| This is cp-tools.info, produced by makeinfo version 4.11 from |
| /gcc-4.3/gcc-4.3.1/gcc-4.3.1/libjava/classpath/doc/cp-tools.texinfo. |
| |
| This file documents the Tools included in a standard distribution of |
| the GNU Classpath project deliverables. |
| |
| Copyright (C) 2006, 2007 Free Software Foundation, Inc. |
| |
| INFO-DIR-SECTION GNU Libraries |
| START-INFO-DIR-ENTRY |
| * Classpath Tools: (cp-tools). GNU Classpath Tools Guide |
| END-INFO-DIR-ENTRY |
| |
| |
| File: cp-tools.info, Node: Top, Next: Applet Tools, Prev: (dir), Up: (dir) |
| |
| GNU Classpath Tools Guide |
| ************************* |
| |
| This document contains important information you need to know in order |
| to use the tools included in the GNU Classpath project deliverables. |
| |
| The Tools aim at providing a free replacement, similar in their |
| behavior, to their counter-parts found in the Reference Implementation |
| (RI) of the Java Software Development Kit (SDK). |
| |
| * Menu: |
| |
| * Applet Tools:: Work with applets |
| * Security Tools:: Work securely with Java applications |
| * Other Tools:: Other tools in classpath |
| * I18N Issues:: How to add support for non-English languages |
| |
| --- The Detailed Node Listing --- |
| |
| Applet Tools |
| |
| * appletviewer Tool:: Load applets |
| * gcjwebplugin:: Load applets in a web browser |
| |
| Security Tools |
| |
| * jarsigner Tool:: Sign and verify .JAR files |
| * keytool Tool:: Manage private keys and public certificates |
| |
| jarsigner Tool |
| |
| * Common jarsigner Options:: Options used when signing or verifying a file |
| * Signing Options:: Options only used when signing a .JAR file |
| * Verification Options:: Options only used when verifying a .JAR file |
| |
| keytool Tool |
| |
| * Getting Help:: How to get help with keytool commands |
| * Common keytool Options:: Options used in more than one command |
| * Distinguished Names:: X.500 Distinguished Names used in certificates |
| * Add/Update Commands:: Commands for adding data to a Key Store |
| * Export Commands:: Commands for exporting data from a Key Store |
| * Display Commands:: Commands for displaying data in a Key Store |
| * Management Commands:: Commands for managing a Key Store |
| |
| Add/Update Commands |
| |
| * Command -genkey:: Generate private key and self-signed certificate |
| * Command -import:: Import certificates and certificate replies |
| * Command -selfcert:: Generate self-signed certificate |
| * Command -cacert:: Import a CA Trusted Certificate |
| * Command -identitydb:: Import JDK-1 style identities |
| |
| Export Commands |
| |
| * Command -certreq:: Generate Certificate Signing Requests (CSR) |
| * Command -export:: Export a certificate in a Key Store |
| |
| Display Commands |
| |
| * Command -list:: Display information about one or all Aliases |
| * Command -printcert:: Print a certificate or a certificate fingerprint |
| |
| Management Commands |
| |
| * Command -keyclone:: Clone a Key Entry in a Key Store |
| * Command -storepasswd:: Change the password protecting a Key Store |
| * Command -keypasswd:: Change the password protecting a Key Entry |
| * Command -delete:: Remove an entry in a Key Store |
| |
| Other Tools |
| |
| * jar Tool:: Archive tool for Java archives |
| * javah Tool:: A java header compiler |
| * gcjh Tool:: A java header compiler (old version) |
| * native2ascii Tool:: An encoding converter |
| * orbd Tool:: An object request broker daemon |
| * serialver Tool:: A serial version command |
| * rmid Tool:: RMI activation daemon |
| * rmiregistry Tool:: Remote object registry |
| * tnameserv Tool:: Naming service |
| |
| I18N Issues |
| |
| * Language Resources:: Where resources are located |
| * Message Formats:: How messages are internationalized |
| |
| |
| File: cp-tools.info, Node: Applet Tools, Next: Security Tools, Prev: Top, Up: Top |
| |
| 1 Applet Tools |
| ************** |
| |
| Two Applet Tools are available with GNU Classpath: appletviewer and |
| gcjwebplugin. |
| |
| To avoid conflicts with other implementations, the appletviewer |
| executable is called "gappletviewer". |
| |
| * Menu: |
| |
| * appletviewer Tool:: Load applets |
| * gcjwebplugin:: Load applets in a web browser |
| |
| If while using these tools you think you found a bug, then please |
| report it at classpath-bugs |
| (http://www.gnu.org/software/classpath/bugs.html). |
| |
| |
| File: cp-tools.info, Node: appletviewer Tool, Next: gcjwebplugin, Prev: Applet Tools, Up: Applet Tools |
| |
| 1.1 The `appletviewer' Tool |
| =========================== |
| |
| SYNOPSIS |
| |
| appletviewer [OPTION]... URL... |
| appletviewer [OPTION]... `-code' CODE |
| appletviewer [OPTION]... `-plugin' INPUT,OUTPUT |
| |
| DESCRIPTION The `appletviewer' tool loads and runs an applet. |
| |
| Use the first form to test applets specified by tag. The URL should |
| resolve to an HTML document from which the `appletviewer' will extract |
| applet tags. The APPLET, EMBED and OBJECT tags are supported. If a |
| given document contains multiple applet tags, all the applets will be |
| loaded, with each applet appearing in its own window. Likewise, when |
| multiple URLs are specified, each applet tag instance is given its own |
| window. If a given document contains no recognized tags the |
| `appletviewer' does nothing. |
| |
| appletviewer http://www.gnu.org/software/classpath/ |
| |
| Use the second form to test an applet in development. This form |
| allows applet tag attributes to be supplied on the command line. Only |
| one applet may be specified using the `-code' option. The `-code' |
| option overrides the URL form - any URLs specified will be ignored. |
| |
| appletviewer -code Test.class -param datafile,data.txt |
| |
| `gcjwebplugin' uses the third form to communicate with the |
| `appletviewer' through named pipes. |
| |
| URL OPTIONS |
| `-debug' |
| This option is not yet implemented but is provided for |
| compatibility. |
| |
| `-encoding CHARSET' |
| Use this option to specify an alternate character encoding for the |
| specified HTML page. |
| |
| |
| APPLET TAG OPTIONS |
| `-code CODE' |
| Use the `-code' option to specify the value of the applet tag CODE |
| attribute. |
| |
| `-codebase CODEBASE' |
| Use the `-codebase' option to specify the value of the applet tag |
| CODEBASE attribute. |
| |
| `-archive ARCHIVE' |
| Use the `-archive' option to specify the value of the applet tag |
| ARCHIVE attribute. |
| |
| `-width WIDTH' |
| Use the `-width' option to specify the value of the applet tag |
| WIDTH attribute. |
| |
| `-height HEIGHT' |
| Use the `-height' option to specify the value of the applet tag |
| HEIGHT attribute. |
| |
| `-param NAME,VALUE' |
| Use the `-param' option to specify values for the NAME and VALUE |
| attributes of an applet PARAM tag. |
| |
| |
| PLUGIN OPTION |
| `-plugin INPUT,OUTPUT' |
| `gcjwebplugin' uses the `-plugin' option to specify the named pipe |
| the `appletviewer' should use for receiving commands (INPUT) and |
