Author: bentmann
Date: Sun Aug 9 17:00:30 2009
New Revision: 802558
URL: http://svn.apache.org/viewvc?rev=802558&view=rev
Log:
[MJARSIGNER-5] Allow to unsign JARs before re-signing
Added:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml (with
props)
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
(with props)
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.DSA
(with props)
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.RSA
(with props)
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.SF
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh (with
props)
Modified:
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerSignMojo.java
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerVerifyMojo.java
maven/plugins/trunk/maven-jarsigner-plugin/src/site/fml/faq.fml
Added: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml?rev=802558&view=auto
==============================================================================
--- maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml (added)
+++ maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml Sun Aug 9
17:00:30 2009
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.maven.its.jarsigner</groupId>
+ <artifactId>test</artifactId>
+ <version>1.0</version>
+ <packaging>jar</packaging>
+
+ <description>
+ Tests the signing of an already signed JAR that should be unsigned before
re-signing.
+ </description>
+
+ <properties>
+ <maven.test.skip>true</maven.test.skip>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0.2</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.2</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.3.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jarsigner-plugin</artifactId>
+ <version>@project.version@</version>
+ <configuration>
+ <alias>test-01</alias>
+ <keypass>key-passwd</keypass>
+ <sigfile>TESTING</sigfile>
+ <removeExistingSignatures>true</removeExistingSignatures>
+ </configuration>
+ <executions>
+ <execution>
+ <id>sign-jars</id>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>verify-jars</id>
+ <goals>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
Propchange: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/pom.xml
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java?rev=802558&view=auto
==============================================================================
---
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
(added)
+++
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
Sun Aug 9 17:00:30 2009
@@ -0,0 +1,6 @@
+/**
+ * Appliation entry point.
+ */
+public class Main
+{
+}
Propchange:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/java/Main.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.DSA
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.DSA?rev=802558&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.DSA
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.RSA
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.RSA?rev=802558&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.RSA
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.SF
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.SF?rev=802558&view=auto
==============================================================================
---
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.SF
(added)
+++
maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/src/main/resources/META-INF/UNSIGNED.SF
Sun Aug 9 17:00:30 2009
@@ -0,0 +1,7 @@
+Signature-Version: 1.0
+Created-By: 1.4.2_16 (Sun Microsystems Inc.)
+SHA1-Digest-Manifest: gTrf1t9RIQNLDAEO4n3ikaxAoIg=
+
+Name: Main.java
+SHA1-Digest: b+ff3QfBH9heex9FQjrfgsATWVc=
+
Added: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh?rev=802558&view=auto
==============================================================================
--- maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh (added)
+++ maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh Sun Aug
9 17:00:30 2009
@@ -0,0 +1,47 @@
+import java.io.*;
+import java.util.jar.*;
+
+File targetDir = new File( basedir, "target" );
+
+File mainJarFile = new File( targetDir, "test-1.0.jar" );
+System.out.println( "Checking for existence of " + mainJarFile );
+if ( !mainJarFile.isFile() )
+{
+ throw new Exception( "missing " + mainJarFile );
+}
+
+JarFile mainJar = new JarFile( mainJarFile );
+
+System.out.println( "Checking for existence of " + mainJarFile.getName() +
"!/META-INF/TESTING.SF" );
+if ( mainJar.getEntry( "META-INF/TESTING.SF" ) == null )
+{
+ throw new Exception( "missing " + mainJarFile.getName() +
"!/META-INF/TESTING.SF" );
+}
+
+System.out.println( "Checking for existence of " + mainJarFile.getName() +
"!/META-INF/TESTING.DSA" );
+if ( mainJar.getEntry( "META-INF/TESTING.DSA" ) == null )
+{
+ throw new Exception( "missing " + mainJarFile.getName() +
"!/META-INF/TESTING.DSA" );
+}
+
+System.out.println( "Checking for absence of " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.SF" );
+if ( mainJar.getEntry( "META-INF/UNSIGNED.SF" ) != null )
+{
+ throw new Exception( "present " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.SF" );
+}
+
+System.out.println( "Checking for absence of " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.DSA" );
+if ( mainJar.getEntry( "META-INF/UNSIGNED.DSA" ) != null )
+{
+ throw new Exception( "present " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.DSA" );
+}
+
+System.out.println( "Checking for absence of " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.RSA" );
+if ( mainJar.getEntry( "META-INF/UNSIGNED.RSA" ) != null )
+{
+ throw new Exception( "present " + mainJarFile.getName() +
"!/META-INF/UNSIGNED.RSA" );
+}
+
+mainJar.close();
+
+return true;
Propchange: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: maven/plugins/trunk/maven-jarsigner-plugin/src/it/unsign/verify.bsh
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified:
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java?rev=802558&r1=802557&r2=802558&view=diff
==============================================================================
---
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java
(original)
+++
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java
Sun Aug 9 17:00:30 2009
@@ -291,10 +291,21 @@
}
/**
+ * Pre-processes a given archive.
