<!--

    Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->

<!--
 Security tests - common targets used across all the appserver editions.
author: jagadesh munta
-->
<!-- WSS related targets -->

<target name="create-server-message-security-provider" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="create-message-security-provider"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--classname com.sun.xml.wss.provider.ServerSecurityAuthModule"/>
      <arg line="--requestauthsource ${wss.request.auth.source}"/>
      <arg line="--isdefaultprovider"/>
      <arg line="--providertype ${wss.server.provider.type}"/>
      <arg line="--property security.config=${admin.domain.dir}/${admin.domain}/config/wss-server-config-2.0.xml"/>
      <arg line="${wss.server.provider.name}"/>
   </exec>
</target>

<target name="create-client-message-security-provider" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="create-message-security-provider"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--classname com.sun.xml.wss.provider.ClientSecurityAuthModule"/>
      <arg line="--requestauthsource ${wss.request.auth.source}"/>
      <arg line="--responseauthsource ${wss.response.auth.source}"/>
      <arg line="--isdefaultprovider"/>
      <arg line="--providertype ${wss.client.provider.type}"/>
      <arg line="--property security.config=${admin.domain.dir}/${admin.domain}/config/wss-client-config-2.0.xml"/>
      <arg line="${wss.client.provider.name}"/>
   </exec>
</target>

<target name="create-message-security-provider">
    <antcall target="create-server-message-security-provider"/>
    <antcall target="create-client-message-security-provider"/>

</target>

<target name="enable-wss-message-security-provider" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.default_provider=${wss.server.provider.name}"/>
   </exec>
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.default_client_provider=${wss.client.provider.name}"/>
   </exec>
</target>

<target name="disable-wss-message-security-provider" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.default_provider="/>
   </exec>
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.default_client_provider="/>
   </exec>
</target>


<target name="delete-message-security-provider">
    <antcall target="delete-message-security-provider-common">
        <param name="wss.provider.name" value="${wss.server.provider.name}"/>
    </antcall>
    <antcall target="delete-message-security-provider-common">
        <param name="wss.provider.name" value="${wss.client.provider.name}"/>
    </antcall>

</target>

<target name="delete-message-security-provider-common" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="delete-message-security-provider"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--layer SOAP"/>
      <arg line="${wss.provider.name}"/>
   </exec>
</target>

<target name="set-wss-provider-request-auth-source" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.request-policy.auth_source=${request.auth.source}"/>
   </exec>
</target>

<target name="set-wss-provider-request-auth-recipient" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.request-policy.auth_recipient=${request.auth.recipient}"/>
   </exec>
</target>

<target name="set-wss-provider-response-auth-source" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.response-policy.auth_source=${response.auth.source}"/>
   </exec>
</target>

<target name="set-wss-provider-response-auth-recipient" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.response-policy.auth_recipient=${response.auth.recipient}"/>
   </exec>
</target>

<target name="set-wss-provider-security-config" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="set"/>
      <arg line="${as.props}"/>
      <arg line="${appserver.instance.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.security_config=${security.config.file}"/>
   </exec>
</target>


<!-- Configure NSS for IIOP -->
<target name="config-nss-iiop" depends="init-common">
    <antcall target="set-jvm-option">
       <param name="jvm.option" value="-DNSS_USE_FOR_IIOP=true"/>
    </antcall>
</target>

<!-- Remove NSS config for IIOP -->
<target name="remove-nss-iiop" depends="init-common">
    <antcall target="unset-jvm-option">
       <param name="jvm.option" value="-DNSS_USE_FOR_IIOP=true"/>
    </antcall>
</target>

