Specifying a single ext doesn't work with version 1.6
linbjo opened this issue · comments
Björn Lindgren commented
Version 1.6 makes changes aimed at being able to set several ext entries. According to what I have been able to find on the related issues/pull requests the old behaviour (just <ext>) should have been preserved. However, it doesn't work when using version 1.6.
Using the following example POM.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>keytool-test</artifactId>
<groupId>test</groupId>
<packaging>pom</packaging>
<version>1-SNAPSHOT</version>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>generate-ca-keypair</id>
<goals>
<goal>generateKeyPair</goal>
</goals>
<phase>generate-resources</phase>
<configuration>
<alias>ca</alias>
<dname>CN=Test CA, O=example.com, C=SE</dname>
<ext>bc:c</ext>
<keyalg>RSA</keyalg>
<keypass>whatever</keypass>
<keystore>${project.build.directory}/test_ca.keystore</keystore>
<storepass>whatever</storepass>
</configuration>
</execution>
<execution>
<id>print-ca-cert</id>
<goals>
<goal>list</goal>
</goals>
<phase>generate-resources</phase>
<configuration>
<keystore>${project.build.directory}/test_ca.keystore</keystore>
<storepass>whatever</storepass>
<verbose>true</verbose>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Output using version 1.5 of the plugin:
[INFO] --- keytool-maven-plugin:1.5:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.5:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 4f9db182
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:43:17 CEST 2022 until: Tue Aug 09 13:43:17 CEST 2022
[INFO] Certificate fingerprints:
[INFO] MD5: 27:3E:9C:64:AB:CA:55:E9:B0:7B:5F:3A:B5:35:2F:67
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO] SHA1: 96:88:6F:F9:90:F4:CA:C8:24:06:32:40:0E:AF:59:0F:64:53:2D:C2
[INFO] SHA256: 43:A8:2A:B0:D5:31:51:DE:87:FD:1A:A3:AC:07:81:C3:78:5E:D5:21:0F:FF:23:A4:71:15:8E:04:DB:1C:D4:0B
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.19 Criticality=true
[INFO] BasicConstraints:[
[INFO] CA:true
[INFO] PathLen:2147483647
[INFO] ]
[INFO]
[INFO] #2: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: D1 AA 42 7B 26 F4 FD 72 4A 59 41 3C 66 5A 10 31 ..B.&..rJYA<fZ.1
[INFO] 0010: 4A 33 49 02 J3I.
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************
But when upgrading to version 1.6 the CA extension is missing.
[INFO] --- keytool-maven-plugin:1.6:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.6:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 77885dfe
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:31:41 CEST 2022 until: Tue Aug 09 13:31:41 CEST 2022
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO] Certificate fingerprints:
[INFO] MD5: 70:56:D2:BE:44:82:A0:57:5A:52:26:2E:DD:E4:D0:B8
[INFO] SHA1: AB:30:64:8D:8C:C9:87:51:27:53:77:1D:29:03:F6:DD:FD:DE:AE:A8
[INFO] SHA256: D1:BC:50:6F:1E:3E:F0:E9:66:4F:2B:22:48:1A:BD:E9:3A:18:A0:72:88:0F:D9:EC:8E:89:D8:44:00:CE:5B:74
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: 30 17 0C ED EF BA 57 34 07 8B 5C 49 CA 59 B9 F2 0.....W4..\I.Y..
[INFO] 0010: 87 FA 7E 56 ...V
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************
wothe commented
Seems to be still not documented correctly or completely,
for a single ext the following works fine for me (it's a list of ext at java keytool, so new version of plugin expects exts around the all ext parameter):
bc:c
Best regards
JW