< prev index next >
make/jdk/src/classes/build/tools/generatecacerts/GenerateCacerts.java
Print this page
rev 55964 : 8162628: Migrate cacerts keystore from JKS
@@ -23,126 +23,42 @@
* questions.
*/
package build.tools.generatecacerts;
-import java.io.DataOutputStream;
-import java.io.FileOutputStream;
+import java.io.File;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
+import java.io.PrintStream;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
-import java.security.DigestOutputStream;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
import java.util.List;
+import java.util.function.Predicate;
import java.util.stream.Collectors;
/**
* Generate cacerts
* args[0]: Full path string to the directory that contains CA certs
* args[1]: Full path string to the generated cacerts
*/
public class GenerateCacerts {
public static void main(String[] args) throws Exception {
- try (FileOutputStream fos = new FileOutputStream(args[1])) {
- store(args[0], fos, "changeit".toCharArray());
- }
- }
-
- // The following code are copied from JavaKeyStore.java.
-
- private static final int MAGIC = 0xfeedfeed;
- private static final int VERSION_2 = 0x02;
-
- // This method is a simplified version of JavaKeyStore::engineStore.
- // A new "dir" argument is added. All cert names in "dir" is collected into
- // a sorted array. Each cert is stored with a creation date set to its
- // notBefore value. Thus the output is determined as long as the certs
- // are the same.
- public static void store(String dir, OutputStream stream, char[] password)
- throws IOException, NoSuchAlgorithmException, CertificateException
- {
- byte[] encoded; // the certificate encoding
- CertificateFactory cf = CertificateFactory.getInstance("X509");
-
- MessageDigest md = getPreKeyedHash(password);
- DataOutputStream dos
- = new DataOutputStream(new DigestOutputStream(stream, md));
-
- dos.writeInt(MAGIC);
- // always write the latest version
- dos.writeInt(VERSION_2);
-
- // All file names in dir sorted.
- // README is excluded. Name starting with "." excluded.
- List<String> entries = Files.list(Path.of(dir))
+ try (PrintStream ps = new PrintStream(
+ new File(args[1]), StandardCharsets.UTF_8)) {
+ Files.list(Path.of(args[0]))
+ .filter(Predicate.not(Files::isDirectory))
.map(p -> p.getFileName().toString())
.filter(s -> !s.equals("README") && !s.startsWith("."))
- .collect(Collectors.toList());
-
- entries.sort(String::compareTo);
-
- dos.writeInt(entries.size());
-
- for (String entry : entries) {
-
- String alias = entry + " [jdk]";
- X509Certificate cert;
- try (InputStream fis = Files.newInputStream(Path.of(dir, entry))) {
- cert = (X509Certificate) cf.generateCertificate(fis);
+ .sorted()
+ .forEach(s -> {
+ try {
+ ps.println("@alias: " + s + " [jdk]");
+ Files.lines(Path.of(args[0], s))
+ .forEach(ps::println);
+ } catch (IOException e) {
+ throw new UncheckedIOException(e);
}
-
- dos.writeInt(2);
-
- // Write the alias
- dos.writeUTF(alias);
-
- // Write the (entry creation) date, which is notBefore of the cert
- dos.writeLong(cert.getNotBefore().getTime());
-
- // Write the trusted certificate
- encoded = cert.getEncoded();
- dos.writeUTF(cert.getType());
- dos.writeInt(encoded.length);
- dos.write(encoded);
- }
-
- /*
- * Write the keyed hash which is used to detect tampering with
- * the keystore (such as deleting or modifying key or
- * certificate entries).
- */
- byte[] digest = md.digest();
-
- dos.write(digest);
- dos.flush();
- }
-
- private static MessageDigest getPreKeyedHash(char[] password)
- throws NoSuchAlgorithmException, UnsupportedEncodingException
- {
-
- MessageDigest md = MessageDigest.getInstance("SHA");
- byte[] passwdBytes = convertToBytes(password);
- md.update(passwdBytes);
- Arrays.fill(passwdBytes, (byte) 0x00);
- md.update("Mighty Aphrodite".getBytes("UTF8"));
- return md;
- }
-
- private static byte[] convertToBytes(char[] password) {
- int i, j;
- byte[] passwdBytes = new byte[password.length * 2];
- for (i=0, j=0; i<password.length; i++) {
- passwdBytes[j++] = (byte)(password[i] >> 8);
- passwdBytes[j++] = (byte)password[i];
+ });
}
- return passwdBytes;
}
}
< prev index next >