Fetch Keychain credentials from Ant


It’s been sooo long since I’ve done any serious Java coding. I thought I would never be back in the doc pages for Ant and Ivy. Alas, here I am, revisiting topics of yesteryear. I was stubbing my toe this morning on our artifact repository which requires manual entry of LDAP credentials and it was hurting a lot! The problem is how our custom version of Ivy does multiple authentication retries when it gets an error which effectively locks you out of the system for 30 minutes the 1st time you enter your password incorrectly. This was as unacceptable as my tacky solution of storing my credentials in a plain-text file on my hard drive. I thought it was high time I did something about my pain.

I thought to myself, “Self…”, (I always refers to myself in the 2nd person speaking on behalf of an undefined third person but using a capital “Self” as the proper noun.) “how come every other application on your Mac is smart enough to use keychain whenever you need to lookup your LDAP credentials? Surely there has to be a modern solute for your problem these days.” A quick Bing search revealed a shell command that I could execute on the command line and output either my user name or my password. The commands were slightly different but sufficient for the Ant exec task after a little massaging. The hardest part was, as always, escaping the quotes and special characters in the command. Here’s my working target which accepts a domain parameter to authenticate against:

    <target name="keychain-credentials">
        <property name="domain" value="mydomain.com"/>
        <property name="uid.cmd">-c 'security find-internet-password -s ${domain} | grep acct | cut -d "\"" -f 4'</property>
        <property name="pwd.cmd"><![CDATA[-c 'security 2>&1 >/dev/null find-internet-password -gs ${domain} | cut -d "\"" -f 2']]></property>

        <exec executable="sh" osfamily="mac" outputproperty="uid" errorproperty="uid.error" failonerror="false" failifexecutionfails="false">
            <arg line="${uid.cmd}"/>
        </exec>
        <exec executable="sh" osfamily="mac" outputproperty="pwd" errorproperty="pwd.error" failonerror="false" failifexecutionfails="false">
            <arg line="${pwd.cmd}"/>
        </exec>
        <condition property="my.userid" value="${uid}">
            <not><equals arg1="${pwd}" arg2="password:" trim="true"/></not>
        </condition>
        <condition property="my.password" value="${pwd}">
            <not><equals arg1="${pwd}" arg2="password:" trim="true"/></not>
        </condition>
    </target>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 250 other followers

%d bloggers like this: