[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[commit-cp] classpath doctools.texinfo tools/gnu/classpath/...
From: |
Raif S. Naffah |
Subject: |
[commit-cp] classpath doctools.texinfo tools/gnu/classpath/... |
Date: |
Sun, 11 Jun 2006 10:40:53 +0000 |
CVSROOT: /cvsroot/classpath
Module name: classpath
Changes by: Raif S. Naffah <raif> 06/06/11 10:40:53
Modified files:
doc : tools.texinfo
tools/gnu/classpath/tools/keytool: Main.java
. : ChangeLog
resource/gnu/classpath/tools/keytool: messages.properties
Added files:
tools/gnu/classpath/tools/keytool: CACertCmd.java
Log message:
2006-06-11 Raif S. Naffah <address@hidden>
* doc/tools.texinfo: Added text for new -cacert command.
Re-structured sections.
* resource/gnu/classpath/tools/keytool/messages.properties:
Added messages
for -cacert command.
* tools/gnu/classpath/tools/keytool/Main.java (CACERT_CMD): New
constant.
(_CACERT): Likewise.
(shutdownThread): New field.
(Main): Install shutdown thread.
(main): Uninstall shutdown thread.
(start): Handle new -cacert command.
(getParser): Likewise.
(teardown): Increased visibility.
(ShutdownHook): New inner class.
* tools/gnu/classpath/tools/keytool/CACertCmd.java: New file.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/classpath/doc/tools.texinfo?cvsroot=classpath&r1=1.2&r2=1.3
http://cvs.savannah.gnu.org/viewcvs/classpath/tools/gnu/classpath/tools/keytool/Main.java?cvsroot=classpath&r1=1.2&r2=1.3
http://cvs.savannah.gnu.org/viewcvs/classpath/tools/gnu/classpath/tools/keytool/CACertCmd.java?cvsroot=classpath&rev=1.1
http://cvs.savannah.gnu.org/viewcvs/classpath/ChangeLog?cvsroot=classpath&r1=1.7767&r2=1.7768
http://cvs.savannah.gnu.org/viewcvs/classpath/resource/gnu/classpath/tools/keytool/messages.properties?cvsroot=classpath&r1=1.2&r2=1.3
Patches:
Index: doc/tools.texinfo
===================================================================
RCS file: /cvsroot/classpath/classpath/doc/tools.texinfo,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- doc/tools.texinfo 21 May 2006 01:49:04 -0000 1.2
+++ doc/tools.texinfo 11 Jun 2006 10:40:51 -0000 1.3
@@ -5,7 +5,7 @@
@settitle GNU Classpath Tools Guide
@c %**end of header
address@hidden off
address@hidden on
@ifinfo
This file documents the Tools included in a standard distribution of the GNU
@@ -37,6 +37,8 @@
@end titlepage
address@hidden
+
@ifinfo
@node Top, Security Tools, (dir), (dir)
@top GNU Classpath Tools Guide
@@ -62,6 +64,47 @@
* jarsigner Tool:: Sign and verify .JAR files
* keytool Tool:: Manage private keys and public certificates
+jarsigner Tool
+
+* Common jarsigner Options:: Options used when signing or verifying a file
+* Signing Options:: Options only used when signing a .JAR file
+* Verification Options:: Options only used when verifying a .JAR file
+
+keytool Tool
+
+* Getting Help:: How to get help with keytool commands
+* Common keytool Options:: Options used in more than one command
+* Distinguished Names:: X.500 Distinguished Names used in certificates
+* Add/Update Commands:: Commands for adding data to a Key Store
+* Export Commands:: Commands for exporting data from a Key Store
+* Display Commands:: Commands for displaying data in a Key Store
+* Management Commands:: Commands for managing a Key Store
+
+Add/Update Commands
+
+* Command -genkey:: Generate private key and self-signed certificate
+* Command -import:: Import certificates and certificate replies
+* Command -selfcert:: Generate self-signed certificate
+* Command -cacert:: Import a CA Trusted Certificate
+* Command -identitydb:: Import JDK-1 style identities
+
+Export Commands
+
+* Command -certreq:: Generate Certificate Signing Requests (CSR)
+* Command -export:: Export a certificate in a Key Store
+
+Display Commands
+
+* Command -list:: Display information about one or all Aliases
+* Command -printcert:: Print a certificate or a certificate fingerprint
+
+Management Commands
+
+* Command -keyclone:: Clone a Key Entry in a Key Store
+* Command -storepasswd:: Change the password protecting a Key Store
+* Command -keypasswd:: Change the password protecting a Key Entry
+* Command -delete:: Remove an entry in a Key Store
+
I18N Issues
* Language Resources:: Where resources are located
@@ -76,7 +119,7 @@
@comment node-name, next, previous, up
@chapter Security Tools
-Two Security Tools are available with GNU Classpath: @b{jarsugner} and
@b{keytool}.
+Two Security Tools are available with GNU Classpath: @b{jarsigner} and
@b{keytool}.
@menu
* jarsigner Tool:: Sign and verify .JAR files
@@ -91,22 +134,59 @@
@comment node-name, next, previous, up
@section The @code{jarsigner} Tool
address@hidden @b
+The @b{jarsigner} tool is invoked from the command line, in one of two forms,
as follows:
address@hidden SYNOPSIS
address@hidden [OPTION]... FILE address@hidden
address@hidden
address@hidden [OPTION]... FILE ALIAS}
@code{jarsigner -verify [OPTION]... FILE}
address@hidden example
address@hidden DESCRIPTION
-When the first form is used, the tool signs the designated JAR file.
-
-The second form, on the other hand, is used to verify a previously signed JAR
file.
+When the first form is used, the tool signs the designated JAR file. The
second form, on the other hand, is used to verify a previously signed JAR file.
