You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2007/10/08 20:14:37 UTC
svn commit: r582921 - in /incubator/cxf/branches/2.0.x-fixes: ./
common/schemas/src/main/resources/schemas/configuration/
rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/
systests/src/test/java/org/apache/cxf/systest/http/ sys...
Author: dkulp
Date: Mon Oct 8 11:14:36 2007
New Revision: 582921
URL: http://svn.apache.org/viewvc?rev=582921&view=rev
Log:
Merged revisions 581347 via svnmerge from
https://svn.apache.org/repos/asf/incubator/cxf/trunk
........
r581347 | dkulp | 2007-10-02 14:55:16 -0400 (Tue, 02 Oct 2007) | 2 lines
[CXF-1085] TrustStores in PEM format - Patch from Fred Dushin applied.
........
Added:
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
- copied unchanged from r581347, incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
- copied unchanged from r581347, incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
- copied unchanged from r581347, incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
- copied unchanged from r581347, incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
Modified:
incubator/cxf/branches/2.0.x-fixes/ (props changed)
incubator/cxf/branches/2.0.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
incubator/cxf/branches/2.0.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
Propchange: incubator/cxf/branches/2.0.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: incubator/cxf/branches/2.0.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/branches/2.0.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=582921&r1=582920&r2=582921&view=diff
==============================================================================
--- incubator/cxf/branches/2.0.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd (original)
+++ incubator/cxf/branches/2.0.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd Mon Oct 8 11:14:36 2007
@@ -25,10 +25,10 @@
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:tns="http://cxf.apache.org/configuration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
jaxb:version="2.0">
<xs:import namespace="http://www.springframework.org/schema/beans"/>
@@ -116,6 +116,16 @@
</xs:complexType>
<xs:complexType name="KeyStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A KeyStoreType represents the information needed to load a collection
+ of key and certificate material from a desired location.
+ The "url", "file", and "resource" attributes are intended to be
+ mutually exclusive, though this assumption is not encoded in schema.
+ The precedence order observed by the runtime is
+ 1) "file", 2) "resource", and 3) "url".
+ </xs:documentation>
+ </xs:annotation>
<xs:attribute name="type" type="xs:string">
<xs:annotation>
<xs:documentation>
@@ -173,6 +183,49 @@
</xs:attribute>
</xs:complexType>
+ <xs:complexType name="CertStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A CertStoreType represents a catenated sequence of X.509 certificates,
+ in PEM or DER format.
+ The "url", "file", and "resource" attributes are intended to be
+ mutually exclusive, though this assumption is not encoded in schema.
+ The precedence order observed by the runtime is
+ 1) "file", 2) "resource", and 3) "url".
+ </xs:documentation>
+ </xs:annotation>
+ <xs:attribute name="file" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the File location of the certificate store.
+ This element should be a properly accessible file from the
+ working directory. Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="resource" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the Resource location of the certificate store.
+ This element should be a properly accessible on the classpath.
+ Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="url" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the URL location of the certificate store.
+ This element should be a properly accessible URL, such as
+ "http://..." "file:///...", etc. Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
<xs:complexType name="KeyManagersType">
<xs:annotation>
<xs:documentation>
@@ -183,37 +236,37 @@
<xs:sequence>
<xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element specified the Keystore for these JSSE KeyManagers.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element specified the Keystore for these JSSE KeyManagers.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:sequence>
<xs:attribute name="keyPassword" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the password that unlocks the keys
- within the keystore.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the password that unlocks the keys
+ within the keystore.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TrustManagersType">
@@ -223,31 +276,40 @@
a single Keystore used for trusted certificates.
</xs:documentation>
</xs:annotation>
- <xs:sequence>
- <xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyStore used as a trust store.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:choice>
+ <xs:element name="keyStore" type="tns:KeyStoreType"
+ minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyStore used as a trust
+ store.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="certStore" type="tns:CertStoreType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the CertStore used as a trust store.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:choice>
+ <xs:attribute name="provider" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="CipherSuites">
@@ -281,122 +343,122 @@
<xs:complexType name="TLSClientParametersType">
<xs:all>
<xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the TrustManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the TrustManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the the CipherSuites that will be supported.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the the CipherSuites that will be supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the filters of the supported CipherSuites
- that will be supported and used if available.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the filters of the supported CipherSuites
+ that will be supported and used if available.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="secureRandomParameters"
type="tns:SecureRandomParameters" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains SecureRandom specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains SecureRandom specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="jsseProvider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the JSSE provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the JSSE provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="secureSocketProtocol" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the Protocol Name. Most common
- example is "SSL", "TLS" or "TLSv1".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the Protocol Name. Most common
+ example is "SSL", "TLS" or "TLSv1".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TLSServerParametersType">
<xs:all>
<xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the TrustManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the TrustManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the the CipherSuites that will be supported.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the the CipherSuites that will be supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the filters of the supported CipherSuites
- that will be supported and used if available.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the filters of the supported CipherSuites
+ that will be supported and used if available.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="secureRandomParameters"
type="tns:SecureRandomParameters" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains SecureRandom specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains SecureRandom specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="clientAuthentication"
type="tns:ClientAuthentication" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains Client Authentication specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains Client Authentication specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="jsseProvider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the JSSE provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the JSSE provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="secureSocketProtocol" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the Protocol Name. Most common
- example is "SSL", "TLS" or "TLSv1".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the Protocol Name. Most common
+ example is "SSL", "TLS" or "TLSv1".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
</xs:schema>
Modified: incubator/cxf/branches/2.0.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/branches/2.0.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?rev=582921&r1=582920&r2=582921&view=diff
==============================================================================
--- incubator/cxf/branches/2.0.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java (original)
+++ incubator/cxf/branches/2.0.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java Mon Oct 8 11:14:36 2007
@@ -23,13 +23,21 @@
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import org.apache.cxf.configuration.security.CertStoreType;
import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.KeyStoreType;
import org.apache.cxf.configuration.security.SecureRandomParameters;
@@ -108,6 +116,65 @@
}
return keyStore;
}
+
+ /**
+ * This method converts a JAXB generated CertStoreType into a KeyStore.
