-
CSR
-
Resolution: Approved
-
P4
-
None
-
behavioral
-
minimal
-
-
add/remove/modify command line option
Summary
The "keytool -printcert" command will use the security provider specified by the "-providername" option to parse a certificate if it cannot be parsed by the builtin providers of JDK.
Problem
Sometimes a user wants to inspect the content of a certificate that is using an algorithm not supported by JDK's builtin providers. We should allow the user to choose another provider if available.
Solution
Let "keytool -printcert" recognize the "-providername" option. Other provider-related options ("-addprovider", "-providerclass", and "-providerpath") will also be supported so the user can load providers dynamically from a jar or a module. These options are already supported by other keytool commands.
Specification
The difference of "keytool -help -printcert" will be
keytool -printcert [OPTION]...
Prints the content of a certificate
Options:
-rfc output in RFC style
-file <file> input file name
-sslserver <server[:port]> SSL server host and port
-jarfile <file> signed jar file
+ -providername <name> provider name
+ -addprovider <name> add security provider by name (e.g. SunPKCS11)
+ [-providerarg <arg>] configure argument for -addprovider
+ -providerclass <class> add security provider by fully-qualified class name
+ [-providerarg <arg>] configure argument for -providerclass
+ -providerpath <list> provider classpath
-v verbose output
Use "keytool -?, -h, or --help" for this help message- csr of
-
JDK-8201290 keytool importcert fails with CertificateParsingException if unknown certificate algorithms should be imported
-
- Resolved
-