<!-- Get certificate from NSS db to JKS format -->
<target name="get-certdb-to-jks" depends="init-common">
      <exec executable="${env.S1AS_HOME}/lib/certutil" output="${admin.domain.dir}/${admin.domain}/config/certdb.rfc">
        <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
        <arg line="-L -n ${cert.nickname}"/>
        <arg line="-d ${admin.domain.dir}/${admin.domain}/config -a"/>
      </exec>
      <concat>
        <filelist dir="${admin.domain.dir}/${admin.domain}/config" files="certdb.rfc"/>
      </concat>
      <antcall target="import-cert-jks">
         <param name="cert.alias" value="${cert.nickname}"/>
         <param name="keystore.file" value="${admin.domain.dir}/${admin.domain}/config/certdb_cacerts.jks"/>
         <param name="cert.file" value="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/>
      </antcall>
</target>

<target name="get-certdb-to-jks-token" depends="init-common">
      <exec executable="${env.S1AS_HOME}/lib/certutil" output="${admin.domain.dir}/${admin.domain}/config/certdb.rfc">
        <arg line="-L -n ${token.name}:${cert.nickname}"/>
        <arg line="-d ${admin.domain.dir}/${admin.domain}/config -a"/>
      </exec>
      <concat>
        <filelist dir="${admin.domain.dir}/${admin.domain}/config" files="certdb.rfc"/>
      </concat>
      <antcall target="import-cert-jks">
         <param name="cert.alias" value="${token.name}:${cert.nickname}"/>
         <param name="keystore.file" value="${admin.domain.dir}/${admin.domain}/config/certdb_cacerts.jks"/>
         <param name="cert.file" value="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/>
      </antcall>
</target>


<!-- get the appserver edition -->
<target name="set-appserver-version" depends="init-common">
        <!--
        <exec executable="${ASADMIN}" output="as_version.txt">
                <arg line="version"/>
                <arg line="${as.props}"/>
        </exec>
        <loadfile property="Version" srcFile="as_version.txt" failonerror="false"/>
        <echo message="Got the version=${Version}"/>
        -->
        <!-- use the following workaround to find the appserver edition until I figureout the above parse method -->
        <available file="${admin.domain.dir}/${admin.domain}/config/cert8.db" type="file" property="isEE"/>
</target>

<target name="import-cert-nss" depends="init-common">
  <echo message="${certdb.pwd}" file="passfile"/>
  <exec executable="${env.S1AS_HOME}/lib/certutil">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-A"/>
    <arg line="-a"/>
    <arg line="-n ${cert.nickname}"/>
    <arg line="-t '${cert.trust.options}'"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-f passfile"/>
    <arg line="-i ${cert.file}"/>
  </exec>
</target>

<target name="import-cert-p12-nss" depends="init-common">
  <echo message="${certdb.pwd}" file="passfile"/>
  <echo message="${cert.pwd}" file="certpassfile"/>
  <exec executable="${env.S1AS_HOME}/lib/pk12util">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-i ${cert.file}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-k passfile"/>
    <arg line="-w certpassfile"/>
  </exec>
</target>

<target name="import-cert-p12-nss-token" depends="init-common">
  <echo message="Importing certificate ${cert.nickname} in ${cert.file} into  token ${token.name} under ${cert.dir} ..."/>
  <echo message="${certdb.pwd}" file="passfile"/>
  <echo message="${cert.pwd}" file="certpassfile"/>
  <echo message="${token.pwd}" file="tokenpassfile"/>
  <exec executable="${env.S1AS_HOME}/lib/pk12util">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-i ${cert.file}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-k passfile"/>
    <arg line="-w certpassfile"/>
    <arg line="-h ${token.name}"/>
    <arg line="-k tokenpassfile"/>
  </exec>
</target>

<target name="export-cert-p12-nss" depends="init-common">
  <echo message="${certdb.pwd}" file="passfile"/>
  <echo message="${cert.pwd}" file="certpassfile"/>
  <exec executable="${env.S1AS_HOME}/lib/pk12util">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-o ${cert.file}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-n ${cert.nickname}"/>
    <arg line="-k passfile"/>
    <arg line="-w certpassfile"/>
  </exec>
</target>

