On Wed, 11 May 2022 23:40:46 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> This code change allows one entering "." at a distinguished name prompt to >> skip a sub-component when running `keytool -genkeyapir`. Several new >> resource strings are added. >> >> There is no detailed description in `keytool.html`, so I think there's no >> need to update it. >> >> I'll file a CSR to describe the behavior change. >> >> Here is an example after this change: >> >> $ keytool -genkeypair -keystore ks -storepass changeit -alias b -keyalg EC >> Enter the distinguished name. Enter a single dot (.) to leave the >> sub-component empty. >> What is your first and last name? >> [Unknown]: . >> What is the name of your organizational unit? >> [Unknown]: . >> What is the name of your organization? >> [Unknown]: . >> What is the name of your City or Locality? >> [Unknown]: . >> What is the name of your State or Province? >> [Unknown]: . >> What is the two-letter country code for this unit? >> [Unknown]: . >> At least one field must be provided. Enter again. >> Enter the distinguished name. Enter a single dot (.) to leave the >> sub-component empty. >> What is your first and last name? >> [EMPTY]: Duke >> What is the name of your organizational unit? >> [EMPTY]: >> What is the name of your organization? >> [EMPTY]: >> What is the name of your City or Locality? >> [EMPTY]: >> What is the name of your State or Province? >> [EMPTY]: >> What is the two-letter country code for this unit? >> [EMPTY]: >> Is CN=Duke correct? >> [no]: yes >> >> Generating 384 bit EC (secp384r1) key pair and self-signed certificate >> (SHA384withECDSA) with a validity of 90 days >> for: CN=Duke >> >> In the first round, "." is entered for all fields and keytool rejected it. >> In the second round, CN is entered but the others are unchanged (just type >> enter, because they are already entered previously). At the end, the name is >> "CN=Duke". > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > word change It might also be helpful to note that hitting return or enter will use the default, ex: "Enter a single dot (.) to leave the sub-component empty or enter return to use the default value in braces." For this: > What is your first and last name? > [EMPTY]: Duke I find the word "EMPTY" here a bit confusing because this is not a default value like "Unknown". It seems to me that it might be more intuitive to just repeat the initial set of prompts using [Unknown] and requiring '.' to be entered, especially since you repeat the part "Enter a single dot (.) to leave the sub-component empty." ------------- PR: https://git.openjdk.java.net/jdk/pull/8667