+ *
+ * @param archive The archive to process, must not be <code>null</code>.
+ * @throws MojoExecutionException If pre-processing failed.
+ */
+ protected void preProcessArchive( final File archive )
+ throws MojoExecutionException
+ {
+ // default does nothing
+ }
+
+ /**
* Processes a given archive.
- *
+ *
* @param archive The archive to process.
- *
* @throws NullPointerException if {...@code archive} is {...@code null}.
* @throws MojoExecutionException if processing {...@code archive} fails.
*/
@@ -306,6 +317,8 @@
throw new NullPointerException( "archive" );
}
+ preProcessArchive( archive );
+
Commandline commandLine = new Commandline();
commandLine.setExecutable( this.executable );
Modified:
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerSignMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerSignMojo.java?rev=802558&r1=802557&r2=802558&view=diff
==============================================================================
---
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerSignMojo.java
(original)
+++
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerSignMojo.java
Sun Aug 9 17:00:30 2009
@@ -19,8 +19,19 @@
* under the License.
*/
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
import java.io.File;
-
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+import java.util.zip.ZipOutputStream;
+
+import org.apache.maven.plugin.MojoExecutionException;
+import org.codehaus.plexus.util.FileUtils;
+import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.plexus.util.cli.Commandline;
@@ -31,6 +42,7 @@
* @version $Id$
* @goal sign
* @phase package
+ * @since 1.0
*/
public class JarsignerSignMojo
extends AbstractJarsignerMojo
@@ -100,6 +112,15 @@
*/
private String alias;
+ /**
+ * Indicates whether existing signatures should be removed from the
processed JAR files prior to signing them. If
+ * enabled, the resulting JAR will appear as being signed only once.
+ *
+ * @parameter expression="${jarsigner.removeExistingSignatures}"
default-value="false"
+ * @since 1.1
+ */
+ private boolean removeExistingSignatures;
+
protected Commandline getCommandline( final File archive, final
Commandline commandLine )
{
if ( archive == null )
@@ -175,4 +196,108 @@
return commandLineInfo;
}
+ protected void preProcessArchive( final File archive )
+ throws MojoExecutionException
+ {
+ if ( removeExistingSignatures )
+ {
+ unsignArchive( archive );
+ }
+ }
+
+ /**
+ * Removes any existing signatures from the specified JAR file. We will
stream from the input JAR directly to the
+ * output JAR to retain as much metadata from the original JAR as possible.
+ *
+ * @param jarFile The JAR file to unsign, must not be <code>null</code>.
+ * @throws MojoExecutionException If the unsigning failed.
