(X509Certificate cert, PrintStream out)
3106         throws Exception
3107     {
3108 
3109         MessageFormat form = new MessageFormat
3110                 (rb.getString(".PATTERN.printX509Cert.with.weak"));
3111         PublicKey pkey = cert.getPublicKey();
3112         String sigName = cert.getSigAlgName();
3113         // No need to warn about sigalg of a trust anchor
3114         if (!isTrustedCert(cert)) {
3115             sigName = withWeak(sigName);

3074             count++;
3075         } while ((keyPass == null) && count < 3);
3076 
3077         if (keyPass == null) {
3078             throw new Exception(rb.getString("Too.many.failures.try.later"));
3079         }
3080 
3081         return keyPass;
3082     }
3083 
3084     private String withWeak(String alg) {
3085         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
3086             return alg;
3087         } else {
3088             return String.format(rb.getString("with.weak"), alg);
3089         }
3090     }
3091 
3092     private String withWeak(PublicKey key) {
3093         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
3094             int kLen = KeyUtil.getKeySize(key);
3095             if (kLen >= 0) {
3096                 return String.format(rb.getString("key.bit"),
3097                         kLen, key.getAlgorithm());
3098             } else {
3099                 return String.format(
3100                         rb.getString("unknown.size.1"), key.getAlgorithm());
3101             }
3102         } else {
3103             return String.format(rb.getString("key.bit.weak"),
3104                     KeyUtil.getKeySize(key), key.getAlgorithm());
3105         }
3106     }
3107 
3108     /**
3109      * Prints a certificate in a human readable format.
3110      */
3111     private void printX509Cert(X509Certificate cert, PrintStream out)
3112         throws Exception
3113     {
3114 
3115         MessageFormat form = new MessageFormat
3116                 (rb.getString(".PATTERN.printX509Cert.with.weak"));
3117         PublicKey pkey = cert.getPublicKey();
3118         String sigName = cert.getSigAlgName();
3119         // No need to warn about sigalg of a trust anchor
3120         if (!isTrustedCert(cert)) {
3121             sigName = withWeak(sigName);

< prev index next >