Package org.apache.tools.ant.taskdefs

Class SignJar

java.lang.Object

org.apache.tools.ant.ProjectComponent

org.apache.tools.ant.Task

org.apache.tools.ant.taskdefs.AbstractJarSignerTask

org.apache.tools.ant.taskdefs.SignJar

All Implemented Interfaces:

Cloneable

public class SignJar
extends AbstractJarSignerTask

Signs JAR or ZIP files with the javasign command line tool. The tool detailed dependency checking: files are only signed if they are not signed. The signjar attribute can point to the file to generate; if this file exists then its modification date is used as a cue as to whether to resign any JAR file. Timestamp signature support is based on Java 8

Since:

Ant 1.1

See Also:

• documentation

Field Summary

Fields

Modifier and Type	Field	Description
protected File	destDir	the output directory when using paths.
static final String	ERROR_BAD_MAP	error string for unit test verification: "Cannot map source file to anything sensible: "
static final String	ERROR_MAPPER_WITHOUT_DEST	error string for unit test verification: "The destDir attribute is required if a mapper is set"
static final String	ERROR_NO_ALIAS	error string for unit test verification: "alias attribute must be set"
static final String	ERROR_NO_STOREPASS	error string for unit test verification: "storepass attribute must be set"
static final String	ERROR_SIGNEDJAR_AND_PATHS	error string for unit test verification "You cannot specify the signed JAR when using paths or filesets"
static final String	ERROR_TODIR_AND_SIGNEDJAR	error string for unit test verification: "\'destdir\' and \'signedjar\' cannot both be set"
static final String	ERROR_TOO_MANY_MAPPERS	error string for unit test verification: "Too many mappers"
protected boolean	internalsf	flag for internal sf signing
protected boolean	lazy	Whether to assume a jar which has an appropriate .SF file in is already signed.
protected boolean	sectionsonly	sign sections only?
protected String	sigfile	name to a signature file
protected File	signedjar	name of a single jar
protected String	tsacert	alias for the TSA in the keystore
protected String	tsaproxyhost	Proxy host to be used when connecting to TSA server
protected String	tsaproxyport	Proxy port to be used when connecting to TSA server
protected String	tsaurl	URL for a tsa; null implies no tsa support

Fields inherited from class org.apache.tools.ant.taskdefs.AbstractJarSignerTask

alias, ERROR_NO_SOURCE, filesets, jar, JARSIGNER_COMMAND, keypass, keystore, maxMemory, storepass, storetype, strict, verbose

Fields inherited from class org.apache.tools.ant.Task

target, taskName, taskType, wrapper

Fields inherited from class org.apache.tools.ant.ProjectComponent

description, location, project

Constructor Summary

Constructors

Constructor	Description
SignJar()

Method Summary

Modifier and Type	Method	Description
void	add(FileNameMapper newMapper)	add a mapper to determine file naming policy.
void	execute()	sign the jar(s)
String	getDigestAlg()	Digest Algorithm; optional
FileNameMapper	getMapper()	get the active mapper; may be null
String	getSigAlg()	Signature Algorithm; optional
String	getTsacert()	get the -tsacert option
String	getTSADigestAlg()	TSA Digest Algorithm; optional
String	getTsaproxyhost()	Get the proxy host to be used when connecting to the TSA url
String	getTsaproxyport()	Get the proxy host to be used when connecting to the TSA url
String	getTsaurl()	get the -tsaurl url
boolean	isForce()	Should the task force signing of a jar even it is already signed?
protected boolean	isSigned(File file)	test for a file being signed, by looking for a signature in the META-INF directory with our alias/sigfile.
protected boolean	isUpToDate(File jarFile, File signedjarFile)	Compare a jar file with its corresponding signed jar.
void	setDestDir(File destDir)	Optionally sets the output directory to be used.
void	setDigestAlg(String digestAlg)	Digest Algorithm; optional
void	setForce(boolean b)	Whether to force signing of a jar even it is already signed.
void	setInternalsf(boolean internalsf)	Flag to include the .SF file inside the signature; optional; default false
void	setLazy(boolean lazy)	flag to control whether the presence of a signature file means a JAR is signed; optional, default false
void	setPreserveLastModified(boolean preserveLastModified)	true to indicate that the signed jar modification date remains the same as the original.
void	setSectionsonly(boolean sectionsonly)	flag to compute hash of entire manifest; optional, default false
void	setSigAlg(String sigAlg)	Signature Algorithm; optional
void	setSigfile(String sigfile)	name of .SF/.DSA file; optional
void	setSignedjar(File signedjar)	name of signed JAR file; optional
void	setTsacert(String tsacert)	set the alias in the keystore of the TSA to use;
void	setTSADigestAlg(String digestAlg)	TSA Digest Algorithm; optional
void	setTsaproxyhost(String tsaproxyhost)
void	setTsaproxyport(String tsaproxyport)
void	setTsaurl(String tsaurl)