+ */
+ private void unsignArchive( final File jarFile )
+ throws MojoExecutionException
+ {
+ if ( getLog().isDebugEnabled() )
+ {
+ getLog().debug( "Unsigning " + jarFile );
+ }
+
+ File unsignedFile = new File( jarFile.getAbsolutePath() + ".unsigned"
);
+
+ ZipInputStream zis = null;
+ ZipOutputStream zos = null;
+ try
+ {
+ zis = new ZipInputStream( new BufferedInputStream( new
FileInputStream( jarFile ) ) );
+ zos = new ZipOutputStream( new BufferedOutputStream( new
FileOutputStream( unsignedFile ) ) );
+
+ for ( ZipEntry ze = zis.getNextEntry(); ze != null; ze =
zis.getNextEntry() )
+ {
+ if ( isSignatureFile( ze.getName() ) )
+ {
+ if ( getLog().isDebugEnabled() )
+ {
+ getLog().debug( " Removing " + ze.getName() );
+ }
+
+ continue;
+ }
+
+ zos.putNextEntry( ze );
+
+ IOUtil.copy( zis, zos );
+ }
+
+ }
+ catch ( IOException e )
+ {
+ throw new MojoExecutionException( "Failed to unsign archive " +
jarFile, e );
+ }
+ finally
+ {
+ IOUtil.close( zis );
+ IOUtil.close( zos );
+ }
+
+ try
+ {
+ FileUtils.rename( unsignedFile, jarFile );
+ }
+ catch ( IOException e )
+ {
+ throw new MojoExecutionException( "Failed to unsign archive " +
jarFile, e );
+ }
+ }
+
+ /**
+ * Checks whether the specified JAR file entry denotes a signature-related
file, i.e. matches
+ * <code>META-INF/*.SF</code>, <code>META-INF/*.DSA</code> or
<code>META-INF/*.RSA</code>.
+ *
+ * @param entryName The name of the JAR file entry to check, must not be
<code>null</code>.
+ * @return <code>true</code> if the entry is related to a signature,
<code>false</code> otherwise.
+ */
+ private boolean isSignatureFile( String entryName )
+ {
+ if ( entryName.regionMatches( true, 0, "META-INF", 0, 8 ) )
+ {
+ entryName = entryName.replace( '\\', '/' );
+
+ if ( entryName.indexOf( '/' ) == 8 && entryName.lastIndexOf( '/' )
== 8 )
+ {
+ if ( entryName.regionMatches( true, entryName.length() - 3,
".SF", 0, 3 ) )
+ {
+ return true;
+ }
+ if ( entryName.regionMatches( true, entryName.length() - 4,
".DSA", 0, 4 ) )
+ {
+ return true;
+ }
+ if ( entryName.regionMatches( true, entryName.length() - 4,
".RSA", 0, 4 ) )
+ {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
}
Modified:
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerVerifyMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerVerifyMojo.java?rev=802558&r1=802557&r2=802558&view=diff
==============================================================================
---
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerVerifyMojo.java
(original)
+++
maven/plugins/trunk/maven-jarsigner-plugin/src/main/java/org/apache/maven/plugins/jarsigner/JarsignerVerifyMojo.java
Sun Aug 9 17:00:30 2009
@@ -30,6 +30,7 @@
* @version $Id$
* @goal verify
* @phase verify
+ * @since 1.0
*/
public class JarsignerVerifyMojo
extends AbstractJarsignerMojo
Modified: maven/plugins/trunk/maven-jarsigner-plugin/src/site/fml/faq.fml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-jarsigner-plugin/src/site/fml/faq.fml?rev=802558&r1=802557&r2=802558&view=diff
==============================================================================
--- maven/plugins/trunk/maven-jarsigner-plugin/src/site/fml/faq.fml (original)
+++ maven/plugins/trunk/maven-jarsigner-plugin/src/site/fml/faq.fml Sun Aug 9
17:00:30 2009
@@ -26,7 +26,7 @@
id="FAQ" title="Frequently Asked Questions">
<part id="General">
<faq id="about">
- <question>What is Jarsigner ?</question>
+ <question>What is Jarsigner?</question>
<answer>
<p>
You can read more about this tool in the offical guide:
@@ -34,8 +34,8 @@
</p>
</answer>
</faq>
- <faq id="maven-jar-plugin">
- <question>Is it possible to sign a single archive file ?</question>
+ <faq id="single-archive">
+ <question>Is it possible to sign a single archive file?</question>
<answer>
<p>
Signing or verifying a Java archive which is neither a project
artifact
@@ -46,5 +46,16 @@
</p>
</answer>
</faq>
+ <faq id="unsign">
+ <question>How can I unsign JARs before re-signing them with my
key?</question>
+ <answer>
+ <p>
+ To remove any existing signatures from the JARs before signing with
your own key, simply set the parameter
+ <a
href="sign-mojo.html#removeExistingSignatures"><code>removeExistingSignatures</code></a>
of the
+ <a href="sign-mojo.html"><code>sign</code></a> mojo to
<code>true</code>. The resulting JAR will then appear
+ to be signed exactly once.
+ </p>
+ </answer>
+ </faq>
</part>
</faqs>
