RFR 8023197: Pre-configured command line options for keytool and jarsigner

Wang Weijun weijun.wang at oracle.com
Tue Jun 10 06:17:55 UTC 2014


On Jun 10, 2014, at 14:01, Xuelei Fan <xuelei.fan at oracle.com> wrote:

> On 6/10/2014 12:37 PM, Wang Weijun wrote:
>> 
>> On Jun 6, 2014, at 20:22, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>> 
>>> src/share/classes/sun/security/tools/KeyStoreUtil.java
>>> ======================================================
>>> 224   throw new IOException("Cannot have both " + c1 + " and " + c2);
>>> "Cannot have both pre-configured options ..."?
>> 
>> This means you cannot define both "keytool.genkeypair" and "keytool.genkey". -genkey is an obsolete command name but we still support it secretly.
>> 
> I mean you may want to mention that this exception occurs in
> "pre-configured options".

OK.

> 
>>> 
>>> 176         st.whitespaceChars(0x00, 0x20);
>>> 177         st.wordChars(0x21, 0xFF);
>>> I'm not sure of the code above, would you like have to test for
>>> none-ASCII characters?
>> 
>> I cannot find any spec on this, but the source has
>> 
>>  ctype = c < 256 ? ct[c] : CT_ALPHA;
>> 
>> which means every non-ASCII is a word char (no support for wide numerals).
>> 
>> StreamTokenizer only allows you to categorize the ASCII chars.
>> 
> I'm not sure too.  If "0x01 0x05" is a character, does the above code
> treat the "0x01" and "0x05" as white space?

Here the input of StreamTokenizer is char array. If you mean "0x01 0x05" as two chars, then they are both treated as white spaces. If you mean \u0105, it's a word char.

> 
> Here is a Unicode table:
>   http://www.tamasoft.co.jp/en/general-info/unicode.html
> 
>>> 
>>> 194  * @param c1 the name of the command, must not be null
>>> 195  * @param c2 the alternative command name, null if none.
>>> Mention that c1 and c2 need to come with leading '-'?
>> 
>> I'll add "with the "-" prefix".
>> 
>>> 
>>> src/share/classes/sun/security/tools/jarsigner/Main.java
>>> ========================================================
>>> 293    for (n=0; n < args.length; n++) {
>>> Break after the found of the target options?
>> 
>> I'm looking for both -conf and -verify (and their last appearances). It will be complex to maintain two flags.
>> 
> One int flag (0, 1, 2) should be enough, and simple.

The two flags are independent, yes, I can use 2 bits of an int

int found = 0;
for (int i=len-1; i>=0 && found < 3; i--) {
  if (found & 1 == 0) {
    if (is -conf) {
      conf = next arg;
      found |= 1;
    }
  }
  if (found & 2 == 0) {
    if (is -verify) {
      verify = true;
      found |= 2;
    }
  }
}

and iterating through the arg list is fast.

> 
>>> 
>>> 313    System.out.println("Command line args: " +
>>> Define a new resource?
>> 
>> I suppose it's not necessary to localize debug outputs. The -debug option is also not documented.
>> 
> OK, please add a comment line.

OK.

Thanks
Max

> 
>>> 
>>> src/share/classes/sun/security/tools/keytool/Main.java
>>> 404    for (i=0; i < args.length; i++) {
>>> Break after the found of the target options?  Or loop from the end of
>>> the array?
>> 
>> Same reason as above.
>> 
> See above.
> 
>>> 
>>> 429   System.out.println("Command line args: " +
>>> Define a new resource?
>> 
>> Same reason as above.
>> 
> See above.
> 
> Xuelei
> 
>> Thanks
>> Max
>> 
>>> 
>>> Otherwise, looks fine to me.
>>> 
>>> Thanks,
>>> Xuelei
>>> 
>>> On 6/6/2014 3:27 PM, Wang Weijun wrote:
>>>> Please review the code changes in
>>>> 
>>>> http://cr.openjdk.java.net/~weijun/8023197/webrev.02
>>>> 
>>>> This enhancement allows you to put frequently used keytool/jarsigner options into a property file and use -conf to load it. Like this:
>>>> 
>>>> # A Pre-configured options file
>>>> keytool.all = -storepass:env PASS -keypass:env PASS -keystore ${user.dir}/.p12 -storetype pkcs12
>>>> keytool.genkeypair = -keyalg rsa -keysize 2048 -sigalg SHA256withRSA -validity 365
>>>> 
>>>> Thanks
>>>> Max



More information about the security-dev mailing list