<target name="export-cert-p12-nss-token" depends="init-common">
  <echo message="Exporting certificate ${cert.nickname} to ${cert.file} from token ${token.name} under ${cert.dir} ..."/>
  <echo message="${certdb.pwd}" file="passfile"/>
  <echo message="${cert.pwd}" file="certpassfile"/>
  <echo message="${token.pwd}" file="tokenpassfile"/>
  <exec executable="${env.S1AS_HOME}/lib/pk12util">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-o ${cert.file}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-n ${cert.nickname}"/>
    <arg line="-k passfile"/>
    <arg line="-w certpassfile"/>
    <arg line="-h ${token.name}"/>
    <arg line="-k tokenpassfile"/>
  </exec>
</target>


<target name="convert-pkcs12-to-jks" depends="init-common">
  <delete file="${jks.file}" failonerror="false"/>
  <java classname="com.sun.appserver.sqe.security.ssl.util.KeyTool">
        <arg line="-pkcs12"/>
        <arg line="-pkcsFile ${pkcs12.file}"/>
        <arg line="-pkcsKeyStorePass ${pkcs12.pass}"/>
        <arg line="-pkcsKeyPass ${pkcs12.pass}"/>
        <arg line="-jksFile ${jks.file}"/>
        <arg line="-jksKeyStorePass ${jks.pass}"/>
        <classpath>
            <pathelement path="${s1as.classpath}"/>
            <pathelement path="${env.APS_HOME}/lib/sslutil.jar"/>
            <pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/>
        </classpath>
   </java>
</target>


<target name="export-cert-nss" depends="init-common">
  <echo message="${certdb.pwd}" file="passfile"/>
  <exec executable="${env.S1AS_HOME}/lib/certutil" output="${cert.file}">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-L"/>
    <arg line="-a"/>
    <arg line="-n ${cert.nickname}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-f passfile"/>
  </exec>
</target>

<target name="delete-cert-nss" depends="init-common">
  <echo message="${certdb.pwd}" file="passfile"/>
  <exec executable="${env.S1AS_HOME}/lib/certutil">
    <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
    <arg line="-D"/>
    <arg line="-n ${cert.nickname}"/>
    <arg line="-d ${cert.dir}"/>
    <arg line="-f passfile"/>
  </exec>
</target>


<!-- ============================================================================= -->
<!-- SSL over http related targets -->
<!-- ============================================================================= -->
<target name="set-default-https-port" depends="init-common">
  <echo message="Set default ssl port 443 for http-listener ..."/>
  <exec executable="${ASADMIN}">
    <arg line="set"/>
    <arg line="${as.props}"/>
    <arg line="${appserver.instance.name}.http-service.http-listener.http-listener-2.port=443"/>
  </exec>
</target>

<target name="enable-https-protocol" depends="init-common">
  <echo message="Enable https protocol for http-listener ..."/>
  <exec executable="${ASADMIN}">
    <arg line="set"/>
    <arg line="${as.props}"/>
    <arg line="${appserver.instance.name}.http-service.http-protocol.ssl_enabled=true"/>
  </exec>
</target>

<!-- setup the SSL element for mutual auth in http listener2 -->
<target name="create-http-ssl-mutualauth-ee" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="create-ssl"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--type http-listener"/>
      <arg line="--certname ${server.cert.nickname}"/>
      <arg line="--clientauthenabled=true"/>
      <arg line="${https.listener}"/>
   </exec>
   <exec executable="${ASADMIN}">
        <arg line="set"/>
        <arg line="${as.props}"/>
        <arg line="${appserver.instance.name}.http-service.http-listener.http-listener-2.ssl.ssl3_tls_ciphers=${https.ssl3ciphers}"/>
   </exec>
</target>

<!-- Enable the client authentication for a given listener -->
<target name="set-iiop-ssl-cert" depends="init-common">
   <echo message="set cert alias, ${cert.nickname} in iiop-service ..."/>
   <exec executable="${ASADMIN}">
        <arg line="set"/>
        <arg line="${as.props}"/>
        <arg line="${appserver.instance.name}.iiop-service.iiop-listener.SSL.ssl.cert_nickname=${cert.nickname}"/>
   </exec>
   <exec executable="${ASADMIN}">
        <arg line="set"/>
        <arg line="${as.props}"/>
        <arg line="${appserver.instance.name}.iiop-service.iiop-listener.SSL_MUTUALAUTH.ssl.cert_nickname=${cert.nickname}"/>
   </exec>
</target>

