Rework plugin to use Keystore Java API

mojohaus / keytool

Apache License 2.0

16 stars 13 forks source link

Rework plugin to use Keystore Java API #14

Open mthmulders opened 4 years ago

mthmulders commented 4 years ago

When using the Keytool Maven Plugin, I noticed that it logs warnings for things that I would consider "informational".

For instance, if I ask the plugin to import a certificate into a keystore, the logs says

[WARNING] Certificate was added to keystore

I would expect the plugin to log that as informational message. It's not a problem or something that could turn into a problem. Following the idea that "a warning is an error in the making", I don't see why this message (and probably others) are logged as warning.

I am willing to provide a patch for this, if you agree that informational would be better suited.

bmarwell commented 2 years ago

@mthmulders yes, highly appreciated! CI is fixed again.

mthmulders commented 2 years ago

Hmm, it seems this is logged as a warning because the plugin delegates to the keytool program. The keytool program writes this informational message to standard error.

I have to say I find the use of stdout and stderr in keytool a bit strange:

The prompt "Enter keystore password: " goes to stderr
The error message "keytool error: java.io.IOException: keystore password was incorrect" goes to stdout

This makes it really hard to determine from the output stream if something is informational, or indeed an error. Not sure how to proceed here... Filing an issue against keytool might be a bit far-fetched?

bmarwell commented 2 years ago

Yes, but I guess we could now use the keytool API from the JDK instead of invoking an executable.

mthmulders commented 2 years ago

Yes, but I guess we could now use the keytool API from the JDK instead of invoking an executable.

Out of curiosity, was there something that prevented using KeyStore and friends? It has been there since Java 1.2, according to the Javadoc...

bmarwell commented 2 years ago

I have no idea :D But yes, that is exactly why there is no Tool API probably.

bmarwell commented 2 years ago

Tasks

[ ] drop module API for Java < 8
[ ] use Keystore API instead of external tool
[ ] then we only have one maven module left. Maybe contract it into a non-multimodule-project.
[ ] if so, rename to keytool-maven-plugin.

slachiewicz commented 2 years ago

Maybe stupid question - maybe someone already build plugin for that?

bmarwell commented 2 years ago

Quick Google search: nothing found. But good that you brought it up.

I can start a new branch this evening unless you want to.

slachiewicz commented 2 years ago

Feel free to continue, I'll dig deeper elsewhere :-))