@code{FILE} is the .JAR file to process; i.e. to sign if the first syntax form
is used, or to verify if the second syntax form is used instead.
address@hidden must be a known @i{Alias} of a @i{Key Entry} in the designated
key store. The private key material associated with this @i{Alias} is then used
for signing the designated .JAR file.
address@hidden must be a known @i{Alias} of a @i{Key Entry} in the designated
@i{Key Store}. The private key material associated with this @i{Alias} is then
used for signing the designated .JAR file.
+
address@hidden
+* Common jarsigner Options:: Options used when signing or verifying a file
+* Signing Options:: Options only used when signing a .JAR file
+* Verification Options:: Options only used when verifying a .JAR file
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Common jarsigner Options, Signing Options, jarsigner Tool,
jarsigner Tool
address@hidden node-name, next, previous, up
address@hidden Common options
+
+The following options may be used when the tool is used for either signing, or
verifying, a .JAR file.
+
address@hidden @b
address@hidden -verbose
+Use this option to force the tool to generate more verbose messages, during
its processing.
+
address@hidden -internalsf
+When present, the tool will include --which otherwise it does not-- the
@code{.SF} file in the @code{.DSA} generated file.
+
address@hidden -sectionsonly
+When present, the tool will include in the @code{.SF} generated file --which
otherwise it does not-- a header containing a hash of the whole manifest file.
When that header is included, the tool can quickly check, during verification,
if the hash (in the header) matches or not the manifest file.
+
address@hidden -provider PROVIDER_CLASS_NAME
+A fully qualified class name of a @i{Security Provider} to add to the current
list of @i{Security Providers} already installed in the JVM in-use. If a
provider class is specified with this option, and was successfully added to the
runtime --i.e. it was not already installed-- then the tool will attempt to
remove this @i{Security Provider} before exiting.
+
address@hidden -help
+Prints a help text similar to this one.
+
address@hidden table
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Signing Options, Verification Options, Common jarsigner Options,
jarsigner Tool
address@hidden node-name, next, previous, up
address@hidden Signing options
+
+The following options may be specified when using the tool for signing
purposes.
address@hidden SIGNING OPTIONS
@table @b
@item -keystore URL
Use this option to specify the location of the key store to use. The default
value is a file URL referencing the file named @file{.keystore} located in the
path returned by the call to @code{java.lang.System#getProperty(String)} using
@code{user.home} as argument.
@@ -129,12 +209,19 @@
If this option is missing, the first eight characters of the @code{ALIAS}
argument will be used. When this is the case, any character in @code{ALIAS}
that is outside the permissible range of characters will be replaced by an
underscore.
address@hidden -signedjar FILE_NAME
address@hidden -signedjar FILE
Use this option to specify the file name of the signed JAR. If this option is
omitted, then the signed JAR will be named the same as @code{FILE}; i.e. the
input JAR file will be replaced with the signed copy.
@end table
address@hidden VERIFICATION OPTIONS
address@hidden
----------------------------------------------------------------------
+
address@hidden Verification Options, , Signing Options, jarsigner Tool
address@hidden node-name, next, previous, up
address@hidden Verification options
+
+The following options may be specified when using the tool for verification
purposes.
+
@table @b
@item -verify
Use this option to indicate that the tool is to be used for verification
purposes.
@@ -144,44 +231,37 @@
@end table
address@hidden COMMON OPTIONS
address@hidden @b
address@hidden -verbose
-Use this option to force the tool to generate more verbose messages, during
its processing.
-
address@hidden -internalsf
-When present, the tool will include --which otherwise it does not-- the
@code{.SF} file in the @code{.DSA} generated file.
address@hidden
----------------------------------------------------------------------
address@hidden -sectionsonly
-When present, the tool will include in the @code{.SF} generated file --which
otherwise it does not-- a header containing a hash of the whole manifest file.
When that header is included, the tool can quickly check, during verification,
if the hash (in the header) matches or not the manifest file.
address@hidden keytool Tool, , jarsigner Tool, Security Tools
address@hidden node-name, next, previous, up
address@hidden The @code{keytool} Tool
address@hidden -provider PROVIDER_CLASS_NAME
-A fully qualified class name of a @i{Security Provider} to add to the current
list of @i{Security Providers} already installed in the JVM in-use. If a
provider class is specified with this option, and was successfully added to the
runtime --i.e. it was not already installed-- then the tool will attempt to
remove this @i{Security Provider} before exiting.
+Cryptographic credentials, in a Java environment, are usually stored in a
@i{Key Store}. The Java SDK specifies a @i{Key Store} as a persistent container
of two types of objects: @i{Key Entries} and @i{Trusted Certificates}. The
security tool @b{keytool} is a Java-based application for managing those types
of objects.
address@hidden -help
-Prints a help text similar to this one.
+A @i{Key Entry} represents the private key part of a key-pair used in
Public-Key Cryptography, and a signed X.509 certificate which authenticates the
public key part for a known entity; i.e. the owner of the key-pair. The X.509
certificate itself contains the public key part of the key-pair.
address@hidden table
address@hidden table
+A @i{Trusted Certificate} is a signed X.509 certificate issued by a trusted
entity. The @i{Trust} in this context is relative to the User of the
@b{keytool}. In other words, the existence of a @i{Trusted Certificate} in the
@i{Key Store} processed by a @b{keytool} command implies that the User trusts
the @i{Issuer} of that @i{Trusted Certificate} to also sign, and hence
authenticates, other @i{Subjects} the tool may process.
address@hidden
----------------------------------------------------------------------
address@hidden Certificates} are important because they allow the tool to
mechanically construct @i{Chains of Trust} starting from one of the @i{Trusted
Certificates} in a @i{Key Store} and ending with a certificate whose @i{Issuer}
is potentially unknown. A valid chain is an ordered list, starting with a
@i{Trusted Certificate} (also called the @i{anchor}), ending with the target
certificate, and satisfying the condition that the @i{Subject} of certificate
@code{#i} is the @i{Issuer} of certificate @code{#i + 1}.
address@hidden keytool Tool, , jarsigner Tool, Security Tools
address@hidden node-name, next, previous, up
address@hidden The @code{keytool} Tool
+The @b{keytool} is invoked from the command line as follows:
address@hidden @b
address@hidden SYNOPSIS
address@hidden
@code{keytool [COMMAND]...}
address@hidden example
address@hidden DESCRIPTION
-A Java-based tool for managing both @i{Key Entries} as well as @i{Trusted
Certificates}.