| the one it should use for sending commands to `gcjwebplugin' |
| (OUTPUT). |
| |
| |
| DEBUGGING OPTION |
| `-verbose' |
| Use the `-verbose' option to have the `appletviewer' print |
| debugging messages. |
| |
| |
| STANDARD OPTIONS |
| |
| `-help' |
| Use the `-help' option to have the `appletviewer' print a usage |
| message, then exit. |
| |
| `-version' |
| Use the `-version' option to have the `appletviewer' print its |
| version, then exit. |
| |
| `-JOPTION' |
| Use the `-J' option to pass OPTION to the virtual machine that |
| will run the `appletviewer'. Unlike other options, there must not |
| be a space between the `-J' and OPTION. |
| |
| |
| |
| File: cp-tools.info, Node: gcjwebplugin, Prev: appletviewer Tool, Up: Applet Tools |
| |
| 1.2 The `gcjwebplugin' Tool |
| =========================== |
| |
| `gcjwebplugin' is a plugin that adds applet support to web browsers. |
| Currently `gcjwebplugin' only supports Mozilla-based browsers (e.g., |
| Firefox, Galeon, Mozilla). |
| |
| |
| File: cp-tools.info, Node: Security Tools, Next: Other Tools, Prev: Applet Tools, Up: Top |
| |
| 2 Security Tools |
| **************** |
| |
| Two Security Tools are available with GNU Classpath: `jarsigner' and |
| `keytool'. |
| |
| To avoid conflicts with other implementations, the jarsigner |
| executable is called `gjarsigner' and the keytool executable is called |
| `gkeytool'. |
| |
| * Menu: |
| |
| * jarsigner Tool:: Sign and verify .JAR files |
| * keytool Tool:: Manage private keys and public certificates |
| |
| If while using these tools you think you found a bug, then please |
| report it at classpath-bugs |
| (http://www.gnu.org/software/classpath/bugs.html). |
| |
| |
| File: cp-tools.info, Node: jarsigner Tool, Next: keytool Tool, Prev: Security Tools, Up: Security Tools |
| |
| 2.1 The `jarsigner' Tool |
| ======================== |
| |
| The `jarsigner' tool is invoked from the command line, in one of two |
| forms, as follows: |
| |
| jarsigner [OPTION]... FILE ALIAS |
| |
| jarsigner `-verify' [OPTION]... FILE |
| |
| When the first form is used, the tool signs the designated JAR file. |
| The second form, on the other hand, is used to verify a previously |
| signed JAR file. |
| |
| FILE is the .JAR file to process; i.e. to sign if the first syntax |
| form is used, or to verify if the second syntax form is used instead. |
| |
| ALIAS must be a known Alias of a Key Entry in the designated Key |
| Store. The private key material associated with this Alias is then used |
| for signing the designated .JAR file. |
| |
| * Menu: |
| |
| * Common jarsigner Options:: Options used when signing or verifying a file |
| * Signing Options:: Options only used when signing a .JAR file |
| * Verification Options:: Options only used when verifying a .JAR file |
| |
| |
| File: cp-tools.info, Node: Common jarsigner Options, Next: Signing Options, Prev: jarsigner Tool, Up: jarsigner Tool |
| |
| 2.1.1 Common options |
| -------------------- |
| |
| The following options may be used when the tool is used for either |
| signing, or verifying, a .JAR file. |
| |
| `-verbose' |
| Use this option to force the tool to generate more verbose |
| messages, during its processing. |
| |
| `-internalsf' |
| When present, the tool will include -which otherwise it does not- |
| the `.SF' file in the `.DSA' generated file. |
| |
| `-sectionsonly' |
| When present, the tool will include in the `.SF' generated file |
| -which otherwise it does not- a header containing a hash of the |
| whole manifest file. When that header is included, the tool can |
| quickly check, during verification, if the hash (in the header) |
| matches or not the manifest file. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| A fully qualified class name of a Security Provider to add to the |
| current list of Security Providers already installed in the JVM |
| in-use. If a provider class is specified with this option, and was |
| successfully added to the runtime -i.e. it was not already |
| installed- then the tool will attempt to remove this Security |
| Provider before exiting. |
| |
| `-help' |
| Prints a help text similar to this one. |
| |
| |
| |
| File: cp-tools.info, Node: Signing Options, Next: Verification Options, Prev: Common jarsigner Options, Up: jarsigner Tool |
| |
| 2.1.2 Signing options |
| --------------------- |
| |
| The following options may be specified when using the tool for signing |
| purposes. |
| |
| `-keystore URL' |
| Use this option to specify the location of the key store to use. |
| The default value is a file URL referencing the file named |
| `.keystore' located in the path returned by the call to |
| `java.lang.System#getProperty(String)' using `user.home' as |
| argument. |
| |
| If a URL was specified, but was found to be malformed -e.g. |
| missing protocol element- the tool will attempt to use the URL |
| value as a file-name (with absolute or relative path-name) of a |
| key store -as if the protocol was `file:'. |
| |
| `-storetype STORE_TYPE' |
| Use this option to specify the type of the key store to use. The |
| default value, if this option is omitted, is that of the property |
| `keystore.type' in the security properties file, which is obtained |
| by invoking the static method call `getDefaultType()' in |
| `java.security.KeyStore'. |
| |
| `-storepass PASSWORD' |
| Use this option to specify the password which will be used to |
| unlock the key store. If this option is missing, the User will be |
| prompted to provide a password. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| unlock the Key Entry associated with the designated Alias. |
| |
| If this option is omitted, the tool will first attempt to unlock |
| the Key Entry using the same password protecting the key store. If |
| this fails, you will then be prompted to provide a password. |
| |
| `-sigfile NAME' |
| Use this option to designate a literal that will be used to |
| construct file names for both the `.SF' and `.DSA' signature |
| files. These files will be generated, by the tool, and placed in |
| the `META-INF' directory of the signed JAR. Permissible |
| characters for NAME must be in the range "a-zA-Z0-9_-". All |
| characters will be converted to upper-case ones. |
| |
| If this option is missing, the first eight characters of the ALIAS |
| argument will be used. When this is the case, any character in |
| ALIAS that is outside the permissible range of characters will be |
| replaced by an underscore. |
| |
| `-signedjar FILE' |
| Use this option to specify the file name of the signed JAR. If |
| this option is omitted, then the signed JAR will be named the same |
| as FILE; i.e. the input JAR file will be replaced with the signed |
| copy. |
| |
| |
| |
| File: cp-tools.info, Node: Verification Options, Prev: Signing Options, Up: jarsigner Tool |
| |
| 2.1.3 Verification options |
| -------------------------- |
| |
| The following options may be specified when using the tool for |
