[gate-cvs] SF.net SVN: gate:[20321] teamware/trunk

ian_roberts--- via GATE-cvs Fri, 23 Nov 2018 04:23:56 -0800

Revision: 20321
          http://sourceforge.net/p/gate/code/20321
Author:   ian_roberts
Date:     2018-11-23 12:23:04 +0000 (Fri, 23 Nov 2018)
Log Message:
-----------
Added support for timestamped JAR signatures and signing keys in a PKCS12 
keystore.  Also removed the special handling for mail and activation jars - we 
now strip the Sun signatures and add our own, so the whole app is under the 
same "publisher" and therefore there's only one security warning rather than 
two each time you start it.


Modified Paths:
--------------
    teamware/trunk/annic-gui/build.xml
    teamware/trunk/annotation-diff-gui/build.xml
    teamware/trunk/annotator-gui/build.xml
    teamware/trunk/executive/web/pages/annicGUIInvoker.jsp
    teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
    teamware/trunk/executive/web/pages/jnlpInvoker.jsp

Modified: teamware/trunk/annic-gui/build.xml
===================================================================
--- teamware/trunk/annic-gui/build.xml  2018-11-19 15:44:16 UTC (rev 20320)
+++ teamware/trunk/annic-gui/build.xml  2018-11-23 12:23:04 UTC (rev 20321)
@@ -21,6 +21,7 @@
   <property name="buildDir" value="build" />
   <property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
   <property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+  <property name="keystoreType" value="jks" />
   <property name="storepass" value="storepass" />
   <property name="keypass" value="keypass" />
   <property name="alias" value="GATE" />
@@ -79,9 +80,31 @@
     <delete file="${annicgui.jar.location}" />
   </target>
 
+  <target name="signtask-no-ts" unless="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}" 
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask-with-ts" if="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}" 
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" 
tsaurl="${signjar.timestampUrl}" />
+        <!-- sleep so we don't hit the timestamp server rate limit -->
+        <sleep seconds="15" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
   <!-- ===  Prepare Target ==================================== -->
   <!-- create build directory structure -->
-  <target name="prepare">
+  <target name="prepare" depends="signtask">
     <mkdir dir="${outputDir}" />
     <mkdir dir="${buildDir}" />
     <mkdir dir="${unsignedDir}" />
@@ -138,7 +161,7 @@
     <jar destfile="${annicgui.jar.location}" update="false" index="true" 
manifest="${annicgui.manifest.template}">
       <fileset dir="${outputDir}/" />
     </jar>
-    <signjar jar="${annicgui.jar.location}" alias="${alias}" 
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+    <tw-sign jar="${annicgui.jar.location}" />
   </target>
 
 
@@ -189,8 +212,6 @@
         <fileset dir="${unsignedDir}/app">
           <include name="*.jar" />
           <include name="*.zip" />
-          <exclude name="activation.jar" />
-          <exclude name="mail.jar" />
         </fileset>
       </sourcefiles>
       <mapper type="glob" dir="${unsignedDir}/app"
@@ -204,7 +225,7 @@
     </pathconvert>
 
     <!-- copy updated JARs into dist directory, removing any existing
-         signatures -->
+         signatures, and sign them ourselves -->
     <for param="jar" list="${unsigned.jar.names}">
       <sequential>
         <zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -214,23 +235,9 @@
             <exclude name="META-INF/*.RSA" />
           </zipfileset>
         </zip>
+        <tw-sign jar="${distDir}/app/@{jar}" />
       </sequential>
     </for>
-
-    <copy todir="${distDir}/app">
-      <!-- activation and mail are already signed -->
-      <fileset dir="${unsignedDir}/app">
-        <include name="mail.jar" />
-        <include name="activation.jar" />
-      </fileset>
-    </copy>
-
-    <!-- and sign them -->
-    <pathtofileset name="unsigned.jars.dest" 
pathrefid="unsigned.jars.dest.path"
-                   dir="${distDir}/app" />
-    <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}" 
keypass="${keypass}">
-      <fileset refid="unsigned.jars.dest" />
-    </signjar>
   </target>
 