+Multiple @code{COMMAND}s may be specified at once, each complete with its own
options. @b{keytool} will parse all the arguments, before processing, and
executing, each @code{COMMAND}. If an exception occurs while executing one
@code{COMMAND} @b{keytool} will abort. Note however that because the
implementation of the tool uses code to parse command line options that also
supports GNU-style options, you have to separate each command group with a
double-hyphen; e.g
-Multiple @code{COMMAND}s may be specified at once, each complete with its own
options. @b{keytool} will parse all the arguments, before processing, and
executing, each @code{COMMAND}. If an exception occurs while executing one
@code{COMMAND} @b{keytool} will abort.
address@hidden
address@hidden -list -- -printcert -alias mykey}
address@hidden example
-A @code{COMMAND} can be one of the followings:
+Here is a summary of the commands supported by the tool:
address@hidden @b
address@hidden
address@hidden Add/Update commands
address@hidden @bullet
@item -genkey address@hidden
Generate a new @i{Key Entry}, eventually creating a new key store.
@@ -191,22 +271,34 @@
@item -selfcert address@hidden
Generate a new self-signed @i{Trusted Certificate}.
address@hidden -cacert address@hidden
+Import a CA @i{Trusted Certificate}.
+
@item -identitydb address@hidden
@b{NOT IMPLEMENTED address@hidden
Import a JDK 1.1 style Identity Database.
address@hidden itemize
address@hidden Export commands
address@hidden @bullet
@item -certreq address@hidden
Issue a @i{Certificate Signing Request} (CSR) which can be then sent to a
@i{Certification Authority} (CA) to issue a certificate signed (by the CA) and
authenticating the @i{Subject} of the request.
@item -export address@hidden
Export a certificate from a key store.
address@hidden itemize
address@hidden Display commands
address@hidden @bullet
@item -list address@hidden
Print one or all certificates in a key store to @code{STDOUT}.
@item -printcert address@hidden
Print a human-readable form of a certificate, in a designated file, to
@code{STDOUT}.
address@hidden itemize
address@hidden Management commands
address@hidden @bullet
@item -keyclone address@hidden
Clone a @i{Key Entry} in a key store.
@@ -218,13 +310,48 @@
@item -delete address@hidden
Delete a @i{Key Entry} or a @i{Trusted Certificate} from a key store.
address@hidden itemize
address@hidden -help
-Prints a help text similar to this one.
address@hidden enumerate
address@hidden table
address@hidden
+* Getting Help:: How to get help with keytool commands
+* Common keytool Options:: Options used in more than one command
+* Distinguished Names:: X.500 Distinguished Names used in certificates
+* Add/Update Commands:: Commands for adding data to a Key Store
+* Export Commands:: Commands for exporting data from a Key Store
+* Display Commands:: Commands for displaying data in a Key Store
+* Management Commands:: Commands for managing a Key Store
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Getting Help, Common keytool Options, keytool Tool, keytool Tool
address@hidden node-name, next, previous, up
address@hidden Getting help
+
+To get a general help text about the tool, use the @code{-help} option; e.g.
+
address@hidden
address@hidden -help}
address@hidden example
+
+To get more specific help text about one of the tool's command use the
@code{-help} option for that command; e.g.
+
address@hidden
address@hidden -genkey -help}
address@hidden example
+
+In both instances, the tool will print a help text and then will exit the
running JVM.
+
+It is worth noting here that the help messages printed by the tool are
I18N-ready. This means that if/when the contents of the tool's @i{Message
Bundle} properties file are available in languages other than English, you may
see those messages in that language.
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Common keytool Options, Distinguished Names, Getting Help,
keytool Tool
address@hidden node-name, next, previous, up
address@hidden Common options
address@hidden OPTIONS COMMON TO MORE THAN ONE COMMAND
The following @code{OPTION}s are used in more than one @code{COMMAND}. They
are described here to reduce redundancy.
@table @b
@@ -263,7 +390,7 @@
A fully qualified class name of a @i{Security Provider} to add to the current
list of @i{Security Providers} already installed in the JVM in-use. If a
provider class is specified with this option, and was successfully added to the
runtime --i.e. it was not already installed-- then the tool will attempt to
removed this @i{Security Provider} before exiting.
@anchor{file}
address@hidden -file FILE_NAME
address@hidden -file FILE
Use this option to designate a file to use with a command. When specified with
this option, the value is expected to be the fully qualified path of a file
accessible by the File System. Depending on the command, the file may be used
as input or as output. When this option is omitted from the command line,
@code{STDIN} will be used instead, as the source of input, and @code{STDOUT}
will be used instead as the output destination.
@anchor{verbose}
@@ -272,8 +399,13 @@
@end table
address@hidden
----------------------------------------------------------------------
+
address@hidden Distinguished Names, Add/Update Commands, Common keytool
Options, keytool Tool
address@hidden node-name, next, previous, up
address@hidden X.500 Distinguished Names
+
@anchor{dn}
address@hidden X.500 DISTINGUISHED NAME
A @i{Distinguished Name} (or DN) MUST be supplied with some of the
@code{COMMAND}s using a @code{-dname} option. The syntax of a valid value for
this option MUST follow RFC-2253 specifications. Namely the following
components (with their accepted meaning) will be recognized. Note that the
component name is case-insensitive:
@ftable @var
@@ -299,8 +431,27 @@
@*
If the @i{Distinguished Name} is required, and no valid default value can be
used, the tool will prompt you to enter the information through the console.