| verification purposes. |
| |
| `-verify' |
| Use this option to indicate that the tool is to be used for |
| verification purposes. |
| |
| `-certs' |
| This option is used in conjunction with the `-verbose' option. |
| When present, along with the `-verbose' option, the tool will |
| print more detailed information about the certificates of the |
| signer(s) being processed. |
| |
| |
| |
| File: cp-tools.info, Node: keytool Tool, Prev: jarsigner Tool, Up: Security Tools |
| |
| 2.2 The `keytool' Tool |
| ====================== |
| |
| Cryptographic credentials, in a Java environment, are usually stored in |
| a Key Store. The Java SDK specifies a Key Store as a persistent |
| container of two types of objects: Key Entries and Trusted |
| Certificates. The security tool `keytool' is a Java-based application |
| for managing those types of objects. |
| |
| A Key Entry represents the private key part of a key-pair used in |
| Public-Key Cryptography, and a signed X.509 certificate which |
| authenticates the public key part for a known entity; i.e. the owner of |
| the key-pair. The X.509 certificate itself contains the public key part |
| of the key-pair. |
| |
| A Trusted Certificate is a signed X.509 certificate issued by a |
| trusted entity. The Trust in this context is relative to the User of |
| the `keytool'. In other words, the existence of a Trusted Certificate |
| in the Key Store processed by a `keytool' command implies that the User |
| trusts the Issuer of that Trusted Certificate to also sign, and hence |
| authenticates, other Subjects the tool may process. |
| |
| Trusted Certificates are important because they allow the tool to |
| mechanically construct Chains of Trust starting from one of the Trusted |
| Certificates in a Key Store and ending with a certificate whose Issuer |
| is potentially unknown. A valid chain is an ordered list, starting with |
| a Trusted Certificate (also called the anchor), ending with the target |
| certificate, and satisfying the condition that the Subject of |
| certificate `#i' is the Issuer of certificate `#i + 1'. |
| |
| The `keytool' is invoked from the command line as follows: |
| |
| keytool [COMMAND] ... |
| |
| Multiple COMMANDs may be specified at once, each complete with its |
| own options. `keytool' will parse all the arguments, before processing, |
| and executing, each `COMMAND'. If an exception occurs while executing |
| one COMMAND `keytool' will abort. Note however that because the |
| implementation of the tool uses code to parse command line options that |
| also supports GNU-style options, you have to separate each command |
| group with a double-hyphen; e.g |
| |
| keytool -list -- -printcert -alias mykey |
| |
| Here is a summary of the commands supported by the tool: |
| |
| 1. Add/Update commands |
| `-genkey [OPTION]...' |
| Generate a new Key Entry, eventually creating a new key store. |
| |
| `-import [OPTION]...' |
| Add, to a key store, Key Entries (private keys and |
| certificate chains authenticating the public keys) and |
| Trusted Certificates (3rd party certificates which can be |
| used as Trust Anchors when building chains-of-trust). |
| |
| `-selfcert [OPTION]...' |
| Generate a new self-signed Trusted Certificate. |
| |
| `-cacert [OPTION]...' |
| Import a CA Trusted Certificate. |
| |
| `-identitydb [OPTION]...' |
| NOT IMPLEMENTED YET. |
| Import a JDK 1.1 style Identity Database. |
| |
| 2. Export commands |
| `-certreq [OPTION]...' |
| Issue a Certificate Signing Request (CSR) which can be then |
| sent to a Certification Authority (CA) to issue a certificate |
| signed (by the CA) and authenticating the Subject of the |
| request. |
| |
| `-export [OPTION]...' |
| Export a certificate from a key store. |
| |
| 3. Display commands |
| `-list [OPTION]...' |
| Print one or all certificates in a key store to `STDOUT'. |
| |
| `-printcert [OPTION]...' |
| Print a human-readable form of a certificate, in a designated |
| file, to `STDOUT'. |
| |
| 4. Management commands |
| `-keyclone [OPTION]...' |
| Clone a Key Entry in a key store. |
| |
| `-storepasswd [OPTION]...' |
| Change the password protecting a key store. |
| |
| `-keypasswd [OPTION]...' |
| Change the password protecting a Key Entry in a key store. |
| |
| `-delete [OPTION]...' |
| Delete a Key Entry or a Trusted Certificate from a key store. |
| |
| * Menu: |
| |
| * Getting Help:: How to get help with keytool commands |
| * Common keytool Options:: Options used in more than one command |
| * Distinguished Names:: X.500 Distinguished Names used in certificates |
| * Add/Update Commands:: Commands for adding data to a Key Store |
| * Export Commands:: Commands for exporting data from a Key Store |
| * Display Commands:: Commands for displaying data in a Key Store |
| * Management Commands:: Commands for managing a Key Store |
| |
| |
| File: cp-tools.info, Node: Getting Help, Next: Common keytool Options, Prev: keytool Tool, Up: keytool Tool |
| |
| 2.2.1 Getting help |
| ------------------ |
| |
| To get a general help text about the tool, use the `-help' option; e.g. |
| |
| `keytool -help' |
| |
| To get more specific help text about one of the tool's command use |
| the `-help' option for that command; e.g. |
| |
| `keytool -genkey -help' |
| |
| In both instances, the tool will print a help text and then will |
| exit the running JVM. |
| |
| It is worth noting here that the help messages printed by the tool |
| are I18N-ready. This means that if/when the contents of the tool's |
| Message Bundle properties file are available in languages other than |
| English, you may see those messages in that language. |
| |
| |
| File: cp-tools.info, Node: Common keytool Options, Next: Distinguished Names, Prev: Getting Help, Up: keytool Tool |
| |
| 2.2.2 Common options |
| -------------------- |
| |
| The following `OPTION's are used in more than one `COMMAND'. They are |
| described here to reduce redundancy. |
| |
| `-alias ALIAS' |
| Every entry, be it a Key Entry or a Trusted Certificate, in a key |
| store is uniquely identified by a user-defined ALIAS string. Use |
| this option to specify the ALIAS to use when referring to an entry |
| in the key store. Unless specified otherwise, a default value of |
| `mykey' shall be used when this option is omitted from the command |
| line. |
| |
| `-keyalg ALGORITHM' |
| Use this option to specify the canonical name of the key-pair |
| generation algorithm. The default value for this option is `DSS' |
| (a synonym for the Digital Signature Algorithm also known as DSA). |
| |
| `-keysize SIZE' |
| Use this option to specify the number of bits of the shared |
| modulus (for both the public and private keys) to use when |
| generating new keys. A default value of `1024' will be used if |
| this option is omitted from the command line. |
| |
| `-validity DAY_COUNT' |
| Use this option to specify the number of days a newly generated |
| certificate will be valid for. The default value is `90' (days) if |
