Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specifying a single ext doesn't work with version 1.6 #47

Open
linbjo opened this issue May 11, 2022 · 1 comment
Open

Specifying a single ext doesn't work with version 1.6 #47

linbjo opened this issue May 11, 2022 · 1 comment

Comments

@linbjo
Copy link

linbjo commented May 11, 2022

Version 1.6 makes changes aimed at being able to set several ext entries. According to what I have been able to find on the related issues/pull requests the old behaviour (just <ext>) should have been preserved. However, it doesn't work when using version 1.6.

Using the following example POM.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <artifactId>keytool-test</artifactId>
  <groupId>test</groupId>
  <packaging>pom</packaging>
  <version>1-SNAPSHOT</version>

  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>keytool-maven-plugin</artifactId>
        <version>1.5</version>
        <executions>
          <execution>
            <id>generate-ca-keypair</id>
            <goals>
              <goal>generateKeyPair</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <alias>ca</alias>
              <dname>CN=Test CA, O=example.com, C=SE</dname>
              <ext>bc:c</ext>
              <keyalg>RSA</keyalg>
              <keypass>whatever</keypass>
              <keystore>${project.build.directory}/test_ca.keystore</keystore>
              <storepass>whatever</storepass>
            </configuration>
          </execution>
          <execution>
            <id>print-ca-cert</id>
            <goals>
              <goal>list</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <keystore>${project.build.directory}/test_ca.keystore</keystore>
              <storepass>whatever</storepass>
              <verbose>true</verbose>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

Output using version 1.5 of the plugin:

[INFO] --- keytool-maven-plugin:1.5:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.5:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 4f9db182
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:43:17 CEST 2022 until: Tue Aug 09 13:43:17 CEST 2022
[INFO] Certificate fingerprints:
[INFO]   MD5:  27:3E:9C:64:AB:CA:55:E9:B0:7B:5F:3A:B5:35:2F:67
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]   SHA1: 96:88:6F:F9:90:F4:CA:C8:24:06:32:40:0E:AF:59:0F:64:53:2D:C2
[INFO]   SHA256: 43:A8:2A:B0:D5:31:51:DE:87:FD:1A:A3:AC:07:81:C3:78:5E:D5:21:0F:FF:23:A4:71:15:8E:04:DB:1C:D4:0B
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.19 Criticality=true
[INFO] BasicConstraints:[
[INFO]   CA:true
[INFO]   PathLen:2147483647
[INFO] ]
[INFO]
[INFO] #2: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: D1 AA 42 7B 26 F4 FD 72   4A 59 41 3C 66 5A 10 31  ..B.&..rJYA<fZ.1
[INFO] 0010: 4A 33 49 02                                        J3I.
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************

But when upgrading to version 1.6 the CA extension is missing.

[INFO] --- keytool-maven-plugin:1.6:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.6:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 77885dfe
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:31:41 CEST 2022 until: Tue Aug 09 13:31:41 CEST 2022
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO] Certificate fingerprints:
[INFO]   MD5:  70:56:D2:BE:44:82:A0:57:5A:52:26:2E:DD:E4:D0:B8
[INFO]   SHA1: AB:30:64:8D:8C:C9:87:51:27:53:77:1D:29:03:F6:DD:FD:DE:AE:A8
[INFO]   SHA256: D1:BC:50:6F:1E:3E:F0:E9:66:4F:2B:22:48:1A:BD:E9:3A:18:A0:72:88:0F:D9:EC:8E:89:D8:44:00:CE:5B:74
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: 30 17 0C ED EF BA 57 34   07 8B 5C 49 CA 59 B9 F2  0.....W4..\I.Y..
[INFO] 0010: 87 FA 7E 56                                        ...V
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************
@wothe
Copy link

wothe commented Mar 8, 2023

Seems to be still not documented correctly or completely,

for a single ext the following works fine for me (it's a list of ext at java keytool, so new version of plugin expects exts around the all ext parameter):

bc:c

Best regards
JW

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@linbjo @wothe