OSX
我在OSX上想到的解决方案如下
.mavenrc。它使用python脚本访问钥匙串中的密码,以打开客户端证书,然后生成一个随机密码和带有该随机密码的临时证书。
将其放入
~/.mavenrc并将您的客户端证书添加到OSX钥匙串中。确保并将其设置
MAVEN_CLIENT_CERT为您的客户证书的位置。
〜/ .mavenrc
export MAVEN_CLIENT_CERT=<PATH.TO.CLIENT.CERTIFICATE># Retrieve secret from keychainexport SECRET=$(python <<ENDfrom subprocess import Popen, PIPEimport re, sys, ospasslabel = os.environ.get("MAVEN_CLIENT_CERT", None)p = Popen(['security', 'find-generic-password', '-l',passlabel,'-g'], stdout=PIPE, stderr=PIPE, stdin=PIPE)sys.stdout.write(re.compile('password:\s"(.*)"').match(p.stderr.read()).group(1))sys.exit(0)END)TMPDIR=/tmpTMPTMPL=mvn-$(id -u)-XXXXXXXXXXPASSPHRASE=$(openssl rand -base64 32)export PASSPHRASE TMPDIRpemfile=$(mktemp $TMPDIR/$TMPTMPL)openssl pkcs12 -in $MAVEN_CLIENT_CERT -passin env:SECRET -out $pemfile -passout env:PASSPHRASEp12file=$(mktemp $TMPDIR/$TMPTMPL)openssl pkcs12 -export -in $pemfile -out $p12file -passin env:PASSPHRASE -passout env:PASSPHRASEsh -c "while kill -0 $$ 2>/dev/null; do sleep 1; done; rm -f $pemfile; rm -f $p12file;" &MAVEN_OPTS="$MAVEN_OPTS -Djavax.net.ssl.keyStore=$p12file -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=$PASSPHRASE"Linux
在Linux上,以下.mavenrc将与gnome密钥环配合使用(确保将cert密码添加到您的登录密钥环中,并设置id变量
KEYRING_ID):
〜/ .mavenrc
MAVEN_CLIENT_CERT=<PATH.TO.CLIENT.CERTIFICATE>export KEYRING_NAME="login"export KEYRING_ID=<KEYRING.ID># Try to get secret from the gnome keyring export SECRET=$(python <<ENDimport sys, os# Test for gtktry: import gtk #ensure that the application name is correctly set import gnomekeyring as gkexcept importError: gtk = Noneif gtk: id = os.environ.get("KEYRING_ID", None) name = os.environ.get("KEYRING_NAME", None) try: if id: info = gk.item_get_info_sync(name, int(id)) attr = gk.item_get_attributes_sync(name, int(id)) sys.stdout.write(str(info.get_secret())) else: params = {} types = {'secret': gk.ITEM_GENERIC_SECRET, 'network': gk.ITEM_NETWORK_PASSWORD, 'note': gk.ITEM_NOTE} eparams = os.environ.get("KEYRING_PARAMS", None) etype = os.environ.get("KEYRING_ITEMTYPE", None) if eparams and etype: list = eparams.split(',') for i in list: if i: k, v = i.split('=', 1) if v.isdigit(): params[k] = int(v) else: params[k] = v matches = gk.find_items_sync(types[etype], params) # Write 1st out and break out of loop. # TODO: Handle more then one secret. for match in matches: sys.stdout.write(str(match.secret)) break sys.exit(0) except gk.Error: passsys.exit(1)END)TMPDIR=/dev/shmTMPTMPL=mvn-$(id -u)-XXXXXXXXXXPASSPHRASE=$(openssl rand -base64 32)export PASSPHRASE TMPDIRpemfile=$(mktemp $TMPDIR/$TMPTMPL)openssl pkcs12 -in $MAVEN_CLIENT_CERT -passin env:SECRET -out $pemfile -passout env:PASSPHRASEp12file=$(mktemp $TMPDIR/$TMPTMPL)openssl pkcs12 -export -in $pemfile -out $p12file -passin env:PASSPHRASE -passout env:PASSPHRASEsh -c "while kill -0 $$ 2>/dev/null; do sleep 1; done; rm -f $pemfile; rm -f $p12file;" &MAVEN_OPTS="$MAVEN_OPTS -Djavax.net.ssl.keyStore=$p12file -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=$PASSPHRASE"
