Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep

gnu.classpath.tools.keytool
Class ListCmd  view ListCmd download ListCmd.java

java.lang.Object
  extended bygnu.classpath.tools.keytool.Command
      extended bygnu.classpath.tools.keytool.ListCmd

class ListCmd
extends Command

The -list keytool command handler is used to output one or all key store entries.

Possible options for this command are:

-alias ALIAS
Every entry, be it a Key Entry or a Trusted Certificate, in a key store is uniquely identified by a user-defined Alias string. Use this option to specify the Alias to use when referring to an entry in the key store. Unless specified otherwise, a default value of mykey shall be used when this option is omitted from the command line.

-storetype STORE_TYP}
Use this option to specify the type of the key store to use. The default value, if this option is omitted, is that of the property keystore.type in the security properties file, which is obtained by invoking the KeyStore.getDefaultType()>KeyStore.getDefaultType() 55 static method.

-keystore URL
Use this option to specify the location of the key store to use. The default value is a file java.net.URL referencing the file named .keystore located in the path returned by the call to System.getProperty(String)>System.getProperty(String) 55 using user.home as argument.

If a URL was specified, but was found to be malformed --e.g. missing protocol element-- the tool will attempt to use the URL value as a file- name (with absolute or relative path-name) of a key store --as if the protocol was file:.

-storepass PASSWORD
Use this option to specify the password protecting the key store. If this option is omitted from the command line, you will be prompted to provide a password.

-provider PROVIDER_CLASS_NAME
A fully qualified class name of a Security Provider to add to the current list of Security Providers already installed in the JVM in-use. If a provider class is specified with this option, and was successfully added to the runtime --i.e. it was not already installed-- then the tool will attempt to removed this Security Provider before exiting.

-rfc
Use RFC-1421 specifications when encoding the output.

-v
Output the certificate in human-readable format. If both this option and the -rfc option are detected on the command line, the tool will opt for the human-readable form and will not abort the command.


Field Summary
private  java.lang.String _alias
           
private  java.lang.String _ksPassword
           
private  java.lang.String _ksType
           
private  java.lang.String _ksURL
           
private  java.lang.String _providerClassName
           
protected  java.lang.String alias
          The Alias to use.
private  boolean all
           
protected  java.io.InputStream inStream
          The input stream the concrete handler will use.
protected  java.security.KeyPairGenerator keyPairGenerator
          The key-pair generation algorithm instance to use.
protected  char[] keyPasswordChars
          The password characters protecting a Key Entry.
private static java.util.logging.Logger log
           
protected  java.io.OutputStream outStream
          The output stream the concrete handler will use.
protected  java.security.Provider provider
          A security provider to add.
private  boolean rfc
           
protected static gnu.java.security.OID SHA1_WITH_DSA
          OID of SHA1withDSA signature algorithm as stated in RFC-2459.
protected  java.security.Signature signatureAlgorithm
          The digital signature algorithm instance to use.
protected  java.security.KeyStore store
          The key store instance to use.
protected  char[] storePasswordChars
          The password characters protecting the key store.
protected  java.io.InputStream storeStream
          The input stream from the key store URL.
protected  java.lang.String storeType
          The key store type.
protected  java.net.URL storeURL
          The key store URL.
protected  boolean systemOut
          Whether we are printing to System.out.
protected  int validityInDays
          Validity period, in number of days, to use when generating certificates.
protected  boolean verbose
          Whether verbose output is required or not.
 
Constructor Summary
(package private) ListCmd()
           
 
Method Summary
protected  java.lang.String digestWithMD5(byte[] contents)
          Digest the designated contents with MD5 and return a string representation suitable for use as a fingerprint; i.e.
 void doCommand()
          A public method to allow using any keytool command handler programmatically by using a JavaBeans style of parameter(s) initialization.
protected  void ensureAliasIsKeyEntry()
          Ensure that the currently set Alias is associated with a Key Entry in the currently set key store; otherwise throw an exception.
protected  void ensureStoreContainsAlias()
          Ensure that the currently set Alias is contained in the currently set key store; otherwise throw an exception.
private  void fingerprint(java.security.cert.Certificate certificate, java.io.PrintWriter writer)
           
protected  java.security.Key getAliasPrivateKey()
           