Methods inherited from class org.apache.tools.ant.taskdefs.AbstractJarSignerTask

addArg, addArgument, addFileset, addSysproperty, addValue, beginExecution, bindToKeystore, createJarSigner, createPath, createUnifiedSourcePath, createUnifiedSources, declareSysProperty, endExecution, getRedirector, hasResources, setAlias, setCommonOptions, setExecutable, setJar, setKeypass, setKeystore, setMaxmemory, setProviderArg, setProviderClass, setProviderName, setStorepass, setStoretype, setStrict, setVerbose

Methods inherited from class org.apache.tools.ant.Task

bindToOwner, getOwningTarget, getRuntimeConfigurableWrapper, getTaskName, getTaskType, getWrapper, handleErrorFlush, handleErrorOutput, handleFlush, handleInput, handleOutput, init, isInvalid, log, log, log, log, maybeConfigure, perform, reconfigure, setOwningTarget, setRuntimeConfigurableWrapper, setTaskName, setTaskType

Methods inherited from class org.apache.tools.ant.ProjectComponent

clone, getDescription, getLocation, getProject, setDescription, setLocation, setProject

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ERROR_TODIR_AND_SIGNEDJAR

public static final String ERROR_TODIR_AND_SIGNEDJAR

error string for unit test verification: "\'destdir\' and \'signedjar\' cannot both be set"

See Also:

• Constant Field Values

ERROR_TOO_MANY_MAPPERS

public static final String ERROR_TOO_MANY_MAPPERS

error string for unit test verification: "Too many mappers"

See Also:

• Constant Field Values

ERROR_SIGNEDJAR_AND_PATHS

public static final String ERROR_SIGNEDJAR_AND_PATHS

error string for unit test verification "You cannot specify the signed JAR when using paths or filesets"

See Also:

• Constant Field Values

ERROR_BAD_MAP

public static final String ERROR_BAD_MAP

error string for unit test verification: "Cannot map source file to anything sensible: "

See Also:

• Constant Field Values

ERROR_MAPPER_WITHOUT_DEST

public static final String ERROR_MAPPER_WITHOUT_DEST

error string for unit test verification: "The destDir attribute is required if a mapper is set"

See Also:

• Constant Field Values

ERROR_NO_ALIAS

public static final String ERROR_NO_ALIAS

error string for unit test verification: "alias attribute must be set"

See Also:

• Constant Field Values

ERROR_NO_STOREPASS

public static final String ERROR_NO_STOREPASS

error string for unit test verification: "storepass attribute must be set"

See Also:

• Constant Field Values

sigfile

protected String sigfile

name to a signature file

signedjar

protected File signedjar

name of a single jar

internalsf

protected boolean internalsf

flag for internal sf signing

sectionsonly

protected boolean sectionsonly

sign sections only?

lazy

protected boolean lazy

Whether to assume a jar which has an appropriate .SF file in is already signed.

destDir

protected File destDir

the output directory when using paths.

tsaurl

protected String tsaurl

URL for a tsa; null implies no tsa support

tsaproxyhost

protected String tsaproxyhost

Proxy host to be used when connecting to TSA server

tsaproxyport

protected String tsaproxyport

Proxy port to be used when connecting to TSA server

tsacert

protected String tsacert

alias for the TSA in the keystore

Constructor Details

SignJar

public SignJar()

Method Details

setSigfile

public void setSigfile(String sigfile)

name of .SF/.DSA file; optional

Parameters:

sigfile - the name of the .SF/.DSA file

setSignedjar

public void setSignedjar(File signedjar)

name of signed JAR file; optional

Parameters:

signedjar - the name of the signed jar file

setInternalsf

public void setInternalsf(boolean internalsf)

Flag to include the .SF file inside the signature; optional; default false

Parameters:

internalsf - if true include the .SF file inside the signature

setSectionsonly

public void setSectionsonly(boolean sectionsonly)

flag to compute hash of entire manifest; optional, default false

Parameters:

sectionsonly - flag to compute hash of entire manifest

setLazy

public void setLazy(boolean lazy)

flag to control whether the presence of a signature file means a JAR is signed; optional, default false

Parameters:

lazy - flag to control whether the presence of a signature

setDestDir

public void setDestDir(File destDir)

Optionally sets the output directory to be used.