| this option is omitted from the command line. |
| |
| `-storetype STORE_TYPE' |
| Use this option to specify the type of the key store to use. The |
| default value, if this option is omitted, is that of the property |
| `keystore.type' in the security properties file, which is obtained |
| by invoking the static method call `getDefaultType()' in |
| `java.security.KeyStore'. |
| |
| `-storepass PASSWORD' |
| Use this option to specify the password protecting the key store. |
| If this option is omitted from the command line, you will be |
| prompted to provide a password. |
| |
| `-keystore URL' |
| Use this option to specify the location of the key store to use. |
| The default value is a file URL referencing the file named |
| `.keystore' located in the path returned by the call to |
| `java.lang.System#getProperty(String)' using `user.home' as |
| argument. |
| |
| If a URL was specified, but was found to be malformed -e.g. |
| missing protocol element- the tool will attempt to use the URL |
| value as a file-name (with absolute or relative path-name) of a |
| key store -as if the protocol was `file:'. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| A fully qualified class name of a Security Provider to add to the |
| current list of Security Providers already installed in the JVM |
| in-use. If a provider class is specified with this option, and was |
| successfully added to the runtime -i.e. it was not already |
| installed- then the tool will attempt to removed this Security |
| Provider before exiting. |
| |
| `-file FILE' |
| Use this option to designate a file to use with a command. When |
| specified with this option, the value is expected to be the fully |
| qualified path of a file accessible by the File System. Depending |
| on the command, the file may be used as input or as output. When |
| this option is omitted from the command line, `STDIN' will be used |
| instead, as the source of input, and `STDOUT' will be used instead |
| as the output destination. |
| |
| `-v' |
| Unless specified otherwise, use this option to enable more verbose |
| output. |
| |
| |
| |
| File: cp-tools.info, Node: Distinguished Names, Next: Add/Update Commands, Prev: Common keytool Options, Up: keytool Tool |
| |
| 2.2.3 X.500 Distinguished Names |
| ------------------------------- |
| |
| A Distinguished Name (or DN) MUST be supplied with some of the |
| `COMMAND's using a `-dname' option. The syntax of a valid value for |
| this option MUST follow RFC-2253 specifications. Namely the following |
| components (with their accepted meaning) will be recognized. Note that |
| the component name is case-insensitive: |
| |
| CN |
| The Common Name; e.g. `host.domain.com' |
| |
| OU |
| The Organizational Unit; e.g. `IT Department' |
| |
| O |
| The Organization Name; e.g. `The Sample Company' |
| |
| L |
| The Locality Name; e.g. `Sydney' |
| |
| ST |
| The State Name; e.g. `New South Wales' |
| |
| C |
| The 2-letter Country identifier; e.g. `AU' |
| |
| When specified with a `-dname' option, each pair of component/value |
| will be separated from the other with a comma. Each component and value |
| pair MUST be separated by an equal sign. For example, the following is |
| a valid DN value: |
| CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU |
| |
| If the Distinguished Name is required, and no valid default value can |
| be used, the tool will prompt you to enter the information through the |
| console. |
| |
| |
| File: cp-tools.info, Node: Add/Update Commands, Next: Export Commands, Prev: Distinguished Names, Up: keytool Tool |
| |
| 2.2.4 Add/Update commands |
| ------------------------- |
| |
| * Menu: |
| |
| * Command -genkey:: Generate private key and self-signed certificate |
| * Command -import:: Import certificates and certificate replies |
| * Command -selfcert:: Generate self-signed certificate |
| * Command -cacert:: Import a CA Trusted Certificate |
| * Command -identitydb:: Import JDK-1 style identities |
| |
| |
| File: cp-tools.info, Node: Command -genkey, Next: Command -import, Prev: Add/Update Commands, Up: Add/Update Commands |
| |
| 2.2.4.1 The `-genkey' command |
| ............................. |
| |
| Use this command to generate a new key-pair (both private and public |
| keys), and save these credentials in the key store as a Key Entry, |
| associated with the designated (if was specified with the `-alias' |
| option) or default (if the `-alias' option is omitted) Alias. |
| |
| The private key material will be protected with a user-defined |
| password (see `-keypass' option). The public key on the other hand will |
| be part of a self-signed X.509 certificate, which will form a 1-element |
| chain and will be saved in the key store. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-keyalg ALGORITHM' |
| For more details *note ALGORITHM: keyalg. |
| |
| `-keysize KEY_SIZE' |
| For more details *note KEY_SIZE: keysize. |
| |
| `-sigalg ALGORITHM' |
| The canonical name of the digital signature algorithm to use for |
| signing certificates. If this option is omitted, a default value |
| will be chosen based on the type of the key-pair; i.e. the |
| algorithm that ends up being used by the -keyalg option. If the |
| key-pair generation algorithm is `DSA', the value for the |
| signature algorithm will be `SHA1withDSA'. If on the other hand |
| the key-pair generation algorithm is `RSA', then the tool will use |
| `MD5withRSA' as the signature algorithm. |
| |
| `-dname NAME' |
| This a mandatory value for the command. If no value is specified |
| -i.e. the `-dname' option is omitted- the tool will prompt you to |
| enter a Distinguished Name to use as both the Owner and Issuer of |
| the generated self-signed certificate. |
| |
| For more details *note X.500 DISTINGUISHED NAME: dn. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| protect the newly created Key Entry. |
| |
| If this option is omitted, you will be prompted to provide a |
| password. |
| |
| `-validity DAY_COUNT' |
| For more details *note DAY_COUNT: validity. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -import, Next: Command -selfcert, Prev: Command -genkey, Up: Add/Update Commands |
| |
| 2.2.4.2 The `-import' command |
| ............................. |
| |
| Use this command to read an X.509 certificate, or a PKCS#7 Certificate |
| Reply from a designated input source and incorporate the certificates |
| into the key store. |
| |
| If the Alias does not already exist in the key store, the tool |
| treats the certificate read from the input source as a new Trusted |
| Certificate. It then attempts to discover a chain-of-trust, starting |
| from that certificate and ending at another Trusted Certificate, |
| already stored in the key store. If the `-trustcacerts' option is |
| present, an additional key store, of type `JKS' named `cacerts', and |
| assumed to be present in `${JAVA_HOME}/lib/security' will also be |
| consulted if found -`${JAVA_HOME}' refers to the location of an |