protected  javax.security.auth.callback.CallbackHandler getCallbackHandler()
          Return a CallbackHandler which uses the Console (System.in and System.out) for interacting with the user.
protected  byte[] getSelfSignedCertificate(gnu.java.security.x509.X500DistinguishedName distinguishedName, java.security.PublicKey publicKey, java.security.PrivateKey privateKey)
          RFC-2459 (http://rfc.net/rfc2459.html) fully describes the structure and semantics of X.509 certificates.
protected  gnu.java.security.OID getSignatureAlgorithmOID()
          This method attempts to find, and return, an OID representing the digital signature algorithm used to sign the certificate.
private  void list1Alias(java.lang.String anAlias, java.io.PrintWriter writer)
          Prints the certificate(s) associated with the designated alias.
private  void print1Certificate(java.security.cert.Certificate certificate, java.io.PrintWriter writer)
          Prints the designated certificate, or its fingerprint, depending on the values of the flags v (for verbose) and rfc.
private  void print1Chain(java.security.cert.Certificate[] chain, java.io.PrintWriter writer)
          Prints the designated certificate chain, or a fingerprint of the first certificate (bottom) in the chain, depending on the values of the flags v (for verbose) and rfc.
private  void printRFC1421(java.security.cert.Certificate certificate, java.io.PrintWriter writer)
           
protected  void printVerbose(java.security.cert.Certificate certificate)
          Convenience method.
protected  void printVerbose(java.security.cert.Certificate certificate, java.io.PrintWriter writer)
          Prints a human-readable form of the designated certificate to a designated java.io.PrintWriter.
(package private)  int processArgs(java.lang.String[] args, int i)
          Given a potential sub-array of options for this concrete handler, starting at position startIndex + 1, potentially followed by other commands and their options, this method sets up this concrete command handler with its own options and returns the index of the first unprocessed argument in the array.
protected  void saveKeyStore()
          Convenience method.
protected  void saveKeyStore(char[] password)
          Saves the key store using the designated password.
protected  void setAlgorithmParams(java.lang.String kpAlg, java.lang.String sigAlg)
          Set both the key-pair generation algorithm, and the digital signature algorithm instances to use when generating new entries.
 void setAlias(java.lang.String alias)
           
protected  void setAliasParam(java.lang.String name)
          Set the Alias to use when associating Key Entries and Trusted Certificates in the current key store.
protected  void setInputStreamParam(java.lang.String fileName)
           
protected  void setKeyPasswordNoPrompt(java.lang.String password)
          Set the key password given a command line option argument.
protected  void setKeyPasswordParam()
          Prompt the user to provide a password to protect a Key Entry in the key store.
protected  void setKeyPasswordParam(java.lang.String password)
          Set the key password given a command line option argument.
 void setKeystore(java.lang.String url)
           
protected  void setKeyStoreParams(java.lang.String className, java.lang.String type, java.lang.String password, java.lang.String url)
          Convenience method to setup the key store given its type, its password, its location and portentially a specialized security provider.
protected  void setKeystorePasswordParam(java.lang.String password)
           
protected  void setKeystoreTypeParam(java.lang.String type)
          Set the type of key store to initialize, load and use.
protected  void setKeystoreURLParam(java.lang.String url)
          Set the key store URL to use.
protected  void setOutputStreamParam(java.lang.String fileName)
           
 void setProvider(java.lang.String className)
           
protected  void setProviderClassNameParam(java.lang.String className)
          Set a security provider class name to (install and) use for key store related operations.
 void setRfc(java.lang.String flag)
           
protected  void setSignatureAlgorithmParam(java.lang.String algorithm, java.security.Key privateKey)
          Set the signature algorithm to use when digitally signing private keys, certificates, etc...
 void setStorepass(java.lang.String password)
           
 void setStoretype(java.lang.String type)
           
(package private)  void setup()
          Initialize this concrete command handler for later invocation of the start() 55 or Command.doCommand() 55 methods.
protected  void setValidityParam(java.lang.String days)
          Set the validity period, in number of days, to use when issuing new certificates.
 void setVerbose(java.lang.String flag)
           
(package private)  void start()
          Do the real work this handler is supposed to do.
(package private)  void teardown()
          Tear down the handler, releasing any resources which may have been allocated at setup time.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private static final java.util.logging.Logger log

_alias

private java.lang.String _alias

_ksType

private java.lang.String _ksType

_ksURL

private java.lang.String _ksURL

_ksPassword

private java.lang.String _ksPassword

_providerClassName

private java.lang.String _providerClassName

rfc

private boolean rfc

all

private boolean all

SHA1_WITH_DSA

protected static final gnu.java.security.OID SHA1_WITH_DSA
OID of SHA1withDSA signature algorithm as stated in RFC-2459.


