Re: [GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Attention: This is to notify the above Beneficiary that we have received a notification from Microsoft company to award you with the sum of $900,000.00 (Nine Hundred Thousand United State Dollars Only) from a random collection award compensation of the year 2018. Please confirm your address as stated above to enable us prepare your Visa Credit Card ATM Card containing your winning payment for delivery to you. We look forward to read from you and to re-confirm your address. Congratulation. OFFICE OF - [ATM-NYC] MISS. JANET WALTON On Sun, 7/15/18, asfgit wrote: Subject: [GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task To: dev@ant.apache.org Date: Sunday, July 15, 2018, 10:24 PM Github user asfgit closed the pull request at: https://github.com/apache/ant/pull/64 --- - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user asfgit closed the pull request at: https://github.com/apache/ant/pull/64 --- - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jnsnkrllive commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202364682
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
Hey @jaikiran, thanks for pointing that out. I agree, `useExtension` isn't
necessary right now since only 1 extension is being supported. I'll fix this
now.
This mechanism or something similar/better can be introduced when we add
support for another extension sometime in the future, when it's actually needed.
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jaikiran commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202287386
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
>> However, we won't ever append "-ext" without also appending a name too.
Currently the only way to append "-ext" is when useExtension is true, which
only happens if the sname attribute is included in the definition AND the java
version is 1.7 or higher.
Hi @jnsnkrllive, The reason I brought it up is because I see that the `san`
extension name gets added only if the `saname` is set to non-null. Whereas the
`ext` argument gets passed whether or not `saname` is null because the
`useExtension` gets set to `true` irrespective of whether or not the saname is
null (imagine someone calling setSaname with a null value). Perhaps, we don't
need "useExtension" field for now (until we introduce more supported extension
names)? That way you can add the "-ext -san=" if there's non-null
`saname` set?
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jnsnkrllive commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202096699
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
Good question. I did some testing and here's what I found:
keytool would fail if we pass "-ext" without a name.
`keytool -genkey -alias "keystorename" -keystore "keystorename" -storepass
"secret" -keypass "secret" -ext`
> Command option -ext needs an argument.
However, we won't ever append "-ext" without also appending a name too.
Currently the only way to append "-ext" is when useExtension is true, which
only happens if the sname attribute is included in the definition AND the java
version is 1.7 or higher.
keytool works fine if the saname attribute is not included in the
definition. "useExtension" would be false (because "setSaname" would never get
called) and it'd skip over the code block beginning on line 432.
However, keytool throws an exception if saname="" is used in the definition
`[genkey] keytool error: java.lang.Exception: Illegal item in san=`
This definition of the task doesn't meet the requirements specified by
keytool. Should ant handle this differently or defer to keytool for handing the
invalid use? It doesn't look like we are doing any special validation on the
other arguments (e.g. "sigalg" which is just a string in this Task but keytool
only accepts certain values for that string).
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jaikiran commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202054728
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
Should this be appended only if `saname` is not null? I haven't given it a
try but does the keytool work fine if we end up passing "-ext" without any
extension name value?
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