address@hidden -genkey COMMAND
-Generate a new key-pair (both private and public keys), and save these
credentials in the key store as a @i{Key Entry}, associated with the designated
(if was specified in the @code{-alias} option) or default (if the @code{-alias}
option is omitted) @i{Alias}.
address@hidden
----------------------------------------------------------------------
+
address@hidden Add/Update Commands, Export Commands, Distinguished Names,
keytool Tool
address@hidden node-name, next, previous, up
address@hidden Add/Update commands
+
address@hidden
+* Command -genkey:: Generate private key and self-signed certificate
+* Command -import:: Import certificates and certificate replies
+* Command -selfcert:: Generate self-signed certificate
+* Command -cacert:: Import a CA Trusted Certificate
+* Command -identitydb:: Import JDK-1 style identities
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -genkey, Command -import, Add/Update Commands,
Add/Update Commands
address@hidden node-name, next, previous, up
address@hidden @code{-genkey} command
+
+Use this command to generate a new key-pair (both private and public keys),
and save these credentials in the key store as a @i{Key Entry}, associated with
the designated (if was specified with the @code{-alias} option) or default (if
the @code{-alias} option is omitted) @i{Alias}.
The private key material will be protected with a user-defined password (see
@code{-keypass} option). The public key on the other hand will be part of a
self-signed X.509 certificate, which will form a 1-element chain and will be
saved in the key store.
@@ -347,8 +498,13 @@
@end table
address@hidden -import COMMAND
-Read an X.509 certificate, or a PKCS#7 @i{Certificate Reply} from a designated
input source and incorporate the certificates into the key store.
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -import, Command -selfcert, Command -genkey, Add/Update
Commands
address@hidden node-name, next, previous, up
address@hidden @code{-import} command
+
+Use this command to read an X.509 certificate, or a PKCS#7 @i{Certificate
Reply} from a designated input source and incorporate the certificates into the
key store.
If the @i{Alias} does not already exist in the key store, the tool treats the
certificate read from the input source as a new @i{Trusted Certificate}. It
then attempts to discover a chain-of-trust, starting from that certificate and
ending at another @i{Trusted Certificate}, already stored in the key store. If
the @code{-trustcacerts} option is present, an additional key store, of type
@code{JKS} named @file{cacerts}, and assumed to be present in
@address@hidden@}/lib/security} will also be consulted if found
address@hidden@address@hidden refers to the location of an installed @i{Java
Runtime Environment} (JRE). If no chain-of-trust can be established, and unless
the @code{-noprompt} option has been specified, the certificate is printed to
@code{STDOUT} and the user is prompted for a confirmation.
@@ -358,8 +514,8 @@
@item -alias ALIAS
For more details @pxref{alias,, ALIAS}.
address@hidden -file FILE_NAME
-For more details @pxref{file,, FILE_NAME}.
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
@item -keypass PASSWORD
Use this option to specify the password which the tool will use to protect the
@i{Key Entry} associated with the designated @i{Alias}, when replacing this
@i{Alias}' chain of certificates with that found in the certificate reply.
@@ -389,8 +545,13 @@
@end table
address@hidden -selfcert COMMAND
-Generate a self-signed X.509 version 1 certificate. The newly generated
certificate will form a chain of one element which will replace the previous
chain associated with the designated @i{Alias} (if @code{-alias} option was
specified), or the default @i{Alias} (if @code{-alias} option was omitted).
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -selfcert, Command -cacert, Command -import, Add/Update
Commands
address@hidden node-name, next, previous, up
address@hidden @code{-selfcert} command
+
+Use this command to generate a self-signed X.509 version 1 certificate. The
newly generated certificate will form a chain of one element which will replace
the previous chain associated with the designated @i{Alias} (if @code{-alias}
option was specified), or the default @i{Alias} (if @code{-alias} option was
omitted).
@table @b
@item -alias ALIAS
@@ -429,14 +590,50 @@
@end table
address@hidden -identitydb COMMAND
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -cacert, Command -identitydb, Command -selfcert,
Add/Update Commands
address@hidden node-name, next, previous, up
address@hidden @code{-cacert} command
+
+Use this command to import, a CA certificate and add it to the key store as a
@i{Trusted Certificate}. The @i{Alias} for this new entry will be constructed
from the FILE's base-name after replacing hyphens and dots with underscores.
+
+This command is useful when used in a script that recursively visits a
directory of CA certificates to populate a @code{cacerts.gkr} @i{Key Store} of
trusted certificates which can then be used commands that specify the
@code{-trustcacerts} option.
+
address@hidden @b
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
+
address@hidden -storetype STORE_TYPE
+For more details @pxref{storetype,, STORE_TYPE}.
+
address@hidden -keystore URL
+For more details @pxref{keystore,, URL}.
+
address@hidden -storepass PASSWORD
+For more details @pxref{storepass,, PASSWORD}.
+
address@hidden -provider PROVIDER_CLASS_NAME
+For more details @pxref{provider,, PROVIDER_CLASS_NAME}.
+
address@hidden -v
+For more details @pxref{verbose}.
+
address@hidden table
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -identitydb, , Command -cacert, Add/Update Commands
address@hidden node-name, next, previous, up
address@hidden @code{-identitydb} command
+
@b{NOT IMPLEMENTED YET}.
-Import a JDK 1.1 style Identity Database.
+Use this command to import a JDK 1.1 style Identity Database.
@table @b
address@hidden -file FILE_NAME
-For more details @pxref{file,, FILE_NAME}.
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
@item -storetype STORE_TYPE
For more details @pxref{storetype,, STORE_TYPE}.