alias

protected java.lang.String alias
The Alias to use.


keyPasswordChars

protected char[] keyPasswordChars
The password characters protecting a Key Entry.


provider

protected java.security.Provider provider
A security provider to add.


storeType

protected java.lang.String storeType
The key store type.


storePasswordChars

protected char[] storePasswordChars
The password characters protecting the key store.


storeURL

protected java.net.URL storeURL
The key store URL.


storeStream

protected java.io.InputStream storeStream
The input stream from the key store URL.


store

protected java.security.KeyStore store
The key store instance to use.


outStream

protected java.io.OutputStream outStream
The output stream the concrete handler will use.


systemOut

protected boolean systemOut
Whether we are printing to System.out.


keyPairGenerator

protected java.security.KeyPairGenerator keyPairGenerator
The key-pair generation algorithm instance to use.


signatureAlgorithm

protected java.security.Signature signatureAlgorithm
The digital signature algorithm instance to use.


validityInDays

protected int validityInDays
Validity period, in number of days, to use when generating certificates.


inStream

protected java.io.InputStream inStream
The input stream the concrete handler will use.


verbose

protected boolean verbose
Whether verbose output is required or not.

Constructor Detail

ListCmd

ListCmd()
Method Detail

setAlias

public void setAlias(java.lang.String alias)

setStoretype

public void setStoretype(java.lang.String type)

setKeystore

public void setKeystore(java.lang.String url)

setStorepass

public void setStorepass(java.lang.String password)

setProvider

public void setProvider(java.lang.String className)

setRfc

public void setRfc(java.lang.String flag)

processArgs

int processArgs(java.lang.String[] args,
                int i)
Description copied from class: Command
Given a potential sub-array of options for this concrete handler, starting at position startIndex + 1, potentially followed by other commands and their options, this method sets up this concrete command handler with its own options and returns the index of the first unprocessed argument in the array.

The general contract of this method is that it is invoked with the startIndex argument pointing to the keyword argument that uniquelly identifies the command itself; e.g. -genkey or -list, etc...

Specified by:
processArgs in class Command

setup

void setup()
     throws java.lang.Exception
Description copied from class: Command
Initialize this concrete command handler for later invocation of the Command.start() 55 or Command.doCommand() 55 methods.

Handlers usually initialize their local variables and resources within the scope of this call.

Specified by:
setup in class Command

start

void start()
     throws java.security.KeyStoreException,
            java.security.cert.CertificateEncodingException,
            java.io.IOException
Description copied from class: Command
Do the real work this handler is supposed to do.

The code in this (abstract) class throws a Not implemented yet runtime exception. Concrete implementations MUST override this method.

Overrides:
start in class Command

list1Alias

private void list1Alias(java.lang.String anAlias,
                        java.io.PrintWriter writer)
                 throws java.security.KeyStoreException,
                        java.security.cert.CertificateEncodingException,
                        java.io.IOException
Prints the certificate(s) associated with the designated alias.


print1Chain

private void print1Chain(java.security.cert.Certificate[] chain,
                         java.io.PrintWriter writer)
                  throws java.security.cert.CertificateEncodingException
Prints the designated certificate chain, or a fingerprint of the first certificate (bottom) in the chain, depending on the values of the flags v (for verbose) and rfc.

If both flags are false, only the fingerprint is generated, otherwise, if the v flag is set, then a human readable output is generated. If rfc is set, then an RFC-1421 like output is generated.

Note that both v and rfc cannot both be true at the same time.


print1Certificate

private void print1Certificate(java.security.cert.Certificate certificate,
                               java.io.PrintWriter writer)
                        throws java.security.cert.CertificateEncodingException
Prints the designated certificate, or its fingerprint, depending on the values of the flags v (for verbose) and rfc.

If both flags are false, only a fingerprint is generated, otherwise, if the v flag is set, then a human readable output is generated. If rfc is set, then an RFC-1421 like output is generated.

Note that both v and rfc cannot both be true at the same time.


printRFC1421

private void printRFC1421(java.security.cert.Certificate certificate,
                          java.io.PrintWriter writer)
                   throws java.security.cert.CertificateEncodingException

fingerprint

private void fingerprint(java.security.cert.Certificate certificate,
                         java.io.PrintWriter writer)
                  throws java.security.cert.CertificateEncodingException

doCommand

public void doCommand()
               throws java.lang.Exception
A public method to allow using any keytool command handler programmatically by using a JavaBeans style of parameter(s) initialization. The user is assumed to have set individually the required options through their respective setters before invoking this method.

