Class SignJar

All Implemented Interfaces:
java.lang.Cloneable

public class SignJar
extends AbstractJarSignerTask
Signs JAR or ZIP files with the javasign command line tool. The tool detailed dependency checking: files are only signed if they are not signed. The signjar attribute can point to the file to generate; if this file exists then its modification date is used as a cue as to whether to resign any JAR file. Timestamp signature support is based on Java 8
Since:
Ant 1.1
See Also:
documentation
  • Field Details

    • ERROR_TODIR_AND_SIGNEDJAR

      public static final java.lang.String ERROR_TODIR_AND_SIGNEDJAR
      error string for unit test verification: "\'destdir\' and \'signedjar\' cannot both be set"
      See Also:
      Constant Field Values
    • ERROR_TOO_MANY_MAPPERS

      public static final java.lang.String ERROR_TOO_MANY_MAPPERS
      error string for unit test verification: "Too many mappers"
      See Also:
      Constant Field Values
    • ERROR_SIGNEDJAR_AND_PATHS

      public static final java.lang.String ERROR_SIGNEDJAR_AND_PATHS
      error string for unit test verification "You cannot specify the signed JAR when using paths or filesets"
      See Also:
      Constant Field Values
    • ERROR_BAD_MAP

      public static final java.lang.String ERROR_BAD_MAP
      error string for unit test verification: "Cannot map source file to anything sensible: "
      See Also:
      Constant Field Values
    • ERROR_MAPPER_WITHOUT_DEST

      public static final java.lang.String ERROR_MAPPER_WITHOUT_DEST
      error string for unit test verification: "The destDir attribute is required if a mapper is set"
      See Also:
      Constant Field Values
    • ERROR_NO_ALIAS

      public static final java.lang.String ERROR_NO_ALIAS
      error string for unit test verification: "alias attribute must be set"
      See Also:
      Constant Field Values
    • ERROR_NO_STOREPASS

      public static final java.lang.String ERROR_NO_STOREPASS
      error string for unit test verification: "storepass attribute must be set"
      See Also:
      Constant Field Values
    • sigfile

      protected java.lang.String sigfile
      name to a signature file
    • signedjar

      protected java.io.File signedjar
      name of a single jar
    • internalsf

      protected boolean internalsf
      flag for internal sf signing
    • sectionsonly

      protected boolean sectionsonly
      sign sections only?
    • lazy

      protected boolean lazy
      Whether to assume a jar which has an appropriate .SF file in is already signed.
    • destDir

      protected java.io.File destDir
      the output directory when using paths.
    • tsaurl

      protected java.lang.String tsaurl
      URL for a tsa; null implies no tsa support
    • tsaproxyhost

      protected java.lang.String tsaproxyhost
      Proxy host to be used when connecting to TSA server
    • tsaproxyport

      protected java.lang.String tsaproxyport
      Proxy port to be used when connecting to TSA server
    • tsacert

      protected java.lang.String tsacert
      alias for the TSA in the keystore
  • Constructor Details

  • Method Details

    • setSigfile

      public void setSigfile​(java.lang.String sigfile)
      name of .SF/.DSA file; optional
      Parameters:
      sigfile - the name of the .SF/.DSA file
    • setSignedjar

      public void setSignedjar​(java.io.File signedjar)
      name of signed JAR file; optional
      Parameters:
      signedjar - the name of the signed jar file
    • setInternalsf

      public void setInternalsf​(boolean internalsf)
      Flag to include the .SF file inside the signature; optional; default false
      Parameters:
      internalsf - if true include the .SF file inside the signature
    • setSectionsonly

      public void setSectionsonly​(boolean sectionsonly)
      flag to compute hash of entire manifest; optional, default false
      Parameters:
      sectionsonly - flag to compute hash of entire manifest
    • setLazy

      public void setLazy​(boolean lazy)
      flag to control whether the presence of a signature file means a JAR is signed; optional, default false
      Parameters:
      lazy - flag to control whether the presence of a signature
    • setDestDir

      public void setDestDir​(java.io.File destDir)
      Optionally sets the output directory to be used.
      Parameters:
      destDir - the directory in which to place signed jars
      Since:
      Ant 1.7
    • add

      public void add​(FileNameMapper newMapper)
      add a mapper to determine file naming policy. Only used with toDir processing.
      Parameters:
      newMapper - the mapper to add.
      Since:
      Ant 1.7
    • getMapper