@@ -455,8 +652,24 @@
@end table
address@hidden -certreq COMMAND
-Generate a PKCS#10 @i{Certificate Signing Request} (CSR) and writes it to a
designated output destination. The contents of the destination should look
something like the following:
address@hidden
----------------------------------------------------------------------
+
address@hidden Export Commands, Display Commands, Add/Update Commands, keytool
Tool
address@hidden node-name, next, previous, up
address@hidden Export commands
+
address@hidden
+* Command -certreq:: Generate Certificate Signing Requests (CSR)
+* Command -export:: Export a certificate in a Key Store
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -certreq, Command -export, Export Commands, Export
Commands
address@hidden node-name, next, previous, up
address@hidden @code{-certreq} command
+
+Use this command to generate a PKCS#10 @i{Certificate Signing Request} (CSR)
and write it to a designated output destination. The contents of the
destination should look something like the following:
@example
-----BEGIN NEW CERTIFICATE REQUEST-----
@@ -476,8 +689,8 @@
@item -sigalg ALGORITHM
The canonical name of the digital signature algorithm to use for signing the
certificate. If this option is omitted, a default value will be chosen based on
the type of the private key associated with the designated @i{Alias}. If the
private key is a @code{DSA} one, the value for the signature algorithm will be
@code{SHA1withDSA}. If on the other hand the private key is an @code{RSA} one,
then the tool will use @code{MD5withRSA} as the signature algorithm.
address@hidden -file FILE_NAME
-For more details @pxref{file,, FILE_NAME}.
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
@item -keypass PASSWORD
Use this option to specify the password which the tool will use to unlock the
@i{Key Entry} associated with the designated @i{Alias}.
@@ -504,16 +717,20 @@
@end table
address@hidden -export COMMAND
-Export a certificate stored in the key store to a designated output
destination, either in binary format (if the @code{-v} option is specified), or
in RFC-1421 compliant encoding (if the @code{-rfc} option is specified
-instead).
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -export, , Command -certreq, Export Commands
address@hidden node-name, next, previous, up
address@hidden @code{-export} command
+
+Use this command to export a certificate stored in a key store to a designated
output destination, either in binary format (if the @code{-v} option is
specified), or in RFC-1421 compliant encoding (if the @code{-rfc} option is
specified instead).
@table @b
@item -alias ALIAS
For more details @pxref{alias,, ALIAS}.
address@hidden -file FILE_NAME
-For more details @pxref{file,, FILE_NAME}.
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
@item -storetype STORE_TYPE
For more details @pxref{storetype,, STORE_TYPE}.
@@ -535,8 +752,24 @@
@end table
address@hidden -list COMMAND
-Print one or all of the key store entries to @code{STDOUT}. Usually this
command will only print a @i{fingerprint} of the certificate, unless either the
@code{-rfc} or the @code{-v} option is specified.
address@hidden
----------------------------------------------------------------------
+
address@hidden Display Commands, Management Commands, Export Commands, keytool
Tool
address@hidden node-name, next, previous, up
address@hidden Display commands
+
address@hidden
+* Command -list:: Display information about one or all Aliases
+* Command -printcert:: Print a certificate or a certificate fingerprint
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -list, Command -printcert, Display Commands, Display
Commands
address@hidden node-name, next, previous, up
address@hidden @code{-list} command
+
+Use this command to print one or all of a key store entries to @code{STDOUT}.
Usually this command will only print a @i{fingerprint} of the certificate,
unless either the @code{-rfc} or the @code{-v} option is specified.
@table @b
@item -alias ALIAS
@@ -564,20 +797,43 @@
@end table
address@hidden -printcert COMMAND
-Read a certificate from a designated input source and print it to
@code{STDOUT} in a human-readable form.
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -printcert, , Command -list, Display Commands
address@hidden node-name, next, previous, up
address@hidden @code{-printcert} command
+
+Use this command to read a certificate from a designated input source and
print it to @code{STDOUT} in a human-readable form.
@table @b
address@hidden -file FILE_NAME
-For more details @pxref{file,, FILE_NAME}.
address@hidden -file FILE
+For more details @pxref{file,, FILE}.
@item -v
For more details @pxref{verbose}.
@end table
address@hidden -keyclone COMMAND
-Clone an existing @i{Key Entry} and store it under a new (different) @i{Alias}
protecting, its private key material with possibly a new password.
address@hidden
----------------------------------------------------------------------
+
address@hidden Management Commands, , Display Commands, keytool Tool
address@hidden node-name, next, previous, up
address@hidden Management commands
+
address@hidden
+* Command -keyclone:: Clone a Key Entry in a Key Store
+* Command -storepasswd:: Change the password protecting a Key Store
+* Command -keypasswd:: Change the password protecting a Key Entry
+* Command -delete:: Remove an entry in a Key Store
address@hidden menu
+
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -keyclone, Command -storepasswd, Management Commands,
Management Commands
address@hidden node-name, next, previous, up
address@hidden @code{-keyclone} command
+
+Use this command to clone an existing @i{Key Entry} and store it under a new
(different) @i{Alias} protecting, its private key material with possibly a new
password.
@table @b
@item -alias ALIAS
@@ -611,8 +867,13 @@
@end table
address@hidden -storepasswd COMMAND
-Change the password protecting a key store.
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -storepasswd, Command -keypasswd, Command -keyclone,
Management Commands
address@hidden node-name, next, previous, up
address@hidden @code{-storepasswd} command
+
+Use this command to change the password protecting a key store.
@table @b
@item -new PASSWORD
@@ -635,14 +896,18 @@
@end table
address@hidden -keypasswd COMMAND
-Change the password protecting the private key material of a designated @i{Key
Entry}.
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -keypasswd, Command -delete, Command -storepasswd,
Management Commands
address@hidden node-name, next, previous, up
address@hidden @code{-keypasswd} command
+
+Use this command to change the password protecting the private key material of
a designated @i{Key Entry}.
@table @b
@item -alias ALIAS
For more details @pxref{alias,, ALIAS}.
address@hidden -keypass PASSWORD
Use this option to specify the password which the tool will use to unlock the
@i{Key Entry} associated with the designated @i{Alias}.
If this option is omitted, the tool will first attempt to unlock the @i{Key
Entry} using the same password protecting the key store. If this fails, you
will then be prompted to provide a password.