   <!-- =================================================================== -->

Modified: teamware/trunk/annotation-diff-gui/build.xml
===================================================================
--- teamware/trunk/annotation-diff-gui/build.xml        2018-11-19 15:44:16 UTC 
(rev 20320)
+++ teamware/trunk/annotation-diff-gui/build.xml        2018-11-23 12:23:04 UTC 
(rev 20321)
@@ -21,6 +21,7 @@
   <property name="buildDir" value="build" />
   <property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
   <property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+  <property name="keystoreType" value="jks" />
   <property name="storepass" value="storepass" />
   <property name="keypass" value="keypass" />
   <property name="alias" value="GATE" />
@@ -79,9 +80,31 @@
     <delete file="${annotationdiffgui.jar.location}" />
   </target>
 
+  <target name="signtask-no-ts" unless="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}" 
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask-with-ts" if="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}" 
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" 
tsaurl="${signjar.timestampUrl}" />
+        <!-- sleep so we don't hit the timestamp server rate limit -->
+        <sleep seconds="15" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
   <!-- ===  Prepare Target ==================================== -->
   <!-- create build directory structure -->
-  <target name="prepare">
+  <target name="prepare" depends="signtask">
     <mkdir dir="${outputDir}" />
     <mkdir dir="${buildDir}" />
     <mkdir dir="${unsignedDir}" />
@@ -138,7 +161,7 @@
     <jar destfile="${annotationdiffgui.jar.location}" update="false" 
index="true" manifest="${annotationdiffgui.manifest.template}">
       <fileset dir="${outputDir}/" />
     </jar>
-    <signjar jar="${annotationdiffgui.jar.location}" alias="${alias}" 
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+    <tw-sign jar="${annotationdiffgui.jar.location}" />
   </target>
 
 
@@ -189,8 +212,6 @@
         <fileset dir="${unsignedDir}/app">
           <include name="*.jar" />
           <include name="*.zip" />
-          <exclude name="activation.jar" />
-          <exclude name="mail.jar" />
         </fileset>
       </sourcefiles>
       <mapper type="glob" dir="${unsignedDir}/app"
@@ -204,7 +225,7 @@
     </pathconvert>
 
     <!-- copy updated JARs into dist directory, removing any existing
-         signatures -->
+         signatures, and sign them ourselves -->
     <for param="jar" list="${unsigned.jar.names}">
       <sequential>
         <zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -214,23 +235,9 @@
             <exclude name="META-INF/*.RSA" />
           </zipfileset>
         </zip>
+        <tw-sign jar="${distDir}/app/@{jar}" />
       </sequential>
     </for>
-
-    <copy todir="${distDir}/app">
-      <!-- activation and mail are already signed -->
-      <fileset dir="${unsignedDir}/app">
-        <include name="mail.jar" />
-        <include name="activation.jar" />
-      </fileset>
-    </copy>
-
-    <!-- and sign them -->
-    <pathtofileset name="unsigned.jars.dest" 
pathrefid="unsigned.jars.dest.path"
-                   dir="${distDir}/app" />
-    <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}" 
keypass="${keypass}">
-      <fileset refid="unsigned.jars.dest" />
-    </signjar>
   </target>
 
   <!-- =================================================================== -->

Modified: teamware/trunk/annotator-gui/build.xml
===================================================================
--- teamware/trunk/annotator-gui/build.xml      2018-11-19 15:44:16 UTC (rev 
20320)
+++ teamware/trunk/annotator-gui/build.xml      2018-11-23 12:23:04 UTC (rev 
20321)
@@ -22,6 +22,7 @@
   <property name="buildDir" value="build" />
   <property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
   <property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+  <property name="keystoreType" value="jks" />
   <property name="storepass" value="storepass" />
   <property name="keypass" value="keypass" />
   <property name="alias" value="GATE" />
@@ -84,9 +85,31 @@
     <delete dir="${outputDir}" />
   </target>
 
+  <target name="signtask-no-ts" unless="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" storetype="${keystoreType}" 
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask-with-ts" if="signjar.timestampUrl">
+    <macrodef name="tw-sign">
+      <attribute name="jar" />
+      <sequential>
+        <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}" 
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" 
tsaurl="${signjar.timestampUrl}" />
+        <!-- sleep so we don't hit the timestamp server rate limit -->
+        <sleep seconds="15" />
+      </sequential>
+    </macrodef>
+  </target>
+
+  <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
   <!-- ===  Prepare Target ==================================== -->
   <!-- create build directory structure -->
-  <target name="prepare">
+  <target name="prepare" depends="signtask">
     <mkdir dir="${outputDir}" />
     <mkdir dir="${buildDir}" />
     <mkdir dir="${unsignedDir}" />
@@ -142,7 +165,7 @@
     <jar destfile="${annotatorgui.jar.location}" update="false" index="true" 
manifest="${annotatorgui.manifest.template}">
       <fileset dir="${outputDir}/" />
     </jar>
-    <signjar jar="${annotatorgui.jar.location}" alias="${alias}" 
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+    <tw-sign jar="${annotatorgui.jar.location}" />
   </target>
 
