Maven Jar Signer Plugin
  1. Maven Jar Signer Plugin
  2. MJARSIGNER-11

signing failure with keystore alias containing single-quote character

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      Mac OSX 10.5.8
      java version "1.6.0_22"
    • Number of attachments :
      0

      Description

      If a keystore is used with an alias that contains a single quote character, the maven-jarsigner-plugin fails to build a proper command line. This is because the alias field in the jarsigner argument contains a quote character that is not escaped. Alias names with a single quote are considered valid, therefore the maven-jarsigner-plugin isn't handling this input correctly.

      Plugin error message when alias with a single quote is encountered:

      [...SNIP]
      [WARNING] /bin/sh: -c: line 0: unexpected EOF while looking for matching `''
      [WARNING] /bin/sh: -c: line 1: syntax error: unexpected end of file
      [...SNIP...]
      [INFO] ------------------------------------------------------------------------
      [ERROR] BUILD ERROR
      [INFO] ------------------------------------------------------------------------
      [INFO] Failed executing '/bin/sh -c cd /Users/jason/Documents/dev/bitmenu/trunk/app/dlapplet && /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/jarsigner -verbose -tsa http://tsa.starfieldtech.com -keystore /Users/jason/Documents/bitmenu/certs/bitmenu-codesigning-comodo.p12 -storepass ''*****'' -storetype PKCS12 /Users/jason/Documents/dev/bitmenu/trunk/app/dlapplet/target/bitmenu-dlapplet-1.4.0-SNAPSHOT.jar 'bitmenu, inc.'s the usertrust network id'' - exitcode 2

      Note: PKCS12 files created with Comodo's code signing system may have aliases with a single quote like this.

      === possible workaround ===

      Export the cert and the key, then re-import them to a new pkcs12 file with a different alias.

      1. to reset the alias name in a pkcs12 file
        openssl pkcs12 -in myComodo.p12 -out myComodo-keys.pem -nodes -nocerts
        openssl pkcs12 -in myComodo.p12 -out myComodo-certs.pem -nodes -nokeys
        openssl pkcs12 -export -in myComodo-certs.pem -inkey myComodo-keys.pem -out myComodo-new.p12 -name "myalias"

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Jason Thrasher
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: