Dobry przyklad z Dependencies! Oraz obsluga kluczy SSL

SE/dev/php-cli/build.xml

@@ -11,8 +11,8 @@
     <property name="pointsTable" value="Rozdzielcza_test2_bzyk_punkty_adresowe" />
     <property name="origWaysTable" value="Rozdzielcza_test2_bzyk_drogi"/>
     
-    <property  name="username_p5_admin" value="a.binder"/>
-    <property  name="username_p5_admin_pass" value="set_as_param_-Dusername_p5_admin_pass=pass" />
+    <property  name="username" value="a.binder"/>
+    <property  name="pass" value="set_as_param_-Dpass=pass" />
     
     <property name="bypass_errors" value="1"/><!-- to continue transform even with errors -->
          <property name="build.log" value="build${plamy_prefix}.log"/>
@@ -49,7 +49,9 @@
     
     <property name="API_address" value="biuro.biall-net.pl"/>
     <property name="API_wfst_url" value="https://${API_address}/SE/version-git/wfs-data.php/default_db/"/>
-    <property name="cert.pem" value="cert.pem"/> <!-- api certificate -->
+        <property name="API_address_cert.txt" value="${API_address}_cert.txt"/>
+        <property name="API_address_cert.cert" value="${API_address}_cert.cert"/>
+        <property name="API_address_cert.installed" value="${API_address}_cert.installed"/>
     <property name="cacert_dir" value="${java.home}/lib/security/cacerts"/>
     <property name="mail_inform" value="a.binder@biall-net.pl"/> <!-- to inform about job complete -->
     <property name="gnutls-cli" value="/opt/local/bin/gnutls-cli"/>
@@ -559,56 +561,60 @@
         </exec>
     </target>
     
-    
-    <target name="import_ssl_certificates_to_system" description="niezbedne jest sciagniecie certyfikatow bo nie dzialaja przy requestach WFS">
-<!--        openssl s_client -showcerts -connect server.edu:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem
--->     
-        <!--openssl s_client -connect "biuro.biall-net.pl:443" -showcerts-->
+    <target name="import_ssl_certificates_to_system_check" description="Sprawdzenie czy nie zostal juz prawidlowo dodany do danego systemu certyfikat">
+        <echo>Sprawdzam czy nie ma certyfikatu - czy jest plik ${API_address_cert.installed} </echo>
         
-        <!--
-        1) Get the site's certificate
+        <exec command="keytool" output="${API_address_cert.installed}">
+            <arg value="-list"/>
+            <arg value="-keystore"/>
+            <arg value="${cacert_dir}"/>
+            <arg value="-storepass"/>
+            <arg value="${Password_for_cacerts}"/>
+            <arg value="-noprompt"/>
+        </exec>
+        <loadfile property="API_address_cert.installed_contents" srcfile="${API_address_cert.installed}" />
         
-        With IE, bring up the page with the URL,
-        Go to File->Properties.
-        Click on Certificates button on lower right.
-        Click on the details tab.
-        Click on copy to file.
-        Hit next through the dialog until you save it to a file (e.g
-        mycert.ce).
+        <condition  property="API_address_cert.installed_exists_ok"  taskname="import_ssl_certificates_to_system"  else="NotInstalled"  >
+            <!--<available file="${API_address_cert.installed}" filepath="."/>-->
+            <contains string="${API_address_cert.installed_contents}" substring="${API_address}"/>
+        </condition>
+        <echo message="API_address_cert.installed_exists_ok ${API_address_cert.installed_exists_ok}  .  "/>
+    </target>
+    
+    <target name="import_ssl_certificates_to_system" depends="import_ssl_certificates_to_system_check"  unless="${API_address_cert.installed_exists_ok}" description="niezbedne jest sciagniecie certyfikatow bo nie dzialaja przy requestach WFS">
+        <echo>  bedzie wgrany certyfikat do ${java.home}/ ant home: ${ant.home}  dokl do ${cacert_dir}  </echo>
+        <delete file="${API_address_cert.txt}"/>
+        <delete file="${API_address_cert.cert}"/>
+        <delete file="${API_address_cert.installed}"/>
         
