Specifying a single ext doesn't work with version 1.6

Question

Specifying a single ext doesn't work with version 1.6

linbjo opened this issue 2 years ago · comments

Version 1.6 makes changes aimed at being able to set several ext entries. According to what I have been able to find on the related issues/pull requests the old behaviour (just <ext>) should have been preserved. However, it doesn't work when using version 1.6.

Using the following example POM.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <artifactId>keytool-test</artifactId>
  <groupId>test</groupId>
  <packaging>pom</packaging>
  <version>1-SNAPSHOT</version>

  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>keytool-maven-plugin</artifactId>
        <version>1.5</version>
        <executions>
          <execution>
            <id>generate-ca-keypair</id>
            <goals>
              <goal>generateKeyPair</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <alias>ca</alias>
              <dname>CN=Test CA, O=example.com, C=SE</dname>
              <ext>bc:c</ext>
              <keyalg>RSA</keyalg>
              <keypass>whatever</keypass>
              <keystore>${project.build.directory}/test_ca.keystore</keystore>
              <storepass>whatever</storepass>
            </configuration>
          </execution>
          <execution>
            <id>print-ca-cert</id>
            <goals>
              <goal>list</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <keystore>${project.build.directory}/test_ca.keystore</keystore>
              <storepass>whatever</storepass>
              <verbose>true</verbose>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

Output using version 1.5 of the plugin:

[INFO] --- keytool-maven-plugin:1.5:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.5:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 4f9db182
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:43:17 CEST 2022 until: Tue Aug 09 13:43:17 CEST 2022
[INFO] Certificate fingerprints:
[INFO]   MD5:  27:3E:9C:64:AB:CA:55:E9:B0:7B:5F:3A:B5:35:2F:67
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]   SHA1: 96:88:6F:F9:90:F4:CA:C8:24:06:32:40:0E:AF:59:0F:64:53:2D:C2
[INFO]   SHA256: 43:A8:2A:B0:D5:31:51:DE:87:FD:1A:A3:AC:07:81:C3:78:5E:D5:21:0F:FF:23:A4:71:15:8E:04:DB:1C:D4:0B
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.19 Criticality=true
[INFO] BasicConstraints:[
[INFO]   CA:true
[INFO]   PathLen:2147483647
[INFO] ]
[INFO]
[INFO] #2: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: D1 AA 42 7B 26 F4 FD 72   4A 59 41 3C 66 5A 10 31  ..B.&..rJYA<fZ.1
[INFO] 0010: 4A 33 49 02                                        J3I.
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************

But when upgrading to version 1.6 the CA extension is missing.

[INFO] --- keytool-maven-plugin:1.6:generateKeyPair (generate-ca-keypair) @ keytool-test ---
[WARNING]
[WARNING] Warning:
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO]
[INFO] --- keytool-maven-plugin:1.6:list (print-ca-cert) @ keytool-test ---
[INFO] cmd.exe /X /C "C:\dev\java\jdk1.8.0_191_x64\jre\..\bin\keytool.exe -list -v -keystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -storepass whatever"
[INFO] Keystore type: jks
[INFO] Keystore provider: SUN
[INFO]
[INFO] Your keystore contains 1 entry
[INFO]
[INFO] Alias name: ca
[INFO] Creation date: 2022-maj-11
[INFO] Entry type: PrivateKeyEntry
[INFO] Certificate chain length: 1
[INFO] Certificate[1]:
[INFO] Owner: CN=Test CA, O=example.com, C=SE
[INFO] Issuer: CN=Test CA, O=example.com, C=SE
[WARNING]
[INFO] Serial number: 77885dfe
[WARNING] Warning:
[INFO] Valid from: Wed May 11 13:31:41 CEST 2022 until: Tue Aug 09 13:31:41 CEST 2022
[WARNING] The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -destkeystore C:\dev\repos\git\temp\keytool-test\target\test_ca.keystore -deststoretype pkcs12".
[INFO] Certificate fingerprints:
[INFO]   MD5:  70:56:D2:BE:44:82:A0:57:5A:52:26:2E:DD:E4:D0:B8
[INFO]   SHA1: AB:30:64:8D:8C:C9:87:51:27:53:77:1D:29:03:F6:DD:FD:DE:AE:A8
[INFO]   SHA256: D1:BC:50:6F:1E:3E:F0:E9:66:4F:2B:22:48:1A:BD:E9:3A:18:A0:72:88:0F:D9:EC:8E:89:D8:44:00:CE:5B:74
[INFO] Signature algorithm name: SHA256withRSA
[INFO] Subject Public Key Algorithm: 2048-bit RSA key
[INFO] Version: 3
[INFO]
[INFO] Extensions:
[INFO]
[INFO] #1: ObjectId: 2.5.29.14 Criticality=false
[INFO] SubjectKeyIdentifier [
[INFO] KeyIdentifier [
[INFO] 0000: 30 17 0C ED EF BA 57 34   07 8B 5C 49 CA 59 B9 F2  0.....W4..\I.Y..
[INFO] 0010: 87 FA 7E 56                                        ...V
[INFO] ]
[INFO] ]
[INFO]
[INFO]
[INFO]
[INFO] *******************************************
[INFO] *******************************************

wothe · Answer 1 · Wed Mar 08 2023 19:27:31 GMT+0800 (China Standard Time)

Seems to be still not documented correctly or completely,

for a single ext the following works fine for me (it's a list of ext at java keytool, so new version of plugin expects exts around the all ext parameter):

bc:c

Best regards
JW