如何从 jenkins 插件取回 android 签名证书
How to get android signing certificate back from jenkins plugin
我有 android 应用程序的詹金斯项目。使用 jenkins 插件进行 Apk 签名(见下图):
jenkins sertificate settings
如何从 jenkins 取回我的 .p12 证书文件?
首先,确定正确的 Jenkins 主目录。前往 "Manage Jenkins",然后前往 "System Information"。查找 JENKINS_HOME.
的值
接下来,通过 SSH 登录 Jenkins 并转到该目录。名为 credentials.xml 的文件将包含您的秘密。
找到您证书的 ID(例如在 URL 中):
最后,启动 Jenkins 实例的脚本控制台(可在 /script URL 或通过 "Manage Jenkins" -> "Script Console" 获得)并执行此脚本:
import com.cloudbees.plugins.credentials.*
import hudson.security.*
import java.security.*
import javax.xml.bind.DatatypeConverter
def creds = CredentialsMatchers
.firstOrNull(
CredentialsProvider
.lookupCredentials(
Credentials.class,
Jenkins.getActiveInstance(),
ACL.SYSTEM,
Collections.emptyList()
),
CredentialsMatchers.withId("9X9X99XX-XX9X-9X99-9X9X-9X9X9999XXX9")
)
// This will print a decrypted password
def password = creds.password
println password
// This will print all the available aliases
creds.keyStore.aliases().each { println it }
// Imagine, the alias you need is myapp.
// Get JVM representation of you certificate and key
def cert = creds.keyStore.getEntry("myapp", new KeyStore.PasswordProtection(password.toCharArray())).certificate
def privKey = creds.keyStore.getEntry("myapp", new KeyStore.PasswordProtection(password.toCharArray())).privateKey
// Format certificate and key
certpem = "-----BEGIN CERTIFICATE-----\n" +
DatatypeConverter.printBase64Binary(cert.encoded) +
"\n-----END CERTIFICATE-----\n";
keypem = "-----BEGIN RSA PRIVATE KEY-----\n" +
DatatypeConverter.printBase64Binary(privKey.encoded) +
"\n-----END RSA PRIVATE KEY-----\n";
// Print them
println certpem
println keypem
顺便说一句,您可以在 Jenins 主页的 credentials.xml 中通过 ID 找到您的编码凭据。它应该看起来像:
<com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl>
<scope>GLOBAL</scope>
<id>9X9X99XX-XX9X-9X99-9X9X-9X9X9999XXX9</id>
<description>App signing certificate</description>
<keyStoreSource class="com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource">
<uploadedKeystoreBytes>{ENCRYPTED_CERTIFICATE}</uploadedKeystoreBytes>
</keyStoreSource>
<password>{ENCRYPTED_PASSWORD}</password>
</com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl>
我有 android 应用程序的詹金斯项目。使用 jenkins 插件进行 Apk 签名(见下图):
jenkins sertificate settings
如何从 jenkins 取回我的 .p12 证书文件?
首先,确定正确的 Jenkins 主目录。前往 "Manage Jenkins",然后前往 "System Information"。查找 JENKINS_HOME.
接下来,通过 SSH 登录 Jenkins 并转到该目录。名为 credentials.xml 的文件将包含您的秘密。
找到您证书的 ID(例如在 URL 中):
最后,启动 Jenkins 实例的脚本控制台(可在 /script URL 或通过 "Manage Jenkins" -> "Script Console" 获得)并执行此脚本:
import com.cloudbees.plugins.credentials.*
import hudson.security.*
import java.security.*
import javax.xml.bind.DatatypeConverter
def creds = CredentialsMatchers
.firstOrNull(
CredentialsProvider
.lookupCredentials(
Credentials.class,
Jenkins.getActiveInstance(),
ACL.SYSTEM,
Collections.emptyList()
),
CredentialsMatchers.withId("9X9X99XX-XX9X-9X99-9X9X-9X9X9999XXX9")
)
// This will print a decrypted password
def password = creds.password
println password
// This will print all the available aliases
creds.keyStore.aliases().each { println it }
// Imagine, the alias you need is myapp.
// Get JVM representation of you certificate and key
def cert = creds.keyStore.getEntry("myapp", new KeyStore.PasswordProtection(password.toCharArray())).certificate
def privKey = creds.keyStore.getEntry("myapp", new KeyStore.PasswordProtection(password.toCharArray())).privateKey
// Format certificate and key
certpem = "-----BEGIN CERTIFICATE-----\n" +
DatatypeConverter.printBase64Binary(cert.encoded) +
"\n-----END CERTIFICATE-----\n";
keypem = "-----BEGIN RSA PRIVATE KEY-----\n" +
DatatypeConverter.printBase64Binary(privKey.encoded) +
"\n-----END RSA PRIVATE KEY-----\n";
// Print them
println certpem
println keypem
顺便说一句,您可以在 Jenins 主页的 credentials.xml 中通过 ID 找到您的编码凭据。它应该看起来像:
<com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl>
<scope>GLOBAL</scope>
<id>9X9X99XX-XX9X-9X99-9X9X-9X9X9999XXX9</id>
<description>App signing certificate</description>
<keyStoreSource class="com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$UploadedKeyStoreSource">
<uploadedKeystoreBytes>{ENCRYPTED_CERTIFICATE}</uploadedKeystoreBytes>
</keyStoreSource>
<password>{ENCRYPTED_PASSWORD}</password>
</com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl>