Thank you Igor for your speedy replies.
Yes, that verson of exec worked fine. the only way around the
non-interactive nature of the ant build is to hardcode the password
(-storepass)and to always trust the certificate (-noprompt) as can be seen
from the signers build and the recievers (verifiers) build below.
This of course can only work as a demo or for testing as this method to
insure!
<target name="exportcert" depends ="genkey">
<exec dir="." executable="keytool">
<arg line="-export -keystore susanstore -alias
signFiles -file
SusanJ.cer -storepass ab987c" />
</exec>
<target name="mystore">
<exec dir="./keys" executable="keytool">
<arg line="-import -alias susan -noprompt -file SusanJ.cer
-keypass
hello123 -keystore mystore -storepass hello123" />
</exec>
</target>
kind regards,
Will.
-----Original Message-----
From: Igor A. Deruga [mailto:[EMAIL PROTECTED]
Sent: 16 November 2004 14:10
To: Ant Users List
Subject: Re: QUERY:Exporting a digital signature generated from genkey
Hi, Will!
1. As far as I know, "deprecated" means that the feature works fine in
current
version but it will be removed in future versions, so you better use an
alternative. Ant says that you should use the "executable" attribute instead
of "command":
<exec dir="." executable="keytool">
<arg line="-export -keystore susanstore -alias signFiles -file
SusanJ.cer"
/>
</exec>
This is written in Ant's Manual (you can find it in ant distribution. Try
browsing through "Overview of ant tasks" part).
Ok. So, I think that actually it DOES work but you better use "executable"
style rather than "command".
2. If your scripts or programs for creating those certificates are made to
be
interactive ONLY, then I think you can do nothing about it but use it by
hands. (It's a very strong and pessimistic statement, I hope there will be
other opinions). So, I think you should read help and try to find the keys
that will allow you to redefault answer to "Yes" rather than "No" and to
enter password in form: "keytool .... -p mypass".
Sorry if It wasn't a real helping hand, but that's all I know about it...
Feel
free to ask if you need anything else!
Sincerely
Igor
On Tuesday 16 November 2004 12:00, William Fitzgerald wrote:
> Yes I have tried this (task exec) but unfortunatly I still run into
> problems
>
> :(
>
> to create a certificate for Susan, i do the following:
>
> PROBLEM 1:
> <exec dir="." command ="keytool -export -keystore susanstore -alias
> signFiles -file SusanJ.cer"></exec>
>
> but this is deprecated and I can't seem to work it for the executable
> command!!!
>
> [exec] The command attribute is deprecated. Please use the executable
> attribute and nested arg elements.
> [exec] Enter keystore password:
> [exec] ***************** WARNING WARNING WARNING *****************
> [exec] * The integrity of the information stored in your keystore *
> [exec] * has NOT been verified! In order to verify its integrity, *
> [exec] * you must provide your keystore password. *
> [exec] ***************** WARNING WARNING WARNING *****************
> [exec] Certificate stored in file <SusanJ.cer>
>
> Also note that it asks for a password but the build never stops to allow
me
> to enter one. It still creates a certificate though so I guess its not a
> huge problem.
>
> PROBLEM 2:
> now I want a build file to take susans certificate, add it to mystore and
> then compare it to the signed jar etc.
>
> <?xml version="1.0"?>
> <project name ="digiver" default ="mystore">
> <target name="mystore">
> <exec dir="./keys" command="keytool -import -alias susan -file
> SusanJ.cer -keypass hello123 -keystore mystore -storepass hello123">
> </exec>
> </target>
> </project>
>
> I again cannot say wheather I trust the certiciate I am adding to the
> store!!!!!!!!!!!! This is because the build keeps running and does not
stop
> to allow me to say trust this cert. I also had a password (storepass)
> problem but got around it by adding it to the build command, again a bad
> idea!
>
> mystore:
> [exec] The command attribute is deprecated. Please use the executable
> attribute and nested arg elements.
> [exec] Owner: CN=tssg, OU=wit, O=research, C=ire
> [exec] Issuer: CN=tssg, OU=wit, O=research, C=ire
> [exec] Serial number: 4198bd59
> [exec] Valid from: Mon Nov 15 14:29:45 GMT 2004 until: Sun Feb 13
> 14:29:45 GMT 2005
> [exec] Certificate fingerprints:
> [exec] MD5: 96:E1:3E:09:07:D4:5C:EE:D6:02:B9:E0:AA:25:0A:9E
> [exec] SHA1:
> 68:D3:7D:D5:7D:81:07:5C:CD:A9:90:24:EF:E4:B9:4B:C9:21:E9:BE
> [exec] keytool error: java.lang.NullPointerException
> [exec] Trust this certificate? [no]:
> [exec] Result: 1
> BUILD SUCCESSFUL
>
>
> any ideas and points of direction are hugely welcomed,
> regards,
> Will.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