@@ -667,8 +932,13 @@
@end table
address@hidden -delete COMMAND
-Delete a designated key store entry.
address@hidden
----------------------------------------------------------------------
+
address@hidden Command -delete, , Command -keypasswd, Management Commands
address@hidden node-name, next, previous, up
address@hidden @code{-delete} command
+
+Use this command to delete a designated key store entry.
@table @b
@item -alias ALIAS
@@ -690,7 +960,6 @@
For more details @pxref{verbose}.
@end table
address@hidden table
@comment ----------------------------------------------------------------------
@@ -709,7 +978,7 @@
@node Language Resources, Message Formats, I18N Issues, I18N Issues
@comment node-name, next, previous, up
address@hidden Language-Specific Resources
address@hidden Language-specific resources
The Tools use Java @code{ResourceBundle}s to store messages, and message
templates they use at runtime to generate the message text itself, depending on
the locale in use at the time.
@@ -761,7 +1030,7 @@
@node Message Formats, , Language Resources, I18N Issues
@comment node-name, next, previous, up
address@hidden Message Formats
address@hidden Message formats
If you open any of the @file{messages.properties} described in the previous
section, you may see properties that look like so:
Index: tools/gnu/classpath/tools/keytool/Main.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/keytool/Main.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- tools/gnu/classpath/tools/keytool/Main.java 14 May 2006 08:20:18 -0000
1.2
+++ tools/gnu/classpath/tools/keytool/Main.java 11 Jun 2006 10:40:51 -0000
1.3
@@ -74,6 +74,7 @@
static final String STOREPASSWD_CMD = "storepasswd"; //$NON-NLS-1$
static final String KEYPASSWD_CMD = "keypasswd"; //$NON-NLS-1$
static final String DELETE_CMD = "delete"; //$NON-NLS-1$
+ static final String CACERT_CMD = "cacert"; //$NON-NLS-1$
static final String _GENKEY = "-" + GENKEY_CMD; //$NON-NLS-1$
static final String _IMPORT = "-" + IMPORT_CMD; //$NON-NLS-1$
@@ -88,6 +89,7 @@
static final String _KEYPASSWD = "-" + KEYPASSWD_CMD; //$NON-NLS-1$
static final String _DELETE = "-" + DELETE_CMD; //$NON-NLS-1$
static final String _HELP = "-help"; //$NON-NLS-1$
+ static final String _CACERT = "-" + CACERT_CMD; //$NON-NLS-1$
static final String ALIAS_OPT = "alias"; //$NON-NLS-1$
static final String SIGALG_OPT = "sigalg"; //$NON-NLS-1$
@@ -119,10 +121,14 @@
private int gnuCallbacksNdx = -2;
/** The command line parser. */
private Parser cmdLineParser;
+ /** The shutdown hook. */
+ private ShutdownHook shutdownThread;
private Main()
{
super();
+ shutdownThread = new ShutdownHook();
+ Runtime.getRuntime().addShutdownHook(shutdownThread);
}
public static final void main(String[] args)
@@ -157,6 +163,8 @@
finally
{
tool.teardown();
+ if (tool.shutdownThread != null)
+ Runtime.getRuntime().removeShutdownHook(tool.shutdownThread);
}
log.exiting(Main.class.getName(), "main", Integer.valueOf(result));
//$NON-NLS-1$
@@ -213,6 +221,8 @@
cmd = new KeyPasswdCmd();
else if (_DELETE.equals(opt))
cmd = new DeleteCmd();
+ else if (_CACERT.equals(opt))
+ cmd = new CACertCmd();
else if (_HELP.equals(opt))
throw new OptionException(""); //$NON-NLS-1$
else
@@ -260,13 +270,15 @@
Messages.getString("Main.32")));
//$NON-NLS-1$
cmdGroup.add(new NoParseOption(DELETE_CMD,
Messages.getString("Main.33")));
//$NON-NLS-1$
+ cmdGroup.add(new NoParseOption(CACERT_CMD,
+ Messages.getString("Main.5")));
//$NON-NLS-1$
result.add(cmdGroup);
log.exiting(this.getClass().getName(), "getParser", result); //$NON-NLS-1$
return result;
}
- private void teardown()
+ void teardown()
{
log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$
@@ -309,4 +321,13 @@
// do nothing
}
}
+
+ private class ShutdownHook
+ extends Thread
+ {
+ public void run()
+ {
+ teardown();
+ }
+ }
}
Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.7767
retrieving revision 1.7768
diff -u -b -r1.7767 -r1.7768
--- ChangeLog 11 Jun 2006 08:29:56 -0000 1.7767
+++ ChangeLog 11 Jun 2006 10:40:52 -0000 1.7768
@@ -1,3 +1,20 @@
+2006-06-11 Raif S. Naffah <address@hidden>
+
+ * doc/tools.texinfo: Added text for new -cacert command.
+ Re-structured sections.
+ * resource/gnu/classpath/tools/keytool/messages.properties: Added
messages
+ for -cacert command.
+ * tools/gnu/classpath/tools/keytool/Main.java (CACERT_CMD): New
constant.
+ (_CACERT): Likewise.
+ (shutdownThread): New field.
+ (Main): Install shutdown thread.
+ (main): Uninstall shutdown thread.
+ (start): Handle new -cacert command.
+ (getParser): Likewise.
+ (teardown): Increased visibility.
+ (ShutdownHook): New inner class.
+ * tools/gnu/classpath/tools/keytool/CACertCmd.java: New file.
+
2006-06-11 Sven de Marothy <address@hidden>
* gnu/java/awt/peer/gtk/FreetypeGlyphVector.java
Index: resource/gnu/classpath/tools/keytool/messages.properties
===================================================================
RCS file:
/cvsroot/classpath/classpath/resource/gnu/classpath/tools/keytool/messages.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- resource/gnu/classpath/tools/keytool/messages.properties 28 May 2006
10:35:48 -0000 1.2
+++ resource/gnu/classpath/tools/keytool/messages.properties 11 Jun 2006
10:40:52 -0000 1.3
@@ -40,6 +40,9 @@
Main.6=keytool: {0}
Main.8=keytool error: {0}
+Main.5=Import a CA's Trusted Certificate.\n\
+[-file FILE] [-storetype STORE_TYPE] [-keystore URL]\n\
+[-storepass PASSWORD] [-provider PROVIDER_CLASS_NAME] [-v].
