001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
013: * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
014: * License for the specific language governing permissions and limitations under
015: * the License.
016: */
017:
018: package org.apache.harmony.tools.keytool;
019:
020: /**
021: * Class for printing help messages .
022: */
023: public class HelpPrinter {
024: private static StringBuffer message;
025:
026: final static String certReq = "-certreq";
027: final static String checkCRL = "-checkcrl";
028: final static String convert = "-convert";
029: final static String delete = "-delete";
030: final static String export = "-export";
031: final static String genKey = "-genkey";
032: final static String help = "-help";
033: final static String sImport = "-import";
034: final static String keyClone = "-keyclone";
035: final static String keyPasswd = "-keypasswd";
036: final static String list = "-list";
037: final static String printCert = "-printcert";
038: final static String selfCert = "-selfcert";
039: final static String storePasswd = "-storepasswd";
040: final static String verify = "-verify";
041:
042: final static String keyStore = " {-keystore <keystore_path>}";
043: final static String storeType = " {-storetype <store_type>}";
044: final static String keyPass = " {-keypass <key_password>}";
045: final static String oldKeyPass = " {-keypass <old_key_password>}";
046: final static String storePass = " {-storepass <store_password>}";
047: final static String provider = " {-provider <provider_name>}";
048: final static String certReqFile = " {-file <csr_file>}";
049: final static String certFile = " {-file <certificate_file>}";
050: final static String keyAlg = " {-keyalg <key_algorithm>}";
051: final static String sigAlg = " {-sigalg <signature_algorithm>}";
052: final static String keySize = " {-keysize <key_size>}";
053: final static String alias = " {-alias <alias>}";
054: final static String dName = " {-dname <X500_distinguished_dname>}";
055: final static String validity = " {-validity <validity_period>}";
056: final static String verbose = " {-v}";
057: final static String verboseOrRfc = " {-rfc | -v}";
058: final static String javaOption = " {-J<javaoption>}";
059: final static String crlFile = " {-crlfile <crl_file>}";
060: final static String convKeyStore = " {-convkeystore <result_store>}";
061: final static String convStoreType = " {-convtype <result_type>}";
062: final static String convStorePass = " {-convstorepass <result_store_pass>}";
063: final static String convKeys = " {-convkeys}";
064: final static String ca = " {-ca}";
065: final static String secretKey = " {-secretkey}";
066: final static String trustCAcerts = " {-trustcacerts}";
067: final static String noPrompt = " {-noprompt}";
068: final static String cacerts = " {-cacerts <cacerts_path>}";
069: final static String cacertsPass = " {-cacertspass <cacerts_password>}";
070: final static String x509version = " {-x509version <X509_version>}";
071: final static String dest = " {-dest <dest_alias>}";
072: final static String sNew = " {-new <new_password>}";
073: final static String issuer = " {-issuer <issuer_alias>}";
074: final static String issuerPass = " {-issuerpass <issuer_password>}";
075: final static String serialNum = " {-certserial <cert_serial_number>}";
076: final static String newLine = "\n";
077: final static String doubleNewLine = "\n\n";
078: final static String ksTypePassVProvCacerts = newLine + keyStore
079: + storeType + newLine + storePass + verbose + provider
080: + newLine + cacerts + cacertsPass + doubleNewLine;
081:
082: /**
083: * Prints the help message.
084: */
085: static void printHelp() {
086: if (message == null) {
087: message = new StringBuffer();
088: String tab = "\t";
089: String doubleTab = "\t\t";
090: String tripleTab = "\t\t\t";
091: message.append("\nKeytool usage:\n");
092: message
093: .append("keytool {-<command_name>} {-<command_option>}"
094: + " {<option_value>}... -J<java_option>\n\n");
095: message.append("Known commands:\n");
096: message.append(tab + certReq + doubleTab
097: + "Generate certificate request\n");
098: message.append(tab + checkCRL + doubleTab
099: + "Check certificates revocation status\n");
100: message.append(tab + convert + doubleTab
101: + "Convert keystore to another format\n");
102: message.append(tab + delete + tripleTab
103: + "Remove entry from keystore\n");
104: message.append(tab + export + tripleTab
105: + "Export certificate to a file or stdout\n");
106: message.append(tab + genKey + tripleTab
107: + "Secret key or key pair generation\n");
108: message.append(tab + help + tripleTab
109: + "This help message or help on a command\n");
110: message.append(tab + sImport + tripleTab
111: + "Import a certificate (chain) or a CSR reply\n");
112: message.append(tab + keyClone + doubleTab
113: + "Duplicate a key entry\n");