+ */
+ public static KeyStore getKeyStore(final CertStoreType pst)
+ throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+
+ if (pst == null) {
+ return null;
+ }
+
+ if (pst.isSetFile()) {
+ return createTrustStore(new FileInputStream(pst.getFile()));
+ }
+ if (pst.isSetResource()) {
+ return createTrustStore(
+ pst.getClass().getClassLoader().getResourceAsStream(
+ pst.getResource()
+ )
+ );
+ }
+ if (pst.isSetUrl()) {
+ return createTrustStore(new URL(pst.getUrl()).openStream());
+ }
+ // TODO error?
+ return null;
+ }
+
+ /**
+ * Create a KeyStore containing the trusted CA certificates contained
+ * in the supplied input stream.
+ */
+ private static KeyStore createTrustStore(final java.io.InputStream is)
+ throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+
+ final Collection<? extends Certificate> certs = loadCertificates(is);
+ final KeyStore keyStore =
+ KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(null, null);
+ for (Certificate cert : certs) {
+ final X509Certificate xcert = (X509Certificate) cert;
+ keyStore.setCertificateEntry(
+ xcert.getSubjectX500Principal().getName(),
+ cert
+ );
+ }
+ return keyStore;
+ }
+
+ /**
+ * load the certificates as X.509 certificates
+ */
+ private static Collection<? extends Certificate>
+ loadCertificates(final java.io.InputStream is)
+ throws IOException, CertificateException {
+
+ final CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return factory.generateCertificates(is);
+ }
/**
* This method converts the JAXB KeyManagersType into a list of
@@ -145,23 +212,27 @@
* This method converts the JAXB KeyManagersType into a list of
* JSSE TrustManagers.
*/
- public static TrustManager[] getTrustManagers(TrustManagersType kmc)
+ public static TrustManager[] getTrustManagers(TrustManagersType tmc)
throws GeneralSecurityException,
IOException {
- KeyStore keyStore = getKeyStore(kmc.getKeyStore());
-
+ final KeyStore keyStore =
+ tmc.isSetKeyStore()
+ ? getKeyStore(tmc.getKeyStore())
+ : (tmc.isSetCertStore()
+ ? getKeyStore(tmc.getCertStore())
+ : (KeyStore) null);
if (keyStore == null) {
return null;
}
- String alg = kmc.isSetFactoryAlgorithm()
- ? kmc.getFactoryAlgorithm()
+ String alg = tmc.isSetFactoryAlgorithm()
+ ? tmc.getFactoryAlgorithm()
: KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac =
- kmc.isSetProvider()
- ? TrustManagerFactory.getInstance(alg, kmc.getProvider())
+ tmc.isSetProvider()
+ ? TrustManagerFactory.getInstance(alg, tmc.getProvider())
: TrustManagerFactory.getInstance(alg);
fac.init(keyStore);
Modified: incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=582921&r1=582920&r2=582921&view=diff
==============================================================================
--- incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java (original)
+++ incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java Mon Oct 8 11:14:36 2007
@@ -106,4 +106,10 @@
testSuccessfulCall("resources/jaxws-publish.xml",
"https://localhost:9001/SoapContext/HttpsPort");
}
+
+ @Test
+ public final void testPKCS12Endpoint() throws Exception {
+ testSuccessfulCall("resources/pkcs12.xml",
+ "https://localhost:9003/SoapContext/HttpsPort");
+ }
}
Modified: incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh?rev=582921&r1=582920&r2=582921&view=diff
==============================================================================
--- incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh (original)
+++ incubator/cxf/branches/2.0.x-fixes/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh Mon Oct 8 11:14:36 2007
@@ -25,6 +25,7 @@
# Start with a clean slate. Remove all keystores.
#
rm -f *.jks
+rm -f Truststore.pem
#
# This function generates a key/self-signed certificate with the following DN.
@@ -47,5 +48,6 @@
for name in Bethal Gordy Tarpin Poltim Morpit
do
genkey $name $name
+ keytool -export -keystore Truststore.jks -storepass password -alias $i -rfc >> Truststore.pem
done