| installed Java Runtime Environment (JRE). If no chain-of-trust can be |
| established, and unless the `-noprompt' option has been specified, the |
| certificate is printed to `STDOUT' and the user is prompted for a |
| confirmation. |
| |
| If Alias exists in the key store, the tool will treat the |
| certificate(s) read from the input source as a Certificate Reply, which |
| can be a chain of certificates, that eventually would replace the chain |
| of certificates associated with the Key Entry of that Alias. The |
| substitution of the certificates only occurs if a chain-of-trust can be |
| established between the bottom certificate of the chain read from the |
| input file and the Trusted Certificates already present in the key |
| store. Again, if the `-trustcacerts' option is specified, additional |
| Trusted Certificates in the same `cacerts' key store will be |
| considered. If no chain-of-trust can be established, the operation will |
| abort. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| protect the Key Entry associated with the designated Alias, when |
| replacing this Alias' chain of certificates with that found in the |
| certificate reply. |
| |
| If this option is omitted, and the chain-of-trust for the |
| certificate reply has been established, the tool will first |
| attempt to unlock the Key Entry using the same password protecting |
| the key store. If this fails, you will then be prompted to provide |
| a password. |
| |
| `-noprompt' |
| Use this option to prevent the tool from prompting the user. |
| |
| `-trustcacerts' |
| Use this option to indicate to the tool that a key store, of type |
| `JKS', named `cacerts', and usually located in `lib/security' in |
| an installed Java Runtime Environment should be considered when |
| trying to establish chain-of-trusts. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -selfcert, Next: Command -cacert, Prev: Command -import, Up: Add/Update Commands |
| |
| 2.2.4.3 The `-selfcert' command |
| ............................... |
| |
| Use this command to generate a self-signed X.509 version 1 certificate. |
| The newly generated certificate will form a chain of one element which |
| will replace the previous chain associated with the designated Alias |
| (if `-alias' option was specified), or the default Alias (if `-alias' |
| option was omitted). |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-sigalg ALGORITHM' |
| The canonical name of the digital signature algorithm to use for |
| signing the certificate. If this option is omitted, a default |
| value will be chosen based on the type of the private key |
| associated with the designated Alias. If the private key is a |
| `DSA' one, the value for the signature algorithm will be |
| `SHA1withDSA'. If on the other hand the private key is an `RSA' |
| one, then the tool will use `MD5withRSA' as the signature |
| algorithm. |
| |
| `-dname NAME' |
| Use this option to specify the Distinguished Name of the newly |
| generated self-signed certificate. If this option is omitted, the |
| existing Distinguished Name of the base certificate in the chain |
| associated with the designated Alias will be used instead. |
| |
| For more details *note X.500 DISTINGUISHED NAME: dn. |
| |
| `-validity DAY_COUNT' |
| For more details *note DAY_COUNT: validity. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| unlock the Key Entry associated with the designated Alias. |
| |
| If this option is omitted, the tool will first attempt to unlock |
| the Key Entry using the same password protecting the key store. If |
| this fails, you will then be prompted to provide a password. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -cacert, Next: Command -identitydb, Prev: Command -selfcert, Up: Add/Update Commands |
| |
| 2.2.4.4 The `-cacert' command |
| ............................. |
| |
| Use this command to import, a CA certificate and add it to the key |
| store as a Trusted Certificate. The Alias for this new entry will be |
| constructed from the FILE's base-name after replacing hyphens and dots |
| with underscores. |
| |
| This command is useful when used in a script that recursively visits |
| a directory of CA certificates to populate a `cacerts.gkr' Key Store of |
| trusted certificates which can then be used commands that specify the |
| `-trustcacerts' option. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -identitydb, Prev: Command -cacert, Up: Add/Update Commands |
| |
| 2.2.4.5 The `-identitydb' command |
| ................................. |
| |
| NOT IMPLEMENTED YET. |
| |
| Use this command to import a JDK 1.1 style Identity Database. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Export Commands, Next: Display Commands, Prev: Add/Update Commands, Up: keytool Tool |
| |
| 2.2.5 Export commands |
| --------------------- |
| |
| * Menu: |
| |
| * Command -certreq:: Generate Certificate Signing Requests (CSR) |
| * Command -export:: Export a certificate in a Key Store |
| |
| |
| File: cp-tools.info, Node: Command -certreq, Next: Command -export, Prev: Export Commands, Up: Export Commands |
| |
| 2.2.5.1 The `-certreq' command |
| .............................. |
| |
| Use this command to generate a PKCS#10 Certificate Signing Request |
| (CSR) and write it to a designated output destination. The contents of |
| the destination should look something like the following: |
| |
| -----BEGIN NEW CERTIFICATE REQUEST----- |
| MI...QAwXzEUMBIGA1UEAwwLcnNuQGdudS5vcmcxGzAZBgNVBAoMElUg |
| Q2...A0GA1UEBwwGU3lkbmV5MQwwCgYDVQQIDANOU1cxCzAJBgNVBACC |
| ... |
| FC...IVwNVOfQLRX+O5kAhQ/a4RTZme2L8PnpvgRwrf7Eg8D6w== |
| -----END NEW CERTIFICATE REQUEST----- |
| |
| IMPORTANT: Some documentation (e.g. RSA examples) claims that the |
| `Attributes' field, in the CSR is `OPTIONAL' while RFC-2986 implies the |
| opposite. This implementation considers this field, by default, as |
| `OPTIONAL', unless the option `-attributes' is specified on the command |
| line. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-sigalg ALGORITHM' |
| The canonical name of the digital signature algorithm to use for |
| signing the certificate. If this option is omitted, a default |
| value will be chosen based on the type of the private key |
| associated with the designated Alias. If the private key is a |
| `DSA' one, the value for the signature algorithm will be |
| `SHA1withDSA'. If on the other hand the private key is an `RSA' |
| one, then the tool will use `MD5withRSA' as the signature |
| algorithm. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| unlock the Key Entry associated with the designated Alias. |
| |
| If this option is omitted, the tool will first attempt to unlock |
| the Key Entry using the same password protecting the key store. If |
| this fails, you will then be prompted to provide a password. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| `-attributes' |
| Use this option to force the tool to encode a `NULL' DER value in |
