modules/jretools/src/main/java/org/apache/harmony/jretools/keytool/CertImporter.java [278:329]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    private static void importCertChain(KeytoolParameters param,
            Collection<X509Certificate> newCerts)
            throws NoSuchAlgorithmException, KeytoolException,
            KeyStoreException, IOException, UnrecoverableKeyException,
            NoSuchProviderException, CertificateException {

        String alias = param.getAlias();
        KeyStore keyStore = param.getKeyStore();
        // get the public key of the certificate, associated with alias,
        // to import reply to.
        PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
        // order the certificate chain
        X509Certificate[] orderedChain = CertChainVerifier.orderChain(newCerts,
                publicKey);
        // get the top-level certificate in the chain
        X509Certificate lastInChain = orderedChain[orderedChain.length - 1];

        // should the chain be added to the keystore or not
        boolean needAddChain;
        // try to build a chain of trust beginning with the top certificate
        needAddChain = CertChainVerifier.isTrusted(param, lastInChain);

        if (!needAddChain) {
            // If couldn't build full cert path for some reason,
            // ask user if the certificate should be trusted.
            System.out.println("Top-level certificate in the reply chain:\n");
            String mdProvider = (param.getMdProvider() != null) ? param
                    .getMdProvider() : param.getProvider();
            KeyStoreCertPrinter.printX509CertDetailed(lastInChain, mdProvider);
            needAddChain = ArgumentsParser
                    .getConfirmation(
                            "... is not trusted.\n"
                                    + "Do you still want to install the reply? [no]:  ",
                            false);

            if (!needAddChain) {
                System.out.println("The certificate reply is " + "not "
                        + "installed into the keystore.");
                return;
            }
        }

        // replacing old certificate chain with the new one
        char[] keyPassword = param.getKeyPass();
        PrivateKey privateKey = (PrivateKey) keyStore
                .getKey(alias, keyPassword);
        keyStore.deleteEntry(alias);
        keyStore.setKeyEntry(alias, privateKey, keyPassword, orderedChain);
        param.setNeedSaveKS(true);
        System.out.println("The certificate reply is " + "successfully "
                + "installed into the keystore.");
    }
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



modules/jdktools/src/main/java/org/apache/harmony/tools/keytool/CertImporter.java [278:329]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    private static void importCertChain(KeytoolParameters param,
            Collection<X509Certificate> newCerts)
            throws NoSuchAlgorithmException, KeytoolException,
            KeyStoreException, IOException, UnrecoverableKeyException,
            NoSuchProviderException, CertificateException {

        String alias = param.getAlias();
        KeyStore keyStore = param.getKeyStore();
        // get the public key of the certificate, associated with alias,
        // to import reply to.
        PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
        // order the certificate chain
        X509Certificate[] orderedChain = CertChainVerifier.orderChain(newCerts,
                publicKey);
        // get the top-level certificate in the chain
        X509Certificate lastInChain = orderedChain[orderedChain.length - 1];

        // should the chain be added to the keystore or not
        boolean needAddChain;
        // try to build a chain of trust beginning with the top certificate
        needAddChain = CertChainVerifier.isTrusted(param, lastInChain);

        if (!needAddChain) {
            // If couldn't build full cert path for some reason,
            // ask user if the certificate should be trusted.
            System.out.println("Top-level certificate in the reply chain:\n");
            String mdProvider = (param.getMdProvider() != null) ? param
                    .getMdProvider() : param.getProvider();
            KeyStoreCertPrinter.printX509CertDetailed(lastInChain, mdProvider);
            needAddChain = ArgumentsParser
                    .getConfirmation(
                            "... is not trusted.\n"
                                    + "Do you still want to install the reply? [no]:  ",
                            false);

            if (!needAddChain) {
                System.out.println("The certificate reply is " + "not "
                        + "installed into the keystore.");
                return;
            }
        }

        // replacing old certificate chain with the new one
        char[] keyPassword = param.getKeyPass();
        PrivateKey privateKey = (PrivateKey) keyStore
                .getKey(alias, keyPassword);
        keyStore.deleteEntry(alias);
        keyStore.setKeyEntry(alias, privateKey, keyPassword, orderedChain);
        param.setNeedSaveKS(true);
        System.out.println("The certificate reply is " + "successfully "
                + "installed into the keystore.");
    }
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -