changeset 13206:97b25277c28f

8141457: keytool default cert fingerprint algorithm should be SHA-256 Reviewed-by: mullan
author weijun
date Wed, 02 Dec 2015 16:44:54 +0800
parents 6fdadc5bd430
children d9e78d1acd3f
files src/java.base/share/classes/sun/security/tools/keytool/Main.java src/java.base/share/classes/sun/security/tools/keytool/Resources.java test/java/security/KeyStore/PKCS12/api_cert_chain.p12_expected.data test/java/security/KeyStore/PKCS12/api_private_key.p12_expected.data test/java/security/KeyStore/PKCS12/api_private_key_not_match.p12_expected.data test/java/security/KeyStore/PKCS12/api_two_pass.p12_expected.data
diffstat 6 files changed, 13 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Wed Dec 02 03:37:29 2015 +0000
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Wed Dec 02 16:44:54 2015 +0800
@@ -1857,8 +1857,8 @@
                 } else {
                     // Print the digest of the user cert only
                     out.println
-                        (rb.getString("Certificate.fingerprint.SHA1.") +
-                        getCertFingerPrint("SHA1", chain[0]));
+                        (rb.getString("Certificate.fingerprint.SHA.256.") +
+                        getCertFingerPrint("SHA-256", chain[0]));
                 }
             }
         } else if (keyStore.entryInstanceOf(alias,
@@ -1878,8 +1878,8 @@
                 out.println(cert.toString());
             } else {
                 out.println("trustedCertEntry, ");
-                out.println(rb.getString("Certificate.fingerprint.SHA1.")
-                            + getCertFingerPrint("SHA1", cert));
+                out.println(rb.getString("Certificate.fingerprint.SHA.256.")
+                            + getCertFingerPrint("SHA-256", cert));
             }
         } else {
             out.println(rb.getString("Unknown.Entry.Type"));
@@ -2907,23 +2907,6 @@
     private void printX509Cert(X509Certificate cert, PrintStream out)
         throws Exception
     {
-        /*
-        out.println("Owner: "
-                    + cert.getSubjectDN().toString()
-                    + "\n"
-                    + "Issuer: "
-                    + cert.getIssuerDN().toString()
-                    + "\n"
-                    + "Serial number: " + cert.getSerialNumber().toString(16)
-                    + "\n"
-                    + "Valid from: " + cert.getNotBefore().toString()
-                    + " until: " + cert.getNotAfter().toString()
-                    + "\n"
-                    + "Certificate fingerprints:\n"
-                    + "\t MD5:  " + getCertFingerPrint("MD5", cert)
-                    + "\n"
-                    + "\t SHA1: " + getCertFingerPrint("SHA1", cert));
-        */
 
         MessageFormat form = new MessageFormat
                 (rb.getString(".PATTERN.printX509Cert"));
@@ -2933,8 +2916,7 @@
                         cert.getSerialNumber().toString(16),
                         cert.getNotBefore().toString(),
                         cert.getNotAfter().toString(),
-                        getCertFingerPrint("MD5", cert),
-                        getCertFingerPrint("SHA1", cert),
+                        getCertFingerPrint("SHA-1", cert),
                         getCertFingerPrint("SHA-256", cert),
                         cert.getSigAlgName(),
                         pkey.getAlgorithm(),
--- a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java	Wed Dec 02 03:37:29 2015 +0000
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java	Wed Dec 02 16:44:54 2015 +0800
