[JIRA] (JENKINS-59331) Empty 'Alias Variable' when using certificate binding

6 views
Skip to first unread message

kr@shaiton.org (JIRA)

unread,
Sep 12, 2019, 8:39:03 AM9/12/19
to jenkinsc...@googlegroups.com
Kevin Raymond created an issue
 
Jenkins / Task JENKINS-59331
Empty 'Alias Variable' when using certificate binding
Issue Type: Task Task
Assignee: Unassigned
Components: credentials-binding-plugin
Created: 2019-09-12 12:38
Priority: Minor Minor
Reporter: Kevin Raymond

plugin version 1.18

I am trying to use this certificate binding but in a simple job :
keystore variable: CERTSTORE
Alias Variable: MYKEY

step as a standard shell script:

keytool -list -v -keystore $CERTSTORE

echo $MYKEY

keytool -export -alias "$MYKEY" -keystore "$CERTSTORE" -rfc -file fit-kernel.cert

output us

+ keytool -list -v -keystore ****
Enter keystore password:  
*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 1
Creation date: Sep 12, 2019
Entry type: PrivateKeyEntry


*******************************************
*******************************************


+ echo

+ LANG=C
+ keytool -export -alias '' -keystore **** -rfc -file fit-kernel.cert
Enter keystore password:  
*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

keytool error: java.lang.Exception: Alias <> does not exist

"$MYKEY" should exists but is not defined as an environment variable, I can't access my certificate.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

Kalle.Niemitalo@procomp.fi (JIRA)

unread,
Nov 27, 2019, 11:46:02 AM11/27/19
to jenkinsc...@googlegroups.com
Kalle Niemitalo commented on Task JENKINS-59331
 
Re: Empty 'Alias Variable' when using certificate binding

I see a similar result with Jenkins ver. 2.190.3 and Credentials Binding Plugin 1.20. I defined a step like this in a declarative pipeline Jenkinsfile:

withCredentials([certificate(
        credentialsId: 'APK-signing',
        keystoreVariable: 'AndroidSigningKeyStore',
        passwordVariable: 'AndroidSigningStorePass',
        aliasVariable: 'AndroidSigningKeyAlias')]) {
    writeFile encoding: 'UTF-8', file: 'AndroidSigningKeyAlias.txt', text: env.AndroidSigningKeyAlias
    // actual signing not shown
}

and, what was written to AndroidSigningKeyAlias.txt was not the "keystore alias name" documented in https://jenkins.io/doc/pipeline/steps/credentials-binding/, but instead the description of the credential. The keystore alias name was actually the same as in the PKCS#12 file from which I had imported the credential to Jenkins.

I guess the original reporter had not added a description to the credential, and the alias variable was thus left empty.

Kalle.Niemitalo@procomp.fi (JIRA)

unread,
Nov 27, 2019, 11:52:03 AM11/27/19
to jenkinsc...@googlegroups.com
Kalle Niemitalo edited a comment on Task JENKINS-59331
I see a similar result with Jenkins ver. 2.190.3 and , Credentials Binding Plugin 1.20 , and Credentials Plugin 2 . 3.0.   I defined a step like this in a declarative pipeline Jenkinsfile:
{code :groovy }

withCredentials([certificate(
        credentialsId: 'APK-signing',
        keystoreVariable: 'AndroidSigningKeyStore',
        passwordVariable: 'AndroidSigningStorePass',
        aliasVariable: 'AndroidSigningKeyAlias')]) {
    writeFile encoding: 'UTF-8', file: 'AndroidSigningKeyAlias.txt', text: env.AndroidSigningKeyAlias
    // actual signing not shown
}
{code}
and, what was written to AndroidSigningKeyAlias.txt was not the "keystore alias name" documented in [https://jenkins.io/doc/pipeline/steps/credentials-binding/], but instead the description of the credential. The keystore alias name was actually the same as in the PKCS#12 file from which I had imported the credential to Jenkins.


I guess the original reporter had not added a description to the credential, and the alias variable was thus left empty.

Kalle.Niemitalo@procomp.fi (JIRA)

unread,
Nov 27, 2019, 11:52:05 AM11/27/19
to jenkinsc...@googlegroups.com
Kalle Niemitalo edited a comment on Task JENKINS-59331
I see a similar result with Jenkins ver. 2.190.3, Credentials Binding Plugin 1.20, and Credentials Plugin 2.3.0. I defined a step like this in a declarative pipeline Jenkinsfile:
{code}

withCredentials([certificate(
        credentialsId: 'APK-signing',
        keystoreVariable: 'AndroidSigningKeyStore',
        passwordVariable: 'AndroidSigningStorePass',
        aliasVariable: 'AndroidSigningKeyAlias')]) {
    writeFile encoding: 'UTF-8', file: 'AndroidSigningKeyAlias.txt', text: env.AndroidSigningKeyAlias
    // actual signing not shown
}
{code}
and, what was written to AndroidSigningKeyAlias.txt was not the "keystore alias name" documented in [https://jenkins.io/doc/pipeline/steps/credentials-binding/], but instead the description of the credential. The keystore alias name was actually the same as in the PKCS#12 file from which I had imported the credential to Jenkins.

[CertificateMultiBinding#bind|https://github.com/jenkinsci/credentials-binding-plugin/blob/dfb2c2d560dbb52a771d16e9490a6455d3174388/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/CertificateMultiBinding.java#L79-L80]:

{code:java}
  if(aliasVariable!=null && !aliasVariable.isEmpty())
   m.put(aliasVariable, credentials.getDescription());
{code}

I guess the original reporter had not added a description to the credential, and the alias variable was thus left empty.
Reply all
Reply to author
Forward
0 new messages