Revision: 20321
http://sourceforge.net/p/gate/code/20321
Author: ian_roberts
Date: 2018-11-23 12:23:04 +0000 (Fri, 23 Nov 2018)
Log Message:
-----------
Added support for timestamped JAR signatures and signing keys in a PKCS12
keystore. Also removed the special handling for mail and activation jars - we
now strip the Sun signatures and add our own, so the whole app is under the
same "publisher" and therefore there's only one security warning rather than
two each time you start it.
Modified Paths:
--------------
teamware/trunk/annic-gui/build.xml
teamware/trunk/annotation-diff-gui/build.xml
teamware/trunk/annotator-gui/build.xml
teamware/trunk/executive/web/pages/annicGUIInvoker.jsp
teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
teamware/trunk/executive/web/pages/jnlpInvoker.jsp
Modified: teamware/trunk/annic-gui/build.xml
===================================================================
--- teamware/trunk/annic-gui/build.xml 2018-11-19 15:44:16 UTC (rev 20320)
+++ teamware/trunk/annic-gui/build.xml 2018-11-23 12:23:04 UTC (rev 20321)
@@ -21,6 +21,7 @@
<property name="buildDir" value="build" />
<property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
<property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+ <property name="keystoreType" value="jks" />
<property name="storepass" value="storepass" />
<property name="keypass" value="keypass" />
<property name="alias" value="GATE" />
@@ -79,9 +80,31 @@
<delete file="${annicgui.jar.location}" />
</target>
+ <target name="signtask-no-ts" unless="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}"
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask-with-ts" if="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}"
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}"
tsaurl="${signjar.timestampUrl}" />
+ <!-- sleep so we don't hit the timestamp server rate limit -->
+ <sleep seconds="15" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
<!-- === Prepare Target ==================================== -->
<!-- create build directory structure -->
- <target name="prepare">
+ <target name="prepare" depends="signtask">
<mkdir dir="${outputDir}" />
<mkdir dir="${buildDir}" />
<mkdir dir="${unsignedDir}" />
@@ -138,7 +161,7 @@
<jar destfile="${annicgui.jar.location}" update="false" index="true"
manifest="${annicgui.manifest.template}">
<fileset dir="${outputDir}/" />
</jar>
- <signjar jar="${annicgui.jar.location}" alias="${alias}"
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+ <tw-sign jar="${annicgui.jar.location}" />
</target>
@@ -189,8 +212,6 @@
<fileset dir="${unsignedDir}/app">
<include name="*.jar" />
<include name="*.zip" />
- <exclude name="activation.jar" />
- <exclude name="mail.jar" />
</fileset>
</sourcefiles>
<mapper type="glob" dir="${unsignedDir}/app"
@@ -204,7 +225,7 @@
</pathconvert>
<!-- copy updated JARs into dist directory, removing any existing
- signatures -->
+ signatures, and sign them ourselves -->
<for param="jar" list="${unsigned.jar.names}">
<sequential>
<zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -214,23 +235,9 @@
<exclude name="META-INF/*.RSA" />
</zipfileset>
</zip>
+ <tw-sign jar="${distDir}/app/@{jar}" />
</sequential>
</for>
-
- <copy todir="${distDir}/app">
- <!-- activation and mail are already signed -->
- <fileset dir="${unsignedDir}/app">
- <include name="mail.jar" />
- <include name="activation.jar" />
- </fileset>
- </copy>
-
- <!-- and sign them -->
- <pathtofileset name="unsigned.jars.dest"
pathrefid="unsigned.jars.dest.path"
- dir="${distDir}/app" />
- <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}"
keypass="${keypass}">
- <fileset refid="unsigned.jars.dest" />
- </signjar>
</target>
<!-- =================================================================== -->
Modified: teamware/trunk/annotation-diff-gui/build.xml
===================================================================
--- teamware/trunk/annotation-diff-gui/build.xml 2018-11-19 15:44:16 UTC
(rev 20320)
+++ teamware/trunk/annotation-diff-gui/build.xml 2018-11-23 12:23:04 UTC
(rev 20321)
@@ -21,6 +21,7 @@
<property name="buildDir" value="build" />