      public FileNameMapper getMapper()
      get the active mapper; may be null
      Returns:
      mapper or null
      Since:
      Ant 1.7
    • getTsaurl

      public java.lang.String getTsaurl()
      get the -tsaurl url
      Returns:
      url or null
      Since:
      Ant 1.7
    • setTsaurl

      public void setTsaurl​(java.lang.String tsaurl)
      Parameters:
      tsaurl - the tsa url.
      Since:
      Ant 1.7
    • getTsaproxyhost

      public java.lang.String getTsaproxyhost()
      Get the proxy host to be used when connecting to the TSA url
      Returns:
      url or null
      Since:
      Ant 1.9.5
    • setTsaproxyhost

      public void setTsaproxyhost​(java.lang.String tsaproxyhost)
      Parameters:
      tsaproxyhost - the proxy host to be used when connecting to the TSA.
      Since:
      Ant 1.9.5
    • getTsaproxyport

      public java.lang.String getTsaproxyport()
      Get the proxy host to be used when connecting to the TSA url
      Returns:
      url or null
      Since:
      Ant 1.9.5
    • setTsaproxyport

      public void setTsaproxyport​(java.lang.String tsaproxyport)
      Parameters:
      tsaproxyport - the proxy port to be used when connecting to the TSA.
      Since:
      Ant 1.9.5
    • getTsacert

      public java.lang.String getTsacert()
      get the -tsacert option
      Returns:
      a certificate alias or null
      Since:
      Ant 1.7
    • setTsacert

      public void setTsacert​(java.lang.String tsacert)
      set the alias in the keystore of the TSA to use;
      Parameters:
      tsacert - the cert alias.
    • setForce

      public void setForce​(boolean b)
      Whether to force signing of a jar even it is already signed.
      Parameters:
      b - boolean
      Since:
      Ant 1.8.0
    • isForce

      public boolean isForce()
      Should the task force signing of a jar even it is already signed?
      Returns:
      boolean
      Since:
      Ant 1.8.0
    • setSigAlg

      public void setSigAlg​(java.lang.String sigAlg)
      Signature Algorithm; optional
      Parameters:
      sigAlg - the signature algorithm
    • getSigAlg

      public java.lang.String getSigAlg()
      Signature Algorithm; optional
      Returns:
      String
    • setDigestAlg

      public void setDigestAlg​(java.lang.String digestAlg)
      Digest Algorithm; optional
      Parameters:
      digestAlg - the digest algorithm
    • getDigestAlg

      public java.lang.String getDigestAlg()
      Digest Algorithm; optional
      Returns:
      String
    • setTSADigestAlg

      public void setTSADigestAlg​(java.lang.String digestAlg)
      TSA Digest Algorithm; optional
      Parameters:
      digestAlg - the tsa digest algorithm
      Since:
      Ant 1.10.2
    • getTSADigestAlg

      public java.lang.String getTSADigestAlg()
      TSA Digest Algorithm; optional
      Returns:
      String
      Since:
      Ant 1.10.2
    • execute

      public void execute() throws BuildException
      sign the jar(s)
      Overrides:
      execute in class Task
      Throws:
      BuildException - on errors
    • isUpToDate

      protected boolean isUpToDate​(java.io.File jarFile, java.io.File signedjarFile)

      Compare a jar file with its corresponding signed jar. The logic for this is complex, and best explained in the source itself. Essentially if either file doesn't exist, or the destfile has an out of date timestamp, then the return value is false.

      If we are signing ourself, the check isSigned(File) is used to trigger the process.

      Parameters:
      jarFile - the unsigned jar file
      signedjarFile - the result signed jar file
      Returns:
      true if the signedjarFile is considered up to date
    • isSigned

      protected boolean isSigned​(java.io.File file)
      test for a file being signed, by looking for a signature in the META-INF directory with our alias/sigfile.
      Parameters:
      file - the file to be checked
      Returns:
      true if the file is signed
      See Also:
      IsSigned.isSigned(File, String)
    • setPreserveLastModified

      public void setPreserveLastModified​(boolean preserveLastModified)
      true to indicate that the signed jar modification date remains the same as the original. Defaults to false
      Parameters:
      preserveLastModified - if true preserve the last modified time