<target name="create-ssl-client-config" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="create-ssl"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--type iiop-service"/>
      <arg line="--certname ${outbound.cert.nickname}"/>
   </exec>
</target>

<target name="delete-ssl-client-config" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="delete-ssl"/>
      <arg line="${as.props} --target ${appserver.instance.name}"/>
      <arg line="--type iiop-service"/>
   </exec>
</target>


<target name="enable-ssl-mutual-auth-over-iiop" depends="init-common">
   <exec executable="${ASADMIN}">
        <arg line="set"/>
        <arg line="${as.props}"/>
        <arg line="${appserver.instance.name}.iiop-service.iiop-listener.SSL_MUTUALAUTH.ssl.client_auth_enabled=true"/>
   </exec>
</target>

<target name="create-sample-self-jks-cert" depends="init-common">
        <antcall target="create-cert-jks">
                <param name="keystore.file" value="s1as.jks"/>
                <param name="keystore.pass" value="changeit"/>
                <param name="key.pass" value="changeit"/>
                <param name="key.alias" value="s1as"/>
                <param name="dname" value="CN=S1AS, OU=Sun Java System, O=Sun Microsystems, L=Santa Clara, ST=California, C=US"/>
        </antcall>
        <antcall target="list-cert-jks">
                <param name="keystore.file" value="s1as.jks"/>
                <param name="keystore.pass" value="changeit"/>
        </antcall>
</target>

<target name="create-cert-jks-rsa" depends="init-common">
        <echo message="Create certificate in ${keystore.file} ..."/>
        <exec executable="${env.JAVA_HOME}/bin/keytool">
        <arg value="-genkey"/>
        <arg value="-keyalg"/>
        <arg value="RSA"/>
        <arg value="-trustcacerts"/>
        <arg value="-keystore"/>
        <arg value="${keystore.file}"/>
        <arg value="-storepass"/>
        <arg value="${keystore.pass}"/>
        <arg value="-alias"/>
        <arg value="${key.alias}"/>
        <arg value="-dname"/>
        <arg value="${dname}"/>
        <arg value="-keypass"/>
        <arg value="${key.pass}"/>
      </exec>
</target>


<!--
        <arg value="-noprompt"/>
                <param name="dname" value="EMAILADDRESS=jagadesh.munta@sun.com, CN=Jagadesh Munta, UID=munta, OU=Java Software, O=Sun Microsystems Inc, C=US"/>
-->

<!-- Password Encryption related targets-->
<!-- alias.name=username -->
<target name="create-password-alias" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="create-password-alias"/>
      <arg line="${as.props}"/>
      <arg line="--aliaspassword ${alias.password}"/>
      <arg line="${alias.name}"/>
   </exec>
</target>

<target name="delete-password-alias" depends="init-common">
   <exec executable="${ASADMIN}">
      <arg line="delete-password-alias"/>
      <arg line="${as.props}"/>
      <arg line="${alias.name}"/>
   </exec>
</target>

<target name="get-java-version">
  <echo message="Ant java version=${ant.java.version}"/>
  <echo message="Java version=${java.version}"/>
  <condition property="jdk14" value="true">
    <contains string="${java.version}" substring="1.4" casesensitive="no"/>
  </condition>
  <condition property="jdk15" value="true">
    <contains string="${java.version}" substring="1.5" casesensitive="no"/>
  </condition>
  <echo message="Using java version: jdk1.5.x=${jdk15} ; jdk1.4.x=${jdk14}"/>
</target>