<property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
<property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+ <property name="keystoreType" value="jks" />
<property name="storepass" value="storepass" />
<property name="keypass" value="keypass" />
<property name="alias" value="GATE" />
@@ -79,9 +80,31 @@
<delete file="${annotationdiffgui.jar.location}" />
</target>
+ <target name="signtask-no-ts" unless="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}"
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask-with-ts" if="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}"
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}"
tsaurl="${signjar.timestampUrl}" />
+ <!-- sleep so we don't hit the timestamp server rate limit -->
+ <sleep seconds="15" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
<!-- === Prepare Target ==================================== -->
<!-- create build directory structure -->
- <target name="prepare">
+ <target name="prepare" depends="signtask">
<mkdir dir="${outputDir}" />
<mkdir dir="${buildDir}" />
<mkdir dir="${unsignedDir}" />
@@ -138,7 +161,7 @@
<jar destfile="${annotationdiffgui.jar.location}" update="false"
index="true" manifest="${annotationdiffgui.manifest.template}">
<fileset dir="${outputDir}/" />
</jar>
- <signjar jar="${annotationdiffgui.jar.location}" alias="${alias}"
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+ <tw-sign jar="${annotationdiffgui.jar.location}" />
</target>
@@ -189,8 +212,6 @@
<fileset dir="${unsignedDir}/app">
<include name="*.jar" />
<include name="*.zip" />
- <exclude name="activation.jar" />
- <exclude name="mail.jar" />
</fileset>
</sourcefiles>
<mapper type="glob" dir="${unsignedDir}/app"
@@ -204,7 +225,7 @@
</pathconvert>
<!-- copy updated JARs into dist directory, removing any existing
- signatures -->
+ signatures, and sign them ourselves -->
<for param="jar" list="${unsigned.jar.names}">
<sequential>
<zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -214,23 +235,9 @@
<exclude name="META-INF/*.RSA" />
</zipfileset>
</zip>
+ <tw-sign jar="${distDir}/app/@{jar}" />
</sequential>
</for>
-
- <copy todir="${distDir}/app">
- <!-- activation and mail are already signed -->
- <fileset dir="${unsignedDir}/app">
- <include name="mail.jar" />
- <include name="activation.jar" />
- </fileset>
- </copy>
-
- <!-- and sign them -->
- <pathtofileset name="unsigned.jars.dest"
pathrefid="unsigned.jars.dest.path"
- dir="${distDir}/app" />
- <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}"
keypass="${keypass}">
- <fileset refid="unsigned.jars.dest" />
- </signjar>
</target>
<!-- =================================================================== -->
Modified: teamware/trunk/annotator-gui/build.xml
===================================================================
--- teamware/trunk/annotator-gui/build.xml 2018-11-19 15:44:16 UTC (rev
20320)
+++ teamware/trunk/annotator-gui/build.xml 2018-11-23 12:23:04 UTC (rev
20321)
@@ -22,6 +22,7 @@
<property name="buildDir" value="build" />
<property name="unsignedDir" location="${jws-guis.dir}/unsigned" />
<property name="keystore" location="${jws-guis.dir}/resources/keystore" />
+ <property name="keystoreType" value="jks" />
<property name="storepass" value="storepass" />
<property name="keypass" value="keypass" />
<property name="alias" value="GATE" />
@@ -84,9 +85,31 @@
<delete dir="${outputDir}" />
</target>
+ <target name="signtask-no-ts" unless="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" storetype="${keystoreType}"
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask-with-ts" if="signjar.timestampUrl">
+ <macrodef name="tw-sign">
+ <attribute name="jar" />
+ <sequential>
+ <signjar jar="@{jar}" alias="${alias}" keystore="${keystore}"
storetype="${keystoreType}" storepass="${storepass}" keypass="${keypass}"
tsaurl="${signjar.timestampUrl}" />
+ <!-- sleep so we don't hit the timestamp server rate limit -->
+ <sleep seconds="15" />
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="signtask" depends="signtask-no-ts, signtask-with-ts" />
+
<!-- === Prepare Target ==================================== -->
