keytool:importCertificate not suitable for several certificates

[hiranchaudhuri1]

I need to import several certificates into a truststore, which is the same file format as a keystore. This can be easily accomplished by running the importCertificate goal in several executions. If Mavin is not always started with the clean option, the keystore will still exist from the previous run, and inside there still are all the certificates. In this case the build will always fail as the certificate's alias is already in use.

To run the build successfully, I could use these options:
skip - will skip the entire plugin. I cannot modify the pom.xml just because the build is rerun
skipIfExist - will skip if the keystore already exists. This option could work if I had only one certificate. If set on the second execution that cert will never get imported

Therefore I suggest to either extend or modify the behaviour:

• importCertificate could import regardless whether that alias exists - it would overwrite existing entries
• importCertificte could skip the import in case the alias exists without breaking the build

[bmarwell]

Big +1

We should overthink the API with version 3.0

[hiranchaudhuri1]

On top of basic operations like create keystore, import certificate and the such it might be nice to have one that allows importing all certificates from one directory. That way developers can easily maintain the truststore's content in version control while at compile-time they get all copied into one truststore file that can be bundled into the application.

[bmarwell]

I started a branch to convert this repo into a single plugin (as native invocations are not necessary anymore). Sadly I never finished it.

https://github.com/mojohaus/keytool/tree/%2314_3.x-draft

[hiranchaudhuri1]

So what is the current state on the branch?

As I needed to move on in the meantime I created a small java bean that allows managing a keystore. It can be driven via a CLI.
The CLI was not good enough so I added an Ant task. This still was not enough so I added a maven plugin.

I'd be willing to contribute that code but so far it is independent development so won't merge nicely. And then I'd prefer to see such functionality in the 'official' plugin.

[wherka-ama]

@bmarwell : Hello Benjamin, I hope you're well :-)

I'm representing the OSPO of the Amadeus.

As Hiran mentioned above we are intending to contribute to this component as we believe we should share it with anyone and not just keep it internal. We believe in the value of the Open Source and we encourage our engineers to share the fruits of their work with various communities they are interacting with. I believe that is a win/win situation.

In that light I would like to ask you if you are considering the above proposal or you'd rather not take this approach. Either way is fine with us. We can work with you on integrating the improvements in the keytool or we can release it as an independent plugin. Either way the community wins. The only concern is the extra dependency of the end users.

Please do let us know what's your view. We can also arrange the call/chat to discuss it further if required.

Thanks a lot for your effort and generosity. Sharing the keytool with everyone is very much appreciated by many people!

Cheers,
Waldek