| the CSR as the value of the `Attributes' field. |
| |
| |
| |
| File: cp-tools.info, Node: Command -export, Prev: Command -certreq, Up: Export Commands |
| |
| 2.2.5.2 The `-export' command |
| ............................. |
| |
| Use this command to export a certificate stored in a key store to a |
| designated output destination, either in binary format (if the `-v' |
| option is specified), or in RFC-1421 compliant encoding (if the `-rfc' |
| option is specified instead). |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-rfc' |
| Use RFC-1421 specifications when encoding the output. |
| |
| `-v' |
| Output the certificate in binary DER encoding. This is the default |
| output format of the command if neither `-rfc' nor `-v' options |
| were detected on the command line. If both this option and the |
| `-rfc' option are detected on the command line, the tool will opt |
| for the RFC-1421 style encoding. |
| |
| |
| |
| File: cp-tools.info, Node: Display Commands, Next: Management Commands, Prev: Export Commands, Up: keytool Tool |
| |
| 2.2.6 Display commands |
| ---------------------- |
| |
| * Menu: |
| |
| * Command -list:: Display information about one or all Aliases |
| * Command -printcert:: Print a certificate or a certificate fingerprint |
| |
| |
| File: cp-tools.info, Node: Command -list, Next: Command -printcert, Prev: Display Commands, Up: Display Commands |
| |
| 2.2.6.1 The `-list' command |
| ........................... |
| |
| Use this command to print one or all of a key store entries to |
| `STDOUT'. Usually this command will only print a fingerprint of the |
| certificate, unless either the `-rfc' or the `-v' option is specified. |
| |
| `-alias ALIAS' |
| If this option is omitted, the tool will print ALL the entries |
| found in the key store. |
| |
| For more details *note ALIAS: alias. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-rfc' |
| Use RFC-1421 specifications when encoding the output. |
| |
| `-v' |
| Output the certificate in human-readable format. If both this |
| option and the `-rfc' option are detected on the command line, the |
| tool will opt for the human-readable form and will not abort the |
| command. |
| |
| |
| |
| File: cp-tools.info, Node: Command -printcert, Prev: Command -list, Up: Display Commands |
| |
| 2.2.6.2 The `-printcert' command |
| ................................ |
| |
| Use this command to read a certificate from a designated input source |
| and print it to `STDOUT' in a human-readable form. |
| |
| `-file FILE' |
| For more details *note FILE: file. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Management Commands, Prev: Display Commands, Up: keytool Tool |
| |
| 2.2.7 Management commands |
| ------------------------- |
| |
| * Menu: |
| |
| * Command -keyclone:: Clone a Key Entry in a Key Store |
| * Command -storepasswd:: Change the password protecting a Key Store |
| * Command -keypasswd:: Change the password protecting a Key Entry |
| * Command -delete:: Remove an entry in a Key Store |
| |
| |
| File: cp-tools.info, Node: Command -keyclone, Next: Command -storepasswd, Prev: Management Commands, Up: Management Commands |
| |
| 2.2.7.1 The `-keyclone' command |
| ............................... |
| |
| Use this command to clone an existing Key Entry and store it under a |
| new (different) Alias protecting, its private key material with |
| possibly a new password. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-dest ALIAS' |
| Use this option to specify the new Alias which will be used to |
| identify the cloned copy of the Key Entry. |
| |
| `-keypass PASSWORD' |
| Use this option to specify the password which the tool will use to |
| unlock the Key Entry associated with the designated Alias. |
| |
| If this option is omitted, the tool will first attempt to unlock |
| the Key Entry using the same password protecting the key store. If |
| this fails, you will then be prompted to provide a password. |
| |
| `-new PASSWORD' |
| Use this option to specify the password protecting the private key |
| material of the newly cloned copy of the Key Entry. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -storepasswd, Next: Command -keypasswd, Prev: Command -keyclone, Up: Management Commands |
| |
| 2.2.7.2 The `-storepasswd' command |
| .................................. |
| |
| Use this command to change the password protecting a key store. |
| |
| `-new PASSWORD' |
| The new, and different, password which will be used to protect the |
| designated key store. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -keypasswd, Next: Command -delete, Prev: Command -storepasswd, Up: Management Commands |
| |
| 2.2.7.3 The `-keypasswd' command |
| ................................ |
| |
| Use this command to change the password protecting the private key |
| material of a designated Key Entry. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| Use this option to specify the password which the tool will use to |
| unlock the Key Entry associated with the designated Alias. |
| |
| If this option is omitted, the tool will first attempt to unlock |
| the Key Entry using the same password protecting the key store. If |
| this fails, you will then be prompted to provide a password. |
| |
| `-new PASSWORD' |
| The new, and different, password which will be used to protect the |
| private key material of the designated Key Entry. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Command -delete, Prev: Command -keypasswd, Up: Management Commands |
| |
| 2.2.7.4 The `-delete' command |
| ............................. |
| |
| Use this command to delete a designated key store entry. |
| |
| `-alias ALIAS' |
| For more details *note ALIAS: alias. |
| |
| `-storetype STORE_TYPE' |
| For more details *note STORE_TYPE: storetype. |
| |
| `-keystore URL' |
| For more details *note URL: keystore. |
| |
| `-storepass PASSWORD' |
| For more details *note PASSWORD: storepass. |
| |
| `-provider PROVIDER_CLASS_NAME' |
| For more details *note PROVIDER_CLASS_NAME: provider. |
| |
| `-v' |
| For more details *note verbose::. |
| |
| |
| |
| File: cp-tools.info, Node: Other Tools, Next: I18N Issues, Prev: Security Tools, Up: Top |
| |
| 3 Other Tools |
| ************* |
| |
| This is a list of currently undocumented classpath tools: jar, javah, |
| gcjh, native2ascii, orbd, serialver, rmid, rmiregistry and tnameserv. |
| |
| * Menu: |
| |
| * jar Tool:: Archive tool for Java archives |
| * javah Tool:: A java header compiler |
| * gcjh Tool:: A java header compiler (old version) |
| * native2ascii Tool:: An encoding converter |
| * orbd Tool:: An object request broker daemon |
| * serialver Tool:: A serial version command |
| * rmid Tool:: RMI activation daemon |
| * rmiregistry Tool:: Remote object registry |
| * tnameserv Tool:: Naming service |
| |
| |
| File: cp-tools.info, Node: jar Tool, Next: javah Tool, Up: Other Tools |
| |
| 3.1 The `jar' Tool |
| ================== |
| |