<!-- create build directory structure -->
- <target name="prepare">
+ <target name="prepare" depends="signtask">
<mkdir dir="${outputDir}" />
<mkdir dir="${buildDir}" />
<mkdir dir="${unsignedDir}" />
@@ -142,7 +165,7 @@
<jar destfile="${annotatorgui.jar.location}" update="false" index="true"
manifest="${annotatorgui.manifest.template}">
<fileset dir="${outputDir}/" />
</jar>
- <signjar jar="${annotatorgui.jar.location}" alias="${alias}"
keystore="${keystore}" storepass="${storepass}" keypass="${keypass}" />
+ <tw-sign jar="${annotatorgui.jar.location}" />
</target>
@@ -205,8 +228,6 @@
<fileset dir="${unsignedDir}/app">
<include name="*.jar" />
<include name="*.zip" />
- <exclude name="activation.jar" />
- <exclude name="mail.jar" />
</fileset>
</sourcefiles>
<mapper type="glob" dir="${unsignedDir}/app"
@@ -220,7 +241,7 @@
</pathconvert>
<!-- copy updated JARs into dist directory, removing any existing
- signatures -->
+ signatures, and sign them ourselves -->
<for param="jar" list="${unsigned.jar.names}">
<sequential>
<zip destfile="${distDir}/app/@{jar}" encoding="UTF-8">
@@ -230,23 +251,9 @@
<exclude name="META-INF/*.RSA" />
</zipfileset>
</zip>
+ <tw-sign jar="${distDir}/app/@{jar}" />
</sequential>
</for>
-
- <copy todir="${distDir}/app">
- <!-- activation and mail are already signed -->
- <fileset dir="${unsignedDir}/app">
- <include name="mail.jar" />
- <include name="activation.jar" />
- </fileset>
- </copy>
-
- <!-- and sign them -->
- <pathtofileset name="unsigned.jars.dest"
pathrefid="unsigned.jars.dest.path"
- dir="${distDir}/app" />
- <signjar alias="${alias}" keystore="${keystore}" storepass="${storepass}"
keypass="${keypass}">
- <fileset refid="unsigned.jars.dest" />
- </signjar>
</target>
<!-- =================================================================== -->
Modified: teamware/trunk/executive/web/pages/annicGUIInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/annicGUIInvoker.jsp 2018-11-19
15:44:16 UTC (rev 20320)
+++ teamware/trunk/executive/web/pages/annicGUIInvoker.jsp 2018-11-23
12:23:04 UTC (rev 20321)
@@ -71,8 +71,8 @@
<resources>
<j2se version="9+" java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"
max-heap-size="768m"/>
<j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m" />
-<extension name="Activation" href="activation.jnlp" />
-<extension name="Mail" href="mail.jnlp" />
+<jar href="activation-1.1.1.jar" />
+<jar href="mail-1.4.3.jar" />
<jar href="annicgui.jar" />
<jar href="geronimo-jaxws_2.1_spec-1.0.jar" />
<jar href="jsr181-api-1.0-MR1.jar" />
Modified: teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
2018-11-19 15:44:16 UTC (rev 20320)
+++ teamware/trunk/executive/web/pages/annotationDiffJnlpInvoker.jsp
2018-11-23 12:23:04 UTC (rev 20321)
@@ -95,8 +95,8 @@
<resources>
<j2se version="9+" java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"
max-heap-size="768m"/>
<j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m" />
-<extension name="Activation" href="activation.jnlp" />
-<extension name="Mail" href="mail.jnlp" />
+<jar href="activation-1.1.1.jar" />
+<jar href="mail-1.4.3.jar" />
<jar href="annotation-diff-gui.jar" />
<jar href="docservice-proxy-api.jar" />
<jar href="docservice-proxy-impl.jar" />
Modified: teamware/trunk/executive/web/pages/jnlpInvoker.jsp
===================================================================
--- teamware/trunk/executive/web/pages/jnlpInvoker.jsp 2018-11-19 15:44:16 UTC
(rev 20320)
+++ teamware/trunk/executive/web/pages/jnlpInvoker.jsp 2018-11-23 12:23:04 UTC
(rev 20321)
@@ -261,8 +261,8 @@
<resources>
<j2se version="9+"
java-vm-args="--add-opens=java.base/java.lang=ALL-UNNAMED"
max-heap-size="768m"/>
<j2se version="1.6+" java-vm-args="-Xmx1024M" max-heap-size="768m"/>
- <extension name="Activation" href="activation.jnlp"/>
- <extension name="Mail" href="mail.jnlp"/>
+ <jar href="activation-1.1.1.jar"/>
+ <jar href="mail-1.4.3.jar"/>
<jar href="annotator-gui.jar"/>
<jar href="executive-proxy-api.jar"/>
<jar href="executive-proxy-impl.jar"/>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
GATE-cvs mailing list
GATE-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gate-cvs
