Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Lets the CLI read password values from standard input (or from an interactive console with no-echo) instead of taking them verbatim on the command line. Addresses #7 — a daemon feeding JSignPdf from stdin no longer has to expose keystore passwords via
/proc/<pid>/cmdlineor shell history.Opt in with the new
--enable-stdin-passwordsflag, then use-as the value of any of the six password options:-ksp--keystore-password-kp--key-password-opwd--owner-password-upwd--user-password-tscp--tsa-cert-password-tsp--tsa-passwordWhen multiple options use
-, stdin lines are consumed in a fixed canonical order (the order in the table above) regardless of the order the options appear on the CLI. Before each read, a progress line such as[jsignpdf] Reading password for --keystore-password (1/2) from stdin...is written to stderr so the operator can verify the order matches the pipe.-q/--quietsuppresses the progress line.When
System.console()is non-null (interactive terminal), the read switches toConsole.readPassword(...)for a prompted, no-echo input.Design
Full design notes:
design-doc/3.0.0-stdin-passwords.md.--enable-stdin-passwords.-(one hyphen). Any other value —-abc,abc-, empty, ... — is treated as a literal password exactly as today. Commons-CLI intercepts a bare--as its end-of-options marker, so that specific string cannot be used as a literal password via-ksp --; noted in the user guide.-is still accepted as a literal password value exactly as before. JSignPdf emits a one-time warning per affected option naming the flag ([jsignpdf] Warning: --keystore-password value is '-'. Did you mean to pass --enable-stdin-passwords to read it from stdin? Using '-' as the literal password.), suppressed by-q.setPasswordReader(StdinPasswordReader)/setWarningOut(PrintStream)onSignerOptionsFromCmdLine. Production default is aStdinPasswordReaderwired toSystem.in/System.console()/System.err.ParseExceptionthat names the option, handled by the existingparseCommandLineerror path inSigner.Examples
Piped daemon, keystore + TSA auth:
{ printf '%s\n' "$KS_PASSWORD"; printf '%s\n' "$TSA_PASSWORD"; } \ | java -jar JSignPdf.jar --enable-stdin-passwords \ -kst PKCS12 -ksf keystore.p12 -ksp - -ka mykey \ -ts https://tsa.example/ -tsu tsauser -tsp - \ -d out/ input.pdfInteractive:
Changes
StdinPasswordReader(jsignpdf/src/main/java/net/sf/jsignpdf/StdinPasswordReader.java): injectableBufferedReader/Console/PrintStream/ quiet flag,readNext(longName, index, total)emits the progress line and blocks on input.SignerOptionsFromCmdLine: registered the new flag, refactored the sixif (line.hasOption(ARG_…_PWD)) setXxx(...)blocks into a singleresolvePasswords(line)pass at the end ofloadCmdLine()that walks the options in canonical order, reads from stdin when the flag is set, warns and falls back to literal-otherwise.Constants: addedARG_ENABLE_STDIN_PWDS_LONGandSTDIN_PWD_SENTINEL.messages.properties: newhlp.enableStdinPasswords; appended the stdin suffix to the six password help strings. Other locales stay in sync via Weblate.website/docs/JSignPdf.adoc(the authoritative user guide); new bullet indistribution/doc/release-notes/3.0.0.md; new section inREADME.md.AGENTS.md: new "Key Documentation Artifacts" section that flagsJSignPdf.adocas the authoritative user guide that must stay feature-complete.Test plan
mvn testinjsignpdf/— 104/104 passing, including 8 unit tests inStdinPasswordReaderTestand 15 integration tests inSignerOptionsFromCmdLineTest.echo keystorepass | java -jar … --enable-stdin-passwords -lk -kst PKCS12 -ksf src/test/resources/test-keystore.p12 -ksp -successfully lists the keystore aliases after consuming the piped password.--enable-stdin-passwordsemits the one-shot warning naming--keystore-passwordand--enable-stdin-passwords, then falls back to using-as the literal password.-qsuppresses the warning.--helpoutput renders the new flag and the updated password help strings.cmd.exe/ PowerShell for line-ending handling — worth a quick sanity run before tagging Beta.Closes #7.