Summary
-------

The "keytool -printcert" command will use the security provider specified by the "-providername" option to parse a certificate if it cannot be parsed by the builtin providers of JDK.

Problem
-------

Sometimes a user wants to inspect the content of a certificate that is using an algorithm not supported by JDK's builtin providers. We should allow the user to choose another provider if available.

Solution
--------

Let "keytool -printcert" recognize the "-providername" option. Other provider-related options ("-addprovider", "-providerclass", and "-providerpath") will also be supported so the user can load providers dynamically from a jar or a module. These options are already supported by other keytool commands.

Specification
-------------

The difference of "keytool -help -printcert" will be

 keytool -printcert [OPTION]...
 

     Prints the content of a certificate
     
     Options:
     
      -rfc                        output in RFC style
      -file <file>                input file name
      -sslserver <server[:port]>  SSL server host and port
      -jarfile <file>             signed jar file
    + -providername <name>        provider name
    + -addprovider <name>         add security provider by name (e.g. SunPKCS11)
    +   [-providerarg <arg>]        configure argument for -addprovider
    + -providerclass <class>      add security provider by fully-qualified class name
    +   [-providerarg <arg>]        configure argument for -providerclass
    + -providerpath <list>        provider classpath
      -v                          verbose output
     
     Use "keytool -?, -h, or --help" for this help message