If an exception is encountered during the processing of the command, this implementation attempts to release any resources that may have been allocated at the time the exception occurs, before re-throwing that exception.


setVerbose

public void setVerbose(java.lang.String flag)

teardown

void teardown()
Tear down the handler, releasing any resources which may have been allocated at setup time.


setKeyStoreParams

protected void setKeyStoreParams(java.lang.String className,
                                 java.lang.String type,
                                 java.lang.String password,
                                 java.lang.String url)
                          throws java.io.IOException,
                                 javax.security.auth.callback.UnsupportedCallbackException,
                                 java.security.KeyStoreException,
                                 java.security.NoSuchAlgorithmException,
                                 java.security.cert.CertificateException
Convenience method to setup the key store given its type, its password, its location and portentially a specialized security provider.


setProviderClassNameParam

protected void setProviderClassNameParam(java.lang.String className)
Set a security provider class name to (install and) use for key store related operations.


setKeystoreTypeParam

protected void setKeystoreTypeParam(java.lang.String type)
Set the type of key store to initialize, load and use.


setKeyPasswordParam

protected void setKeyPasswordParam(java.lang.String password)
                            throws java.io.IOException,
                                   javax.security.auth.callback.UnsupportedCallbackException
Set the key password given a command line option argument. If no value was present on the command line then prompt the user to provide one.


setAliasParam

protected void setAliasParam(java.lang.String name)
Set the Alias to use when associating Key Entries and Trusted Certificates in the current key store.


setKeyPasswordNoPrompt

protected void setKeyPasswordNoPrompt(java.lang.String password)
Set the key password given a command line option argument.


setKeyPasswordParam

protected void setKeyPasswordParam()
                            throws java.io.IOException,
                                   javax.security.auth.callback.UnsupportedCallbackException
Prompt the user to provide a password to protect a Key Entry in the key store.


setKeystorePasswordParam

protected void setKeystorePasswordParam(java.lang.String password)
                                 throws java.io.IOException,
                                        javax.security.auth.callback.UnsupportedCallbackException

setKeystoreURLParam

protected void setKeystoreURLParam(java.lang.String url)
                            throws java.io.IOException,
                                   java.security.KeyStoreException,
                                   javax.security.auth.callback.UnsupportedCallbackException,
                                   java.security.NoSuchAlgorithmException,
                                   java.security.cert.CertificateException
Set the key store URL to use.


setOutputStreamParam

protected void setOutputStreamParam(java.lang.String fileName)
                             throws java.lang.SecurityException,
                                    java.io.IOException

setInputStreamParam

protected void setInputStreamParam(java.lang.String fileName)
                            throws java.io.FileNotFoundException

setAlgorithmParams

protected void setAlgorithmParams(java.lang.String kpAlg,
                                  java.lang.String sigAlg)
                           throws java.security.NoSuchAlgorithmException
Set both the key-pair generation algorithm, and the digital signature algorithm instances to use when generating new entries.


setSignatureAlgorithmParam

protected void setSignatureAlgorithmParam(java.lang.String algorithm,
                                          java.security.Key privateKey)
                                   throws java.security.NoSuchAlgorithmException
Set the signature algorithm to use when digitally signing private keys, certificates, etc...

If the designated algorithm name is null or is an empty string, this method checks the private key (the second argument) and based on its type decides which algorithm to use. The keytool public specification states that if the private key is a DSA key, then the signature algorithm will be SHA1withDSA, otherwise if it is an RSA private key, then the signature algorithm will be MD5withRSA. If the private key is neither a private DSA nor a private RSA key, then this method throws an java.lang.IllegalArgumentException.


setValidityParam

protected void setValidityParam(java.lang.String days)
Set the validity period, in number of days, to use when issuing new certificates.


getSelfSignedCertificate

protected byte[] getSelfSignedCertificate(gnu.java.security.x509.X500DistinguishedName distinguishedName,
                                          java.security.PublicKey publicKey,
                                          java.security.PrivateKey privateKey)
                                   throws java.io.IOException,
                                          java.security.SignatureException,
                                          java.security.InvalidKeyException
RFC-2459 (http://rfc.net/rfc2459.html) fully describes the structure and semantics of X.509 certificates. The ASN.1 structures below are gleaned from that reference.
  Certificate ::= SEQUENCE {
    tbsCertificate      TBSCertificate,
    signatureAlgorithm  AlgorithmIdentifier,
    signatureValue      BIT STRING
  }
  