-        2) Add it to the java certificate keystore
-        $ keytool -keystore <jdk home>/jre/lib/security/cacerts -import
-            -alias mycert -file ./mycert.ce-->
-        <echo >  bedzie wgrany certyfikat do ${java.home}/ ant home: ${ant.home}  dokl do ${cacert_dir}  </echo>
+        <echo  message="${java.home}">   $java.home  </echo>
+        <echo  message="${sun.boot.library.path}"> $sun.boot.library.path</echo>
+        <echo  message="${java.library.path}"> $java.library.path</echo>
+        <echo message="${java.security.policy}">java.security.policy</echo>
         
-        <!-- keytool -import -file selfsigned.pem -alias server -keystore server.jks -->
-        <!-- sudo rm -f cert.pem && sudo echo -n | openssl s_client -connect localhost:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./cert.pem -->
-        <delete file="${cert.pem}"/>
-        <exec output="${cert.pem}.txt"  executable="${gnutls-cli}" >
-            <arg line=" --print-cert ${API_address}:443 &lt; /dev/null "/>
+        <exec output="${API_address_cert.txt}"  executable="${gnutls-cli}" >
+            <arg line=" --print-cert ${API_address} &lt; /dev/null "/>
         </exec>
-        <exec  input="${cert.pem}.txt" output="${API_address}.cert" executable="openssl">
+        <exec  input="${API_address_cert.txt}" output="${API_address_cert.cert}" executable="openssl">
             <arg line="x509"/>
         </exec>
         <exec executable="keytool">
-            <arg line="-import -v -trustcacerts -alias ${API_address} -file ${API_address}.cert -keystore client.store -storepass ${Password_for_cacerts}"/>
-        </exec>
-        <exec executable="keytool">
-            <arg line="-import -v -trustcacerts  -file Letss_Encrypt_Authority_X3.cer -keystore client.store -storepass ${Password_for_cacerts}"/>
-        </exec>
-        <exec executable="keytool">
-            <arg line="-import -v -trustcacerts -file DST_Root_CA_X3.cer -keystore client.store -storepass ${Password_for_cacerts}"/>
+            <arg line="-import -v -trustcacerts -alias ${API_address} -file ${API_address}.cert -keystore ${cacert_dir} -storepass ${Password_for_cacerts} -noprompt"/>
         </exec>
         
+        <echoproperties destfile="${API_address_cert.installed}">
+            <propertyset><propertyref name="API_address"/></propertyset>
+        </echoproperties>
+        <!--<touch file="${API_address_cert.installed}"/>-->
+        <!--<echoproperties destfile="build.settings.xml"/>-->
     </target>
     
-    <target name="get_PE_fixings_from_db" description="sciagniecie zmian PE glownie usunietych aby wyliczyc ponownie kable do innych wezlow">
+    <target name="get_PE_fixings_from_db"   description="sciagniecie zmian PE glownie usunietych aby wyliczyc ponownie kable do innych wezlow" depends="import_ssl_certificates_to_system">
         <!--wget -\-http-user=$usr -\-password=$passwd  
             https://biuro.biall-net.pl/SE/version-git/api.php/xml/table/default_db/_S_ADDRESS_STREETS_distincts/items -\-no-check-certificate -O _S_ADDRESS_STREETS_distincts.xml ;-->
         <property name="WFS_VERSION" value="&amp;VERSION=1.0.0"/>
-        <property name="TYPENAME" value="&amp;TYPENAME=p5_default_db:Rozdzielcza_test_bzyk_PE"/>
-        <property name="username_p5_admin_pass" value="xxxxx"/>
-
+        <property name="TYPENAME" value="&amp;TYPENAME=p5_default_db:Rozdzielcza_test_bzyk_PE"/>  
+        <!--<property name="API_wfst_url2" value="https://onet.pl"/>-->
         <!--<property name="OGC_Filter"> 
             &amp;Filter=
             &lt;ogc:Filter&gt;
@@ -633,11 +639,16 @@
         
         <echo message="we get data from URL: ${URL_get_PE_fixings_from_db}"></echo>
         
+        <echoproperties destfile="${API_address_cert.installed}">
+            <propertyset><propertyref name="URL_get_PE_fixings_from_db"/></propertyset>
+        </echoproperties>
+        
         <get dest="${PE_fixings.xml}"  username="${username_p5_admin}" password="${username_p5_admin_pass}">
             <url  url="${URL_get_PE_fixings_from_db}"/>
-
         </get>
         
+        
+        
     </target>
    
     <!--<target name="1_install_mysql_functions">