Main.18=Unrecognized command: {0}
Main.19=Usage: keytool [COMMAND] [-- COMMAND]...\n\
Manage private keys and public certificates.
@@ -540,3 +543,28 @@
JVM in-use.
SelfCertCmd.34=PROVIDER_CLASS_NAME
SelfCertCmd.35=Emit more verbose messages.
+
+CACertCmd.0=Alias [{0}] is already present in key store
+CACertCmd.1=Certificate in file "{0}" was added to the key store under the
alias "{1}"
+CACertCmd.2=Usage: keytool -cacert [OPTION]...\n\
+Import a trusted CA certificate.
+CACertCmd.3=Please report bugs at
http://www.gnu.org/software/classpath/bugs.html
+CACertCmd.4=Command options
+CACertCmd.5=Location of the trusted CA certificate to import.
+CACertCmd.6=FILE
+CACertCmd.7=Type of the key store to use. If omitted, the default value is \
+that of the property "keystore.type" in the security properties file.
+CACertCmd.8=STORE_TYPE
+CACertCmd.9=Location of the key store to use. The default value is a \
+file-based scheme whose path is the file named ".keystore" in your home \
+directory.\n\
+If URL is malformed, the tool will use URL as a file-name of a key store; \
+i.e. as if the protocol was "file:".
+CACertCmd.10=URL
+CACertCmd.11=Password to unlock the key store. If omitted, you will be \
+prompted for one.
+CACertCmd.12=PASSWORD
+CACertCmd.13=Fully qualified class name of a Security Provider to add to the \
+JVM in-use.
+CACertCmd.14=PROVIDER_CLASS_NAME
+CACertCmd.15=Emit more verbose messages.
Index: tools/gnu/classpath/tools/keytool/CACertCmd.java
===================================================================
RCS file: tools/gnu/classpath/tools/keytool/CACertCmd.java
diff -N tools/gnu/classpath/tools/keytool/CACertCmd.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ tools/gnu/classpath/tools/keytool/CACertCmd.java 11 Jun 2006 10:40:51
-0000 1.1
@@ -0,0 +1,302 @@
+/* CACertCmd.java -- GNU specific cacert handler
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.classpath.tools.keytool;
+
+import gnu.classpath.tools.getopt.ClasspathToolParser;
+import gnu.classpath.tools.getopt.Option;
+import gnu.classpath.tools.getopt.OptionException;
+import gnu.classpath.tools.getopt.OptionGroup;
+import gnu.classpath.tools.getopt.Parser;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.logging.Logger;
+
+/**
+ * The <code>-cacert</code> keytol command handler is used to import a CA
+ * trusted X.509 certificate into a key store.
+ * <p>
+ * Possible options for this command are:
+ * <p>
+ * <dl>
+ * <dt>-file FILE_NAME</dt>
+ * <dd>The fully qualified path of the file containing the trusted CA
+ * certificate to import. If omitted, the tool will process STDIN.
+ * <p></dd>
+ *
+ * <dt>-storetype STORE_TYPE</dt>
+ * <dd>Use this option to specify the type of the key store to use. The
+ * default value, if this option is omitted, is that of the property
+ * <code>keystore.type</code> in the security properties file, which is
+ * obtained by invoking the address@hidden
java.security.KeyStore#getDefaultType()}
+ * static method.
+ * <p></dd>
+ *
+ * <dt>-keystore URL</dt>
+ * <dd>Use this option to specify the location of the key store to use.
+ * The default value is a file address@hidden java.net.URL} referencing
the file
+ * named <code>.keystore</code> located in the path returned by the call
to
+ * address@hidden java.lang.System#getProperty(String)} using
<code>user.home</code>
+ * as argument.
+ * <p>
+ * If a URL was specified, but was found to be malformed --e.g. missing
+ * protocol element-- the tool will attempt to use the URL value as a
file-
+ * name (with absolute or relative path-name) of a key store --as if the
+ * protocol was <code>file:</code>.
+ * <p></dd>
+ *
+ * <dt>-storepass PASSWORD</dt>
+ * <dd>Use this option to specify the password protecting the key store.
If
+ * this option is omitted from the command line, you will be prompted to
+ * provide a password.
+ * <p></dd>
+ *
+ * <dt>-provider PROVIDER_CLASS_NAME</dt>
+ * <dd>A fully qualified class name of a Security Provider to add to the
+ * current list of Security Providers already installed in the JVM in-use.
+ * If a provider class is specified with this option, and was successfully
+ * added to the runtime --i.e. it was not already installed-- then the
tool
+ * will attempt to removed this Security Provider before exiting.
+ * <p></dd>
+ *
+ * <dt>-v</dt>
+ * <dd>Use this option to enable more verbose output.</dd>
+ * </dl>
+ */
+public class CACertCmd
+ extends Command
+{
+ private static final Logger log =
Logger.getLogger(CACertCmd.class.getName());
+ /** Pathname of the file containing the CA certificate to import. */
+ protected String _certFileName;
+ /** Type of the key store to use. */
+ protected String _ksType;
+ /** The URL to the keystore where the trusted certificates will be added. */
+ protected String _ksURL;
+ /** The password protecting the keystore. */
+ protected String _ksPassword;
+ /** Class name of a security provider to use. */
+ protected String _providerClassName;
+ /** Reference to the X.509 factory. */
+ private CertificateFactory x509Factory;
+
+ // default 0-arguments constructor
+
+ // public setters -----------------------------------------------------------
+
+ /** @param pathName the fully qualified path name of the file to process. */
+ public void setFile(String pathName)
+ {
+ this._certFileName = pathName;
+ }
+
+ /** @param type the key-store type to use. */
+ public void setStoretype(String type)
+ {
+ this._ksType = type;
+ }
+
+ /** @param url the key-store URL to use. */
+ public void setKeystore(String url)
+ {
+ this._ksURL = url;
+ }
+
+ /** @param password the key-store password to use. */
+ public void setStorepass(String password)
+ {
+ this._ksPassword = password;
+ }
+
+ /** @param className a security provider fully qualified class name to use.
