[official-gcc.git] / libjava / classpath / tools / gnu / classpath / tools / keytool / CertReqCmd.java
| blob | 0c64246e8c99af6007e474dbe0eb5667ae0cda7b |
1 /* CertReqCmd.java -- The certreq command handler of the keytool
2 Copyright (C) 2006 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
9 any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 02110-1301 USA.
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
24 combination.
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
69 /**
70 * The <b>-certreq</b> keytool command handler is used to generate a Certificate
71 * Signing Request (CSR) in PKCS#10 format.
72 * <p>
73 * The ASN.1 specification of a CSR, as stated in RFC-2986 is as follows:
74 * <p>
75 * <pre>
76 * CertificationRequest ::= SEQUENCE {
77 * certificationRequestInfo CertificationRequestInfo,
78 * signatureAlgorithm AlgorithmIdentifier,
79 * signature BIT STRING
80 * }
81 *
82 * CertificationRequestInfo ::= SEQUENCE {
83 * version INTEGER -- v1(0)
84 * subject Name,
85 * subjectPKInfo SubjectPublicKeyInfo,
86 * attributes [0] IMPLICIT Attributes -- see note later
87 * }
88 *
89 * SubjectPublicKeyInfo ::= SEQUENCE {
90 * algorithm AlgorithmIdentifier,
91 * subjectPublicKey BIT STRING
92 * }
93 * </pre>
94 * <b>IMPORTANT</b>: Some documentation (e.g. RSA examples) claims that the
95 * <code>attributes</code> field is <i>OPTIONAL</i> while <i>RFC-2986</i>
96 * implies the opposite. This implementation considers this field, by default,
97 * as <i>OPTIONAL</i>, unless the option <code>-attributes</code> is included
98 * on the command line.
99 * <p>
100 * Possible options for this command are:
101 * <p>
102 * <dl>
103 * <dt>-alias ALIAS</dt>
104 * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted
105 * Certificate</i>, in a key store is uniquely identified by a user-defined
106 * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use
107 * when referring to an entry in the key store. Unless specified otherwise,
108 * a default value of <code>mykey</code> shall be used when this option is
109 * omitted from the command line.
110 * <p></dd>
111 *
112 * <dt>-sigalg ALGORITHM</dt>
113 * <dd>The canonical name of the digital signature algorithm to use for
114 * signing the certificate. If this option is omitted, a default value will
115 * be chosen based on the type of the private key associated with the
116 * designated <i>Alias</i>. If the private key is a <code>DSA</code> one,
117 * the value for the signature algorithm will be <code>SHA1withDSA</code>.
118 * If on the other hand the private key is an <code>RSA</code> one, then
119 * the tool will use <code>MD5withRSA</code> as the signature algorithm.
120 * <p></dd>
121 *
122 * <dt>-file FILE_NAME</dt>
123 *
124 * <dt>-keypass PASSWORD</dt>
125 *
126 * <dt>-storetype STORE_TYP}</dt>
127 * <dd>Use this option to specify the type of the key store to use. The
128 * default value, if this option is omitted, is that of the property
129 * <code>keystore.type</code> in the security properties file, which is
130 * obtained by invoking the {@link java.security.KeyStore#getDefaultType()}
131 * static method.
132 * <p></dd>
133 *
134 * <dt>-keystore URL</dt>
135 * <dd>Use this option to specify the location of the key store to use.
136 * The default value is a file {@link java.net.URL} referencing the file
137 * named <code>.keystore</code> located in the path returned by the call to
138 * {@link java.lang.System#getProperty(String)} using <code>user.home</code>
139 * as argument.
140 * <p>
141 * If a URL was specified, but was found to be malformed --e.g. missing
142 * protocol element-- the tool will attempt to use the URL value as a file-
143 * name (with absolute or relative path-name) of a key store --as if the
144 * protocol was <code>file:</code>.
145 * <p></dd>
146 *
147 * <dt>-storepass PASSWORD</dt>
148 * <dd>Use this option to specify the password protecting the key store. If
149 * this option is omitted from the command line, you will be prompted to
150 * provide a password.
151 * <p></dd>
152 *
153 * <dt>-provider PROVIDER_CLASS_NAME</dt>
154 * <dd>A fully qualified class name of a Security Provider to add to the
155 * current list of Security Providers already installed in the JVM in-use.
156 * If a provider class is specified with this option, and was successfully
157 * added to the runtime --i.e. it was not already installed-- then the tool
158 * will attempt to removed this Security Provider before exiting.
159 * <p></dd>
160 *
161 * <dt>-v</dt>
162 * <dd>Use this option to enable more verbose output.
163 * <p></dd>
164 *
165 * <dt>-attributes</dt>
166 * <dd>Use this option to force the tool to encode a NULL DER value in the
167 * CSR as the value of the Attributes field.</dd>
168 * </dl>
169 */
171 {
183 // default 0-arguments constructor
185 // public setters -----------------------------------------------------------
187 /** @param alias the alias to use. */
189 {
191 }
193 /**
194 * @param algorithm the canonical name of the digital signature algorithm to
195 * use.
196 */
198 {
200 }
202 /** @param pathName the fully qualified path name of the file to process. */
204 {
206 }
208 /** @param password the (private) key password to use. */
210 {
212 }
214 /** @param type the key-store type to use. */
216 {
218 }
220 /** @param url the key-store URL to use. */
222 {
224 }
226 /** @param password the key-store password to use. */
228 {
230 }
232 /** @param className a security provider fully qualified class name to use. */
234 {
236 }
238 /**
239 * @param flag whether to use, or not, a <code>NULL</code> DER value for
240 * the certificate's Attributes field.
241 */
243 {
245 }
247 // life-cycle methods -------------------------------------------------------
250 {
252 String opt;
254 {
280 else
282 }
285 }
288 {
293 // setSignatureAlgorithm(_sigAlgorithm);
306 }
310 InvalidKeyException, SignatureException
311 {
314 // 1. get the key entry and certificate chain associated to alias
318 // 2. get alias's DN and public key to use in the CSR
323 // 3. generate the CSR
327 // 4. encode it in base-64 and write it to outStream
335 {
338 _certReqFileName));
340 }
345 }
347 // own methods --------------------------------------------------------------
349 /**
350 * @param aliasName
351 * @param publicKey
352 * @param privateKey
353 * @return the DER encoded Certificate Signing Request.
354 * @throws IOException
355 * @throws InvalidKeyException
356 * @throws SignatureException
357 */
359 PrivateKey privateKey)
361 {
374 certRequestInfo);
378 sigAlgorithmID);
386 sigAlgorithm);
404 }
405 }