| `gjar' is an implementation of Sun's jar utility that comes with the |
| JDK. |
| |
| If any file is a directory then it is processed recursively. The |
| manifest file name and the archive file name needs to be specified in |
| the same order the `-m' and `-f' flags are specified. |
| |
| Operation mode: |
| |
| `-c' |
| Create new archive. |
| |
| `-t' |
| List table of contents for archive. |
| |
| `-x' |
| Extract named (or all) files from archive. |
| |
| `-u' |
| Update existing archive. |
| |
| `-i FILE' |
| Compute archive index. |
| |
| Operation modifiers: |
| |
| `-f FILE' |
| Specify archive file name. |
| |
| `-0' |
| Store only; use no ZIP compression. |
| |
| `-v' |
| Generate verbose output on standard output. |
| |
| `-M' |
| Do not create a manifest file for the entries. |
| |
| `-m MANIFEST' |
| Include manifest information from specified MANIFEST file. |
| |
| File name selection: |
| |
| `-C DIR FILE' |
| Change to the DIR and include the following FILE. |
| |
| `-@' |
| Read the names of the files to add to the archive from stdin. This |
| option is supported only in combination with `-c' or `-u'. Non |
| standard option added in the GCC version. |
| |
| Standard options: |
| |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| java(1), ... |
| |
| |
| File: cp-tools.info, Node: javah Tool, Next: gcjh Tool, Prev: jar Tool, Up: Other Tools |
| |
| 3.2 The `javah' Tool |
| ==================== |
| |
| The `gjavah' program is used to generate header files from class files. |
| It can generate both CNI and JNI header files, as well as stub |
| implementation files which can be used as a basis for implementing the |
| required native methods. |
| |
| `-d DIR' |
| Set output directory. |
| |
| `-o FILE' |
| Set output file (only one of `-d' or `-o' may be used). |
| |
| `-cmdfile FILE' |
| Read command file. |
| |
| `-all DIR' |
| Operate on all class files under directory DIR. |
| |
| `-stubs' |
| Emit stub implementation. |
| |
| `-jni' |
| Emit JNI stubs or header (default). |
| |
| `-cni' |
| Emit CNI stubs or header (default JNI). |
| |
| `-verbose' |
| Set verbose mode. |
| |
| `-force' |
| Output files should always be written. |
| |
| Class path options: |
| `-classpath PATH' |
| Set the class path. |
| |
| `-IDIR' |
| Add directory to class path. |
| |
| `-bootclasspath PATH' |
| Set the boot class path. |
| |
| `-extdirs PATH' |
| Set the extension directory path. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| javac(1), ... |
| |
| |
| File: cp-tools.info, Node: gcjh Tool, Next: native2ascii Tool, Prev: javah Tool, Up: Other Tools |
| |
| 3.3 The `gcjh' Tool |
| =================== |
| |
| The `gcjh' program is used to generate header files from class files. |
| It can generate both CNI and JNI header files, as well as stub |
| implementation files which can be used as a basis for implementing the |
| required native methods. It is similar to `javah' but has slightly |
| different command line options, and defaults to CNI. |
| |
| See `javah' for a full description; this page only lists the |
| additional options provided by `gcjh'. |
| |
| CNI text options |
| `-add TEXT' |
| Insert TEXT into class body. |
| |
| `-append TEXT' |
| Append TEXT after class declaration. |
| |
| `-friend TEXT' |
| Insert TEXT as a `friend' declaration. |
| |
| `-prepend TEXT' |
| Insert TEXT before start of class. |
| |
| Compatibility options (unused) |
| `-td DIR' |
| `-M' |
| `-MM' |
| `-MD' |
| `-MMD' |
| Unused compatibility option. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| javac(1), javah(1), ... |
| |
| |
| File: cp-tools.info, Node: native2ascii Tool, Next: orbd Tool, Prev: gcjh Tool, Up: Other Tools |
| |
| 3.4 The `native2ascii' Tool |
| =========================== |
| |
| To be written ... |
| |
| `-encoding NAME' |
| Set the encoding to use. |
| |
| `-reversed' |
| Convert from encoding to native. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| javac(1), ... |
| |
| |
| File: cp-tools.info, Node: orbd Tool, Next: serialver Tool, Prev: native2ascii Tool, Up: Other Tools |
| |
| 3.5 The `orbd' object request broker daemon |
| =========================================== |
| |
| To be written ... |
| |
| `-ORBInitialPort PORT' |
| Port on which persistent naming service is to be started. |
| |
| `-ior FILE' |
| File in which to store persistent naming service's IOR reference |
| |
| `-directory DIR' |
| Directory in which to store persistent data. |
| |
| `-restart' |
| Restart persistent naming service, clearing persistent naming |
| database. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| java(1), ... |
| |
| |
| File: cp-tools.info, Node: serialver Tool, Next: rmid Tool, Prev: orbd Tool, Up: Other Tools |
| |
| 3.6 The `serialver' version command |
| =================================== |
| |
| Print the serialVersionUID of the specified classes. |
| |
| `-classpath PATH' |
| Class path to use to find classes. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| javac(1), ... |
| |
| |
| File: cp-tools.info, Node: rmid Tool, Next: rmiregistry Tool, Prev: serialver Tool, Up: Other Tools |
| |
| 3.7 The `rmid' RMI activation system daemon |
| =========================================== |
| |
| `rmiregistry' starts a remote object registry on the current host. If |
| no port number is specified, then port 1099 is used. |
| |
| Activation process control: |
| `-port PORT' |
| Port on which activation system is to be started. |
| |
| `-restart' |
| Restart activation system, clearing persistent naming database, if |
| any. |
| |
| `-stop' |
| Stop activation system. |
| |
| Persistence: |
| `-persistent' |
| Make activation system persistent. |
| |
| `-directory DIR' |
| Directory in which to store persistent data. |
| |
| Debugging: |
| `-verbose' |
| Log binding events to standard out. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| java(1), ... |
| |
| |
| File: cp-tools.info, Node: rmiregistry Tool, Next: tnameserv Tool, Prev: rmid Tool, Up: Other Tools |
| |
| 3.8 The `rmiregistry' Tool |
| ========================== |
| |
| `grmiregistry' starts a remote object registry on the current host. If |
| no port number is specified, then port 1099 is used. |
| |
| Registry process control: |
| `-restart' |
| Restart RMI naming service, clearing persistent naming database, if |
| any. |
| |
| `-stop' |
| Stop RMI naming service. |
| |
| Persistence: |
| `-persistent' |
| Make RMI naming service persistent. |
| |
| `-directory DIR' |
| Directory in which to store persistent data. |
| |
| Debugging: |
| `-verbose' |
| Log binding events to standard out. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| java(1), ... |
| |
| |
| File: cp-tools.info, Node: tnameserv Tool, Prev: rmiregistry Tool, Up: Other Tools |
| |
| 3.9 The `tnameserv' Tool |
| ======================== |
| |
| To be written ... |
| |
| `-ORBInitialPort PORT' |
| Port on which naming service is to be started. |
| |
| `-ior FILE' |
| File in which to store naming service's IOR reference. |