*/
+ public void setProvider(String className)
+ {
+ this._providerClassName = className;
+ }
+
+ // life-cycle methods -------------------------------------------------------
+
+ /* (non-Javadoc)
+ * @see gnu.classpath.tools.keytool.Command#setup()
+ */
+ void setup() throws Exception
+ {
+ setInputStreamParam(_certFileName);
+ setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL);
+ log.finer("-cacert handler will use the following options:"); //$NON-NLS-1$
+ log.finer(" -file=" + _certFileName); //$NON-NLS-1$
+ log.finer(" -storetype=" + storeType); //$NON-NLS-1$
+ log.finer(" -keystore=" + storeURL); //$NON-NLS-1$
+ log.finer(" -provider=" + provider); //$NON-NLS-1$
+ log.finer(" -v=" + verbose); //$NON-NLS-1$
+ }
+
+ void start() throws CertificateException, KeyStoreException,
+ NoSuchAlgorithmException, IOException
+ {
+ log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$
+ alias = getAliasFromFileName(_certFileName);
+ if (store.containsAlias(alias))
+ throw new
IllegalArgumentException(Messages.getFormattedString("CACertCmd.0",
//$NON-NLS-1$
+ alias));
+ x509Factory = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$
+ Certificate certificate = x509Factory.generateCertificate(inStream);
+ log.finest("certificate = " + certificate); //$NON-NLS-1$
+ store.setCertificateEntry(alias, certificate);
+ saveKeyStore();
+ if (verbose)
+ System.out.println(Messages.getFormattedString("CACertCmd.1",
//$NON-NLS-1$
+ new Object[] {
_certFileName,
+ alias }));
+ log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$
+ }
+
+ // own methods --------------------------------------------------------------
+
+ /* (non-Javadoc)
+ * @see gnu.classpath.tools.keytool.Command#getParser()
+ */
+ Parser getParser()
+ {
+ log.entering(this.getClass().getName(), "getParser"); //$NON-NLS-1$
+ Parser result = new ClasspathToolParser(Main.CACERT_CMD, true);
+ result.setHeader(Messages.getString("CACertCmd.2")); //$NON-NLS-1$
+ result.setFooter(Messages.getString("CACertCmd.3")); //$NON-NLS-1$
+ OptionGroup options = new OptionGroup(Messages.getString("CACertCmd.4"));
//$NON-NLS-1$
+ options.add(new Option(Main.FILE_OPT,
+ Messages.getString("CACertCmd.5"), //$NON-NLS-1$
+ Messages.getString("CACertCmd.6")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ _certFileName = argument;
+ }
+ });
+ options.add(new Option(Main.STORETYPE_OPT,
+ Messages.getString("CACertCmd.7"), //$NON-NLS-1$
+ Messages.getString("CACertCmd.8")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ _ksType = argument;
+ }
+ });
+ options.add(new Option(Main.KEYSTORE_OPT,
+ Messages.getString("CACertCmd.9"), //$NON-NLS-1$
+ Messages.getString("CACertCmd.10")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ _ksURL = argument;
+ }
+ });
+ options.add(new Option(Main.STOREPASS_OPT,
+ Messages.getString("CACertCmd.11"), //$NON-NLS-1$
+ Messages.getString("CACertCmd.12")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ _ksPassword = argument;
+ }
+ });
+ options.add(new Option(Main.PROVIDER_OPT,
+ Messages.getString("CACertCmd.13"), //$NON-NLS-1$
+ Messages.getString("CACertCmd.14")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ _providerClassName = argument;
+ }
+ });
+ options.add(new Option(Main.VERBOSE_OPT,
+ Messages.getString("CACertCmd.15")) //$NON-NLS-1$
+ {
+ public void parsed(String argument) throws OptionException
+ {
+ verbose = true;
+ }
+ });
+ result.add(options);
+ log.exiting(this.getClass().getName(), "getParser", result); //$NON-NLS-1$
+ return result;
+ }
+
+ /**
+ * Construct an Alias string from the name of the file containing the
+ * certificate to import. This method first removes the last dot (".")
+ * character and any subsequent characters from the input name, and then
+ * replaces any space and dot characters with underscores. For example the
+ * input string <code>brasil.gov.br.cert</code> will result in
+ * <code>brasil_gov_br</code> as its alias.
+ *
+ * @param fileName the name of the file containing the CA certificate
+ * @return a string which can, and will, be used as the Alias of this CA
+ * certificate.
+ */
+ private String getAliasFromFileName(String fileName)
+ {
+ log.entering(this.getClass().getName(), "getAliasFromFileName", fileName);
//$NON-NLS-1$
+ // get the basename
+ fileName = new File(fileName).getName();
+ // remove '.' if at start
+ if (fileName.startsWith(".")) //$NON-NLS-1$
+ fileName = fileName.substring(1);
+
+ // remove last \..+
+ int ndx = fileName.lastIndexOf('.');
+ if (ndx > 0)
+ fileName = fileName.substring(0, ndx);
+ // replace spaces and dots with underscores
+ char[] chars = fileName.toCharArray();
+ for (int i = 0; i < chars.length; i++)
+ {
+ char c = chars[i];
+ if (c == ' ' || c == '.')
+ chars[i] = '_';
+ }
+ String result = new String(chars);
+ log.exiting(this.getClass().getName(), "getAliasFromFileName", result);
//$NON-NLS-1$
+ return result;
+ }
+}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [commit-cp] classpath doctools.texinfo tools/gnu/classpath/...,
Raif S. Naffah <=