114: message.append(tab + keyPasswd + doubleTab
115: + "Change key password\n");
116: message.append(tab + printCert + doubleTab
117: + "Print to stdout a certificate from file\n");
118: message.append(tab + selfCert + doubleTab
119: + "Generate a self-signed certificate "
120: + "with existing key\n");
121: message.append(tab + storePasswd + doubleTab
122: + "Change keystore password\n");
123: message.append(tab + verify + tripleTab
124: + "Verify a certificate chain\n");
125:
126: message.append("\nHelp usage:\n");
127: message.append("keytool -help {<command_name>}\n");
128: message.append("E.g.:\t keytool -help genkey\n");
129: }
130: System.out.println(message);
131: }
132:
133: static void topicHelp(String topic) {
134: StringBuffer topicMsg = new StringBuffer();
135: if (topic.equalsIgnoreCase("certreq")) {
136: topicMsg.append(" Generates a Certificate Signing Request "
137: + "(CSR). The request is generated\n");
138: topicMsg.append(" based on data taken from keystore entry "
139: + "associated with alias given.\n");
140: topicMsg
141: .append(" The certificate request "
142: + "is printed to a file, if its name is supplied\n");
143: topicMsg.append(" or otherwise printed to stdout.\n");
144: topicMsg.append("\ncertreq Usage:\n");
145: topicMsg.append(certReq + alias + certReqFile + newLine
146: + sigAlg + keyPass + ksTypePassVProvCacerts);
147:
148: } else if (topic.equalsIgnoreCase("checkcrl")) {
149: topicMsg
150: .append(" Checks if the certificate given in the file "
151: + "is contained in the CRL which\n");
152: topicMsg.append(" is stored in the CRL file. If the file "
153: + "name is not given, stdin is used.\n");
154: topicMsg.append("\ncheckcrl Usage:\n");
155: topicMsg.append(checkCRL + certFile + crlFile
156: + ksTypePassVProvCacerts);
157: } else if (topic.equalsIgnoreCase("convert")) {
158: topicMsg
159: .append(" Converts keystore to another format.\n"
160: + " If \"-convkeys\" option has been specified, "
161: + "an attempt to convert\n key entries is performed."
162: + " Only entries with password equal to \n"
163: + " keystore password are converted.\n");
164: topicMsg.append("\nconvert Usage:\n");
165: topicMsg.append(convert + convStoreType + convKeyStore
166: + newLine + convStorePass + convKeys
167: + ksTypePassVProvCacerts);
168:
169: } else if (topic.equalsIgnoreCase("delete")) {
170: topicMsg.append(" Removes from the keystore the entry "
171: + "associated with alias.\n");
172: topicMsg.append("\ndelete Usage:\n");
173: topicMsg.append(delete + alias + ksTypePassVProvCacerts);
174:
175: } else if (topic.equalsIgnoreCase("export")) {
176: topicMsg
177: .append(" Reads an X.509 certificate associated with "
178: + "alias and prints it into the\n");
179: topicMsg.append(" given file. If The file");
180: topicMsg
181: .append(" name is not given, the certificate is printed\n"
182: + " to stdout.\n");
183: topicMsg.append("\nexport Usage:\n");
184: topicMsg.append(export + verboseOrRfc + alias + certFile
185: + ksTypePassVProvCacerts);
186:
187: } else if (topic.equalsIgnoreCase("genkey")) {
188: topicMsg.append(" Generates a key pair or a secret key."
189: + " Key pair is composed of a private\n");
190: topicMsg.append(" and a public key. Wraps the public key "
191: + "into a self-signed X.509\n");
192: topicMsg.append(" (v1, v2, v3) certificate and puts the "
193: + "certificate into a single-element\n");
194: topicMsg
195: .append(" certificate chain or signs the certificate "
196: + "with private key from another\n");
197: topicMsg
198: .append(" key entry and adds its chain to the newly "
199: + "generated certificate . After\n");
200: topicMsg.append(" that adds to the keystore a new "
201: + "entry containing the generated\n");
202: topicMsg
203: .append(" private key and the chain. If a secret key is "
204: + "generated it is put into a\n");
205: topicMsg
206: .append(" secret key entry, with null certificate chain.\n");
207: topicMsg
208: .append(" If \"-ca\" option is specified, generated certificate\n");
209: topicMsg
210: .append(" will can be used for signing another certificates.\n");
211: topicMsg
212: .append(" If \"-secretkey\" option is specified, a secret key will.\n");
213: topicMsg
214: .append(" be generated instead of key pair and a certificate which\n");
215: topicMsg.append(" are generated by default. \n");
216:
217: topicMsg.append("\ngenkey usage\n");
218: topicMsg.append(genKey + alias + keyAlg + newLine + keySize
219: + sigAlg + newLine + validity + dName + newLine
220: + x509version + ca + serialNum + newLine
221: + secretKey + keyPass + newLine + issuer
222: + issuerPass + ksTypePassVProvCacerts);
223: } else if (topic.equalsIgnoreCase("help")) {
224: printHelp();
225: } else if (topic.equalsIgnoreCase("import")) {
226: topicMsg.append(" Reads an X.509 certificate or a PKCS#7 "
227: + "formatted certificate chain from\n");