 
@@ -205,8 +228,6 @@
         <fileset dir="${unsignedDir}/app">
           <include name="*.jar" />
           <include name="*.zip" />
-          <exclude name="activation.jar" />
-          <exclude name="mail.jar" />
         </fileset>
       </sourcefiles>
       <mapper type="glob" dir="${unsignedDir}/app"
@@ -220,7 +241,7 @@
     </pathconvert>
 
     <!-- copy updated JARs into dist directory, removing any existing
-         signatures -->
+         signatures, and sign them ourselves -->
     <for param="jar" list="${unsigned.jar.names}">
       <sequential>
         <zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -230,23 +251,9 @@
             <exclude name="META-INF/*.RSA" />
           </zipfileset>
         </zip>
+        <tw-sign jar="${distDir}/app/@{jar}" />
       </sequential>
     </for>
-
-    <copy todir="${distDir}/app">
-      <!-- activation and mail are already signed -->
-      <fileset dir="${unsignedDir}/app">
-        <include name="mail.jar" />
-        <include name="activation.jar" />
-      </fileset>
-    </copy>
-
-    <!-- and sign them -->
-    <pathtofileset name="unsigned.jars.dest" 
pathrefid="unsigned.jars.dest.path"
-                   dir="${distDir}/app" />
-    <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}" 
keypass="${keypass}">
-      <fileset refid="unsigned.jars.dest" />
-    </signjar>
   </target>
 
   <!-- =================================================================== -->

Modified: teamware/trunk/executive/web/pages/annicGUIInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/annicGUIInvoker.jsp      2018-11-19 
15:44:16 UTC (rev 20320)
+++ teamware/trunk/executive/web/pages/annicGUIInvoker.jsp      2018-11-23 
12:23:04 UTC (rev 20321)
@@ -71,8 +71,8 @@
 <resources>
 <j2se version="9+" java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED" 
max-heap-size="768m"/>
 <j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m" />
-<extension name="Activation" href="activation.jnlp" />
-<extension name="Mail" href="mail.jnlp" />
+<jar href="activation-1.1.1.jar" />
+<jar href="mail-1.4.3.jar" />
 <jar href="annicgui.jar" />
 <jar href="geronimo-jaxws_2.1_spec-1.0.jar" />
 <jar href="jsr181-api-1.0-MR1.jar" />

Modified: teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp    
2018-11-19 15:44:16 UTC (rev 20320)
+++ teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp    
2018-11-23 12:23:04 UTC (rev 20321)
@@ -95,8 +95,8 @@
 <resources>
 <j2se version="9+" java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED" 
max-heap-size="768m"/>
 <j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m" />
-<extension name="Activation" href="activation.jnlp" />
-<extension name="Mail" href="mail.jnlp" />
+<jar href="activation-1.1.1.jar" />
+<jar href="mail-1.4.3.jar" />
 <jar href="annotation-diff-gui.jar" />
 <jar href="docservice-proxy-api.jar" />
 <jar href="docservice-proxy-impl.jar" />

Modified: teamware/trunk/executive/web/pages/jnlpInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/jnlpInvoker.jsp  2018-11-19 15:44:16 UTC 
(rev 20320)
+++ teamware/trunk/executive/web/pages/jnlpInvoker.jsp  2018-11-23 12:23:04 UTC 
(rev 20321)
@@ -261,8 +261,8 @@
   <resources>
   <j2se version="9+" 
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED" 
max-heap-size="768m"/>
   <j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m"/>
-  <extension name="Activation" href="activation.jnlp"/>
-  <extension name="Mail" href="mail.jnlp"/>
+  <jar href="activation-1.1.1.jar"/>
+  <jar href="mail-1.4.3.jar"/>
   <jar href="annotator-gui.jar"/>
   <jar href="executive-proxy-api.jar"/>
   <jar href="executive-proxy-impl.jar"/>

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.



_______________________________________________
GATE-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/gate-cvs

[gate-cvs] SF.net SVN: gate:[20321] teamware/trunk

Reply via email to