On Wed, 11 May 2022 22:37:18 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> This code change allows one entering "." at a distinguished name prompt to >> skip a sub-component when running `keytool -genkeyapir`. Several new >> resource strings are added. >> >> There is no detailed description in `keytool.html`, so I think there's no >> need to update it. >> >> I'll file a CSR to describe the behavior change. >> >> Here is an example after this change: >> >> $ keytool -genkeypair -keystore ks -storepass changeit -alias b -keyalg EC >> Enter the distinguished name. Enter a single dot (.) to leave the >> sub-component empty. >> What is your first and last name? >> [Unknown]: . >> What is the name of your organizational unit? >> [Unknown]: . >> What is the name of your organization? >> [Unknown]: . >> What is the name of your City or Locality? >> [Unknown]: . >> What is the name of your State or Province? >> [Unknown]: . >> What is the two-letter country code for this unit? >> [Unknown]: . >> At least one field must be provided. Enter again. >> Enter the distinguished name. Enter a single dot (.) to leave the >> sub-component empty. >> What is your first and last name? >> [EMPTY]: Duke >> What is the name of your organizational unit? >> [EMPTY]: >> What is the name of your organization? >> [EMPTY]: >> What is the name of your City or Locality? >> [EMPTY]: >> What is the name of your State or Province? >> [EMPTY]: >> What is the two-letter country code for this unit? >> [EMPTY]: >> Is CN=Duke correct? >> [no]: yes >> >> Generating 384 bit EC (secp384r1) key pair and self-signed certificate >> (SHA384withECDSA) with a validity of 90 days >> for: CN=Duke >> >> In the first round, "." is entered for all fields and keytool rejected it. >> In the second round, CN is entered but the others are unchanged (just type >> enter, because they are already entered previously). At the end, the name is >> "CN=Duke". > > src/java.base/share/classes/sun/security/tools/keytool/Main.java line 3781: > >> 3779: >> 3780: private static String dotToNull(String input) { >> 3781: return ".".equals(input) ? null : input; > > Do we deal at all with leading/trailing whitespace (maybe more concerned > about trailing whitespace than leading)? What happens if we get a ". " > (trailing space)? The user must be deliberately doing this. Let's respect their decision. :-) ------------- PR: https://git.openjdk.java.net/jdk/pull/8667