From 683412e76617cd0abacd714a0c88381772273d7e Mon Sep 17 00:00:00 2001 From: Alexei Znamensky Date: Sun, 31 May 2026 18:33:35 +1200 Subject: [PATCH] fix(java_cert): remove -noprompt from keytool -list to allow stdin password -noprompt is not a valid option for keytool -list (only for importkeystore/ importcert). On Java 8, passing it caused keytool to skip reading the store password from stdin, resulting in a null password and NullPointerException. Fixes #3023 Co-Authored-By: Claude Sonnet 4.6 --- plugins/modules/java_cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/java_cert.py b/plugins/modules/java_cert.py index 2a2cd590be..60343cf8bb 100644 --- a/plugins/modules/java_cert.py +++ b/plugins/modules/java_cert.py @@ -279,7 +279,7 @@ def _get_digest_from_x509_file(module, pem_certificate_file, openssl_bin): def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, password, dest): """Runs keytools to extract the public cert from a PKCS12 archive and write it to a file.""" - export_cmd = [executable, "-list", "-noprompt", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"] + export_cmd = [executable, "-list", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"] # Append optional alias if alias: export_cmd.extend(["-alias", alias])