228: topicMsg.append(" the file specified in param and puts it "
229: + "into the entry identified by the\n");
230: topicMsg.append(" supplied alias. If the input file is "
231: + "not specified, the certificates are\n");
232: topicMsg.append(" read from the standard input.\n");
233: topicMsg.append("\nimport Usage:\n");
234: topicMsg.append(sImport + alias + certFile + newLine
235: + noPrompt + trustCAcerts + newLine + keyPass
236: + cacerts + newLine + cacertsPass
237: + ksTypePassVProvCacerts);
238:
239: } else if (topic.equalsIgnoreCase("keyclone")) {
240: topicMsg.append(" Copies the key and the certificate "
241: + "chain (if any) from the keystore entry\n");
242: topicMsg.append(" identified by given alias into a newly "
243: + "created one with given destination.\n");
244: topicMsg.append("\nkeyclone Usage:\n");
245: topicMsg.append(keyClone + alias + dest + newLine + sNew
246: + keyPass + ksTypePassVProvCacerts);
247:
248: } else if (topic.equalsIgnoreCase("keypasswd")) {
249: topicMsg
250: .append(" Changes the key password to the new one.\n");
251: topicMsg.append("\nkeypasswd Usage:\n");
252: topicMsg.append(keyPasswd + alias + oldKeyPass + newLine
253: + sNew + ksTypePassVProvCacerts);
254:
255: } else if (topic.equalsIgnoreCase("list")) {
256: topicMsg
257: .append(" Prints the contents of the entry associated "
258: + "with the alias given. \n");
259: topicMsg
260: .append(" If no alias is specified, the contents of "
261: + "the entire keystore are printed.\n");
262: topicMsg.append("\nlist Usage:\n");
263: topicMsg.append(list + verboseOrRfc + alias
264: + ksTypePassVProvCacerts);
265:
266: } else if (topic.equalsIgnoreCase("printcert")) {
267: topicMsg.append(" Prints the detailed description of a "
268: + "certificate in a human-readable\n");
269: topicMsg
270: .append(" format: its owner and issuer, serial number, "
271: + "validity period and\n");
272: topicMsg.append(" fingerprints.\n");
273: topicMsg.append("\nprintcert Usage:\n");
274: topicMsg.append(printCert + verbose + certFile
275: + doubleNewLine);
276:
277: } else if (topic.equalsIgnoreCase("selfcert")) {
278: topicMsg
279: .append(" Generates an X.509 (v1, v2, v3) self-signed "
280: + "certificate using a key pair\n");
281: topicMsg
282: .append(" associated with alias. "
283: + "If X.500 Distinguished Name is supplied it is \n");
284: topicMsg.append(" used as both subject and issuer of the"
285: + "certificate. Otherwise the\n");
286: topicMsg
287: .append(" distinguished name associated with alias is"
288: + " used. Signature algorithm,\n");
289: topicMsg.append(" validity period and certificate serial"
290: + " number are taken from command line if \n");
291: topicMsg.append(" defined there or "
292: + "from the keystore entry identified by alias.\n");
293: topicMsg
294: .append(" If \"-ca\" option is specified, generated certificate\n");
295: topicMsg
296: .append(" will can be used for signing another certificates.\n");
297: topicMsg
298: .append(" If \"-secretkey\" option is specified, a secret key will.\n");
299: topicMsg
300: .append(" be generated instead of key pair and a certificate which\n");
301: topicMsg.append(" are generated by default. \n");
302: topicMsg.append("\nselfcert Usage:\n");
303: topicMsg.append(selfCert + alias + dName + newLine
304: + validity + sigAlg + newLine + keyPass + ca
305: + serialNum + ksTypePassVProvCacerts);
306:
307: } else if (topic.equalsIgnoreCase("storepasswd")) {
308: topicMsg
309: .append(" Changes the keystore password to the new one.\n");
310: topicMsg.append("\nstorepasswd Usage:\n");
311: topicMsg
312: .append(storePasswd + sNew + ksTypePassVProvCacerts);
313:
314: } else if (topic.equalsIgnoreCase("verify")) {
315: topicMsg
316: .append(" A cerificate chain is built by looking up "
317: + "the certificate of the issuer\n");
318: topicMsg
319: .append(" of the current certificate. If a sertificate "
320: + "is self-signed it is assumed\n");
321: topicMsg
322: .append(" to be the root CA. After that the certificates "
323: + "are searched in the lists\n");
324: topicMsg
325: .append(" of revoked certificates. Certificate signatures "
326: + "are checked and\n");
327: topicMsg
328: .append(" certificate path is built in the same way as in "
329: + "import operation. If an\n");
330: topicMsg
331: .append(" error occurs the flow is not stopped but an "
332: + "attempt to continue is made.\n");
333: topicMsg.append(" The results of the verification are"
334: + " printed to stdout.\n");
335: topicMsg.append("\nverify Usage:\n");
336: topicMsg.append(verify + certFile + crlFile + newLine
337: + trustCAcerts + cacerts + newLine + cacertsPass
338: + ksTypePassVProvCacerts);
339:
340: } else {
341: System.out.println("The option with name <" + topic
342: + "> is unknown.");
343: printHelp();
344: return;
345: }
346: System.out.println(topicMsg);
347: }
348:
349: }
|