Parameters:

destDir - the directory in which to place signed jars

Since:

Ant 1.7

add

public void add(FileNameMapper newMapper)

add a mapper to determine file naming policy. Only used with toDir processing.

Parameters:

newMapper - the mapper to add.

Since:

Ant 1.7

getMapper

public FileNameMapper getMapper()

get the active mapper; may be null

Returns:

mapper or null

Since:

Ant 1.7

getTsaurl

public String getTsaurl()

get the -tsaurl url

Returns:

url or null

Since:

Ant 1.7

setTsaurl

public void setTsaurl(String tsaurl)

Parameters:

tsaurl - the tsa url.

Since:

Ant 1.7

getTsaproxyhost

public String getTsaproxyhost()

Get the proxy host to be used when connecting to the TSA url

Returns:

url or null

Since:

Ant 1.9.5

setTsaproxyhost

public void setTsaproxyhost(String tsaproxyhost)

Parameters:

tsaproxyhost - the proxy host to be used when connecting to the TSA.

Since:

Ant 1.9.5

getTsaproxyport

public String getTsaproxyport()

Get the proxy host to be used when connecting to the TSA url

Returns:

url or null

Since:

Ant 1.9.5

setTsaproxyport

public void setTsaproxyport(String tsaproxyport)

Parameters:

tsaproxyport - the proxy port to be used when connecting to the TSA.

Since:

Ant 1.9.5

getTsacert

public String getTsacert()

get the -tsacert option

Returns:

a certificate alias or null

Since:

Ant 1.7

setTsacert

public void setTsacert(String tsacert)

set the alias in the keystore of the TSA to use;

Parameters:

tsacert - the cert alias.

setForce

public void setForce(boolean b)

Whether to force signing of a jar even it is already signed.

Parameters:

b - boolean

Since:

Ant 1.8.0

isForce

public boolean isForce()

Should the task force signing of a jar even it is already signed?

Returns:

boolean

Since:

Ant 1.8.0

setSigAlg

public void setSigAlg(String sigAlg)

Signature Algorithm; optional

Parameters:

sigAlg - the signature algorithm

getSigAlg

public String getSigAlg()

Signature Algorithm; optional

Returns:

String

setDigestAlg

public void setDigestAlg(String digestAlg)

Digest Algorithm; optional

Parameters:

digestAlg - the digest algorithm

getDigestAlg

public String getDigestAlg()

Digest Algorithm; optional

Returns:

String

setTSADigestAlg

public void setTSADigestAlg(String digestAlg)

TSA Digest Algorithm; optional

Parameters:

digestAlg - the tsa digest algorithm

Since:

Ant 1.10.2

getTSADigestAlg

public String getTSADigestAlg()

TSA Digest Algorithm; optional

Returns:

String

Since:

Ant 1.10.2

execute

public void execute()
             throws BuildException

sign the jar(s)

Overrides:

execute in class Task

Throws:

BuildException - on errors

isUpToDate

protected boolean isUpToDate(File jarFile,
 File signedjarFile)

Compare a jar file with its corresponding signed jar. The logic for this is complex, and best explained in the source itself. Essentially if either file doesn't exist, or the destfile has an out of date timestamp, then the return value is false.

If we are signing ourself, the check isSigned(File) is used to trigger the process.

Parameters:

jarFile - the unsigned jar file

signedjarFile - the result signed jar file

Returns:

true if the signedjarFile is considered up to date

isSigned

protected boolean isSigned(File file)

test for a file being signed, by looking for a signature in the META-INF directory with our alias/sigfile.

Parameters:

file - the file to be checked

Returns:

true if the file is signed

See Also:

• IsSigned.isSigned(File, String)

setPreserveLastModified

public void setPreserveLastModified(boolean preserveLastModified)

true to indicate that the signed jar modification date remains the same as the original. Defaults to false

Parameters:

preserveLastModified - if true preserve the last modified time