  TBSCertificate ::= SEQUENCE {
    version           [0] EXPLICIT Version DEFAULT v1,
    serialNumber          CertificateSerialNumber,
    signature             AlgorithmIdentifier,
    issuer                Name,
    validity              Validity,
    subject               Name,
    subjectPublicKeyInfo  SubjectPublicKeyInfo
  }
  
  Version ::= INTEGER { v1(0), v2(1), v3(2) }
  
  CertificateSerialNumber ::= INTEGER
  
  Validity ::= SEQUENCE {
    notBefore  Time,
    notAfter   Time
  }
  
  Time ::= CHOICE {
    utcTime      UTCTime,
    generalTime  GeneralizedTime
  }
  
  UniqueIdentifier ::= BIT STRING
  
  SubjectPublicKeyInfo ::= SEQUENCE {
    algorithm         AlgorithmIdentifier,
    subjectPublicKey  BIT STRING
  }
 


getSignatureAlgorithmOID

protected gnu.java.security.OID getSignatureAlgorithmOID()
This method attempts to find, and return, an OID representing the digital signature algorithm used to sign the certificate. The OIDs returned are those described in RFC-2459. They are listed here for the sake of completness.
  id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3
  }
  
  md2WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 2
  }
  
  md5WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4
  }
  
  sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5
  }
 
IMPORTANT: This method checks the signature algorithm name against (a) The GNU algorithm implementation's name, and (b) publicly referenced names of the same algorithm. In other words this search is not comprehensive and may fail for uncommon names of the same algorithms.


saveKeyStore

protected void saveKeyStore(char[] password)
                     throws java.io.IOException,
                            java.security.KeyStoreException,
                            java.security.NoSuchAlgorithmException,
                            java.security.cert.CertificateException
Saves the key store using the designated password. This operation is called by handlers if/when the key store password has changed, or amendements have been made to the contents of the store; e.g. addition of a new Key Entry or a Trusted Certificate.


saveKeyStore

protected void saveKeyStore()
                     throws java.io.IOException,
                            java.security.KeyStoreException,
                            java.security.NoSuchAlgorithmException,
                            java.security.cert.CertificateException
Convenience method. Calls the method with the same name passing it the same password characters used to initially load the key-store.


printVerbose

protected void printVerbose(java.security.cert.Certificate certificate,
                            java.io.PrintWriter writer)
                     throws java.security.cert.CertificateEncodingException
Prints a human-readable form of the designated certificate to a designated java.io.PrintWriter.


printVerbose

protected void printVerbose(java.security.cert.Certificate certificate)
                     throws java.security.cert.CertificateEncodingException
Convenience method. Prints a human-readable form of the designated certificate to System.out.


digestWithMD5

protected java.lang.String digestWithMD5(byte[] contents)
Digest the designated contents with MD5 and return a string representation suitable for use as a fingerprint; i.e. sequence of hexadecimal pairs of characters separated by a colon.


ensureStoreContainsAlias

protected void ensureStoreContainsAlias()
                                 throws java.security.KeyStoreException
Ensure that the currently set Alias is contained in the currently set key store; otherwise throw an exception.


ensureAliasIsKeyEntry

protected void ensureAliasIsKeyEntry()
                              throws java.security.KeyStoreException
Ensure that the currently set Alias is associated with a Key Entry in the currently set key store; otherwise throw an exception.


getAliasPrivateKey

protected java.security.Key getAliasPrivateKey()
                                        throws java.security.KeyStoreException,
                                               java.security.NoSuchAlgorithmException,
                                               java.io.IOException,
                                               javax.security.auth.callback.UnsupportedCallbackException,
                                               java.security.UnrecoverableKeyException

getCallbackHandler

protected javax.security.auth.callback.CallbackHandler getCallbackHandler()
Return a CallbackHandler which uses the Console (System.in and System.out) for interacting with the user.

This method first finds all currently installed security providers capable of providing such service and then in turn attempts to instantiate the handler from those providers. As soon as one provider returns a non-null instance of the callback handler, the search stops and that instance is set to be used from now on.

If no installed providers were found, this method falls back on the GNU provider, by-passing the Security search mechanism. The default console callback handler implementation is gnu.javax.security.auth.callback.ConsoleCallbackHandler.