| |
| Standard options: |
| `-help' |
| Print help text, then exit. |
| |
| `-version' |
| Print version number, then exit. |
| |
| `-JOPTION' |
| Pass argument to the Java runtime. |
| |
| java(1), ... |
| |
| |
| File: cp-tools.info, Node: I18N Issues, Prev: Other Tools, Up: Top |
| |
| 4 I18N Issues |
| ************* |
| |
| Some tools -*note Security Tools::- allow using other than the English |
| language when prompting the User for input, and outputing messages. |
| This chapter describes the elements used to offer this support and how |
| they can be adapted for use with specific languages. |
| |
| * Menu: |
| |
| * Language Resources:: Where resources are located |
| * Message Formats:: How messages are internationalized |
| |
| |
| File: cp-tools.info, Node: Language Resources, Next: Message Formats, Prev: I18N Issues, Up: I18N Issues |
| |
| 4.1 Language-specific resources |
| =============================== |
| |
| The Tools use Java `ResourceBundle's to store messages, and message |
| templates they use at runtime to generate the message text itself, |
| depending on the locale in use at the time. |
| |
| The Resource Bundles these tools use are essentially Java Properties |
| files consisting of a set of Name/Value pairs. The Name is the Propery |
| Name and the Value is a substitution string that is used when the code |
| references the associated Name. For example the following is a line in |
| a Resource Bundle used by the `keytool' Tool: |
| |
| Command.23=A correct key password MUST be provided |
| |
| When the tool needs to signal a mandatory but missing key password, |
| it would reference the property named `Command.23' and the message "`A |
| correct key password MUST be provided'" will be used instead. This |
| indirect referencing of "resources" permits replacing, as late as |
| possible, the English strings with strings in other languages, provided |
| of course Resource Bundles in those languages are provided. |
| |
| For the GNU Classpath Tools described in this Guide, the Resource |
| Bundles are files named `messages[_ll[_CC[_VV]]].properties' where: |
| |
| LL |
| Is the 2-letter code for the Language, |
| |
| CC |
| Is the 2-letter code for the Region, and |
| |
| VV |
| Is the 2-letter code for the Variant of the language. |
| |
| The complete list of language codes can be found at Code for the |
| representation of names of languages |
| (http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt). A similar |
| list for the region codes can be found at ISO 3166 Codes (Countries) |
| (http://userpage.chemie.fu-berlin.de/diverse/doc/ISO_3166.html). |
| |
| The location of the Resource Bundles for the GNU Classpath Tools is |
| specific to each tool. The next table shows where these files are found |
| in a standard GNU Classpath distribution: |
| |
| `jarsigner' |
| `gnu/classpath/tools/jarsigner' |
| |
| `keytool' |
| `gnu/classpath/tools/keytool' |
| |
| The collection of Resource Bundles in a location act as an inverted |
| tree with a parent-child relationship. For example suppose in the |
| `gnu/classpath/tools/keytool' there are 3 message bundles named: |
| |
| 1. `messages.properties' |
| |
| 2. `messages_fr.properties' |
| |
| 3. `messages_fr_FR.properties' |
| |
| In the above example, bundle #1 will act as the parent of bundle #2, |
| which in turn will act as the parent for bundle #3. This ordering is |
| used by the Java runtime to choose which file to load based on the set |
| Locale. For example if the Locale is `fr_CH', `messages_fr.properties' |
| will be used because (a) `messages_fr_CH.properties' does not exist, |
| but (b) `messages_fr.properties' is the parent for the required bundle, |
| and it exists. As another example, suppose the Locale was set to |
| `en_AU'; then the tool will end up using `messages.properties' because |
| (a) `messages_en_AU.properties' does not exist, (b) |
| `messages_en.properties' which is the parent for the required bundle |
| does not exist, but (c) `messages.properties' exists and is the root of |
| the hierarchy. |
| |
| You can see from the examples above that `messages.properties' is |
| the safety net that the Java runtime falls back to when failing to find |
| a specific bunlde and its parent(s). This file is always provided with |
| the Tool. In time, more localized versions will be included to cater |
| for other languages. |
| |
| In the meantime, if you are willing to contribute localized versions |
| of these resources, grab the `messages.properties' for a specific tool; |
| translate it; save it with the appropriate language and region suffix |
| and mail it to `classpath@gnu.org'. |
| |
| |
| File: cp-tools.info, Node: Message Formats, Prev: Language Resources, Up: I18N Issues |
| |
| 4.2 Message formats |
| =================== |
| |
| If you open any of the `messages.properties' described in the previous |
| section, you may see properties that look like so: |
| |
| Command.67=Issuer: {0} |
| Command.68=Serial number: {0,number} |
| Command.69=Valid from: {0,date,full} - {0,time,full} |
| Command.70=\ \ \ \ \ until: {0,date,full} - {0,time,full} |
| |
| These are Message Formats used by the tools to customize a text |
| string that will then be used either as a prompt for User input or as |
| output. |
| |
| If you are translating a `messages.properties' be careful not to |
| alter text between curly braces. |
| |
| |
| |
| Tag Table: |
| Node: Top432 |
| Node: Applet Tools3881 |
| Node: appletviewer Tool4454 |
| Node: gcjwebplugin7569 |
| Node: Security Tools7881 |
| Node: jarsigner Tool8534 |
| Node: Common jarsigner Options9581 |
| Node: Signing Options10896 |
| Node: Verification Options13478 |
| Node: keytool Tool14066 |
| Node: Getting Help18494 |
| Node: Common keytool Options19238 |
| Ref: alias19511 |
| Ref: keyalg19893 |
| Ref: keysize20123 |
| Ref: validity20388 |
| Ref: storetype20603 |
| Ref: storepass20934 |
| Ref: keystore21131 |
| Ref: provider21674 |
| Ref: file22081 |
| Ref: verbose22552 |
| Node: Distinguished Names22644 |
| Ref: dn22838 |
| Node: Add/Update Commands23901 |
| Node: Command -genkey24429 |
| Node: Command -import26837 |
| Node: Command -selfcert29981 |
| Node: Command -cacert32160 |
| Node: Command -identitydb33213 |
| Node: Export Commands33871 |
| Node: Command -certreq34187 |
| Node: Command -export36593 |
| Node: Display Commands37790 |
| Node: Command -list38122 |
| Node: Command -printcert39255 |
| Node: Management Commands39639 |
| Node: Command -keyclone40071 |
| Node: Command -storepasswd41474 |
| Node: Command -keypasswd42203 |
| Node: Command -delete43397 |
| Node: Other Tools44020 |
| Node: jar Tool44805 |
| Node: javah Tool46197 |
| Node: gcjh Tool47416 |
| Node: native2ascii Tool48529 |
| Node: orbd Tool48990 |
| Node: serialver Tool49720 |
| Node: rmid Tool50189 |
| Node: rmiregistry Tool51130 |
| Node: tnameserv Tool51970 |
| Node: I18N Issues52460 |
| Node: Language Resources52961 |
| Node: Message Formats56624 |
| |
| End Tag Table |