<!--
Hardware Accelerator setup related targets
-->
<target name="add-pkcs11-module-token" depends="init-common">
    <echo message="Adding PKCS11 Module or token to NSS Certdb..."/>
      <exec executable="${env.S1AS_HOME}/lib/modutil">
        <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
        <arg line="-add &quot;${token.module.name}&quot;"/>
        <arg line="-nocertdb  -force "/>
        <arg line="-dbdir ${admin.domain.dir}/${admin.domain}/config"/>
        <arg line="-libfile ${SCA.lib.path}"/>
        <arg line="-mechanisms RSA:DSA:RC4:DES"/>
      </exec>
</target>

<target name="delete-pkcs11-module-token" depends="init-common">
    <echo message="Deleting PKCS11 module  or token ${token.name} from NSS Certdb..."/>
      <exec executable="${env.S1AS_HOME}/lib/modutil">
        <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
        <arg line="-delete &quot;${token.module.name}&quot;"/>
        <arg line="-nocertdb  -force "/>
        <arg line="-dbdir ${admin.domain.dir}/${admin.domain}/config"/>
        <arg line="-libfile ${SCA.lib.path}"/>
        <arg line="-mechanisms RSA:DSA:RC4:DES"/>
      </exec>
</target>


<target name="list-module-token" depends="init-common">
    <echo message="Listing PKCS11 Modules or tokens from NSS Certdb..."/>
      <exec executable="${env.S1AS_HOME}/lib/modutil">
        <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
        <arg line="-list"/>
        <arg line="-dbdir ${admin.domain.dir}/${admin.domain}/config"/>
      </exec>
</target>

<target name="list-cert-token" depends="init-common">
    <echo message="Listing Certs from PKCS11 Module or Token..."/>
    <echo message="${token.pwd}" file="passfile"/>
      <exec executable="${env.S1AS_HOME}/lib/certutil">
        <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
        <arg line="-L"/>
        <arg line="-d ${admin.domain.dir}/${admin.domain}/config"/>
        <arg line="-h ${token.name}"/>
        <arg line="-f passfile"/>
      </exec>
</target>


<!-- Log related -->
<target name="set-client-log-level" depends="init-common">
  <echo message="Setting client default log level WARNING to ${log.level}"/>
  <replace
    token="WARNING"
    value="${log.level}"
    file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/>
</target>

<target name="set-client-default-log-level" depends="init-common">
  <echo message="Setting client default log level WARNING from ${log.level}"/>
  <replace
    token="${log.level}"
    value="WARNING"
    file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/>
</target>

<target name="set-server-security-log-level" depends="init-common">
  <echo message="Setting server security module log level to ${log.level}"/>
     <exec executable="${ASADMIN}">
        <arg line="set"/>
        <arg line="${as.props}"/>
        <arg line="${appserver.instance.name}.log-service.module-log-levels.security=${log.level}"/>
   </exec>
</target>

<target name="set-server-security-fine-log-level">
  <echo message="Setting server security module log level to FINE"/>
  <antcall target="set-server-security-log-level">
    <param name="log.level" value="FINE"/>
  </antcall>
</target>

<target name="set-server-security-default-log-level">
  <echo message="Setting server security module log level to INFO"/>
  <antcall target="set-server-security-log-level">
    <param name="log.level" value="INFO"/>
  </antcall>
</target>

<target name="set-Props-MacOS" if="isMac" depends="init-common">
    <property name="java.lib.path" value="${env.JAVA_HOME}/lib"/>
</target>
<target name="set-Props-nonMacOS" unless="isMac" depends="init-common">
    <property name="java.lib.path" value="${env.JAVA_HOME}/jre/lib"/>
</target>

<target name="import-cert-jks" depends="init-common">
        <echo message="Installing certificate in ${keystore.file} ..."/>
        <exec executable="${env.JAVA_HOME}/bin/keytool">
        <arg value="-import"/>
        <arg value="-noprompt"/>
        <arg value="-trustcacerts"/>
        <arg value="-keystore"/>
        <arg value="${keystore.file}"/>
        <arg value="-storepass"/>
        <arg value="changeit"/>
        <arg value="-alias"/>
        <arg value="${cert.alias}"/>
        <arg value="-file"/>
        <arg value="${cert.file}"/>
      </exec>
</target>