@@ -307,7 +307,7 @@
         {"Entry.type.type.", "Entry type: {0}"},
         {"Certificate.chain.length.", "Certificate chain length: "},
         {"Certificate.i.1.", "Certificate[{0,number,integer}]:"},
-        {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "},
+        {"Certificate.fingerprint.SHA.256.", "Certificate fingerprint (SHA-256): "},
         {"Keystore.type.", "Keystore type: "},
         {"Keystore.provider.", "Keystore provider: "},
         {"Your.keystore.contains.keyStore.size.entry",
@@ -347,7 +347,7 @@
         {".RETURN.if.same.as.for.otherAlias.",
                 "\t(RETURN if same as for <{0}>)"},
         {".PATTERN.printX509Cert",
-                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5:  {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9} ({10,number,#})\nVersion: {11}"},
+                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8} ({9,number,#})\nVersion: {10}"},
         {"What.is.your.first.and.last.name.",
                 "What is your first and last name?"},
         {"What.is.the.name.of.your.organizational.unit.",
--- a/test/java/security/KeyStore/PKCS12/api_cert_chain.p12_expected.data	Wed Dec 02 03:37:29 2015 +0000
+++ b/test/java/security/KeyStore/PKCS12/api_cert_chain.p12_expected.data	Wed Dec 02 16:44:54 2015 +0800
@@ -1,7 +1,7 @@
-MD5:  C6:17:CB:93:51:32:DA:C9:CF:0E:24:E3:16:FA:91:6A
 SHA1: 09:F1:08:B1:B3:28:22:23:22:F7:5F:6D:4A:8D:0E:0A:5E:6D:56:FB
-MD5:  C5:97:13:F6:24:E4:DF:9A:6B:4F:E8:73:90:78:24:95
+SHA256: AD:57:47:67:20:96:49:86:53:E4:10:EF:BD:4D:D2:B0:81:C0:B0:BB:62:AE:BE:47:80:DC:00:F8:E3:E7:66:B5
 SHA1: 2B:CE:0C:E1:35:B9:9D:FE:5A:6E:25:88:01:F7:E9:E5:7B:89:17:42
-MD5:  0F:8A:2A:DB:D4:A5:CD:A6:9C:EE:DA:47:A0:9D:10:2B
+SHA256: 65:F3:0A:64:F2:52:B2:4E:F8:76:C5:D0:6D:53:7C:E8:00:AE:F4:95:3C:CC:CB:01:6B:22:AF:46:36:50:CF:FF
 SHA1: 7D:48:4D:1C:F8:55:E8:79:6A:B0:19:E1:26:4F:AC:FD:57:6B:38:A0
+SHA256: 0A:14:3F:88:8D:C2:D6:97:3E:02:0F:5F:17:E3:D9:FE:CF:93:10:2C:3C:8D:81:AC:06:2F:32:39:4D:0E:CB:6A
 Alias name: servercert
--- a/test/java/security/KeyStore/PKCS12/api_private_key.p12_expected.data	Wed Dec 02 03:37:29 2015 +0000
+++ b/test/java/security/KeyStore/PKCS12/api_private_key.p12_expected.data	Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5:  67:10:B1:84:A4:0B:AF:1F:5B:1A:C7:EB:C6:2C:DB:CE
 SHA1: 48:22:E2:C2:47:9F:75:E3:52:56:9C:20:37:DF:03:7F:CD:9F:87:38
+SHA256: 9B:DF:B9:EC:DB:3E:EF:BD:61:8F:C3:62:BD:3E:95:FE:E5:B6:A3:F9:94:3D:8D:C1:AE:E9:44:86:25:FA:C1:1B
 Alias name: pkcs12testenduser1
--- a/test/java/security/KeyStore/PKCS12/api_private_key_not_match.p12_expected.data	Wed Dec 02 03:37:29 2015 +0000
+++ b/test/java/security/KeyStore/PKCS12/api_private_key_not_match.p12_expected.data	Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5:  C5:97:13:F6:24:E4:DF:9A:6B:4F:E8:73:90:78:24:95
 SHA1: 2B:CE:0C:E1:35:B9:9D:FE:5A:6E:25:88:01:F7:E9:E5:7B:89:17:42
+SHA256: 65:F3:0A:64:F2:52:B2:4E:F8:76:C5:D0:6D:53:7C:E8:00:AE:F4:95:3C:CC:CB:01:6B:22:AF:46:36:50:CF:FF
 Alias name: pkcs12testenduser1
--- a/test/java/security/KeyStore/PKCS12/api_two_pass.p12_expected.data	Wed Dec 02 03:37:29 2015 +0000
+++ b/test/java/security/KeyStore/PKCS12/api_two_pass.p12_expected.data	Wed Dec 02 16:44:54 2015 +0800
@@ -1,3 +1,3 @@
-MD5:  FE:A8:AA:47:D0:CB:A9:9D:9F:88:DC:4D:55:85:F4:95
 SHA1: 77:90:EC:65:C5:0C:FD:F2:1E:B0:3A:BD:43:21:1A:C6:FD:18:8C:AB
+SHA256: 8E:C8:49:82:B8:4B:89:8E:61:2D:CD:F6:D6:34:96:04:91:6F:1B:08:F5:CD:BD:23:ED:94:22:5A:B4:7A:39:DD
 Alias name: pkcs12testenduser1