1 | /*
|
---|
2 | * Copyright 2000-2004 The Apache Software Foundation
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License, Version 2.0 (the "License");
|
---|
5 | * you may not use this file except in compliance with the License.
|
---|
6 | * You may obtain a copy of the License at
|
---|
7 | *
|
---|
8 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
9 | *
|
---|
10 | * Unless required by applicable law or agreed to in writing, software
|
---|
11 | * distributed under the License is distributed on an "AS IS" BASIS,
|
---|
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
13 | * See the License for the specific language governing permissions and
|
---|
14 | * limitations under the License.
|
---|
15 | *
|
---|
16 | */
|
---|
17 | package org.apache.tools.ant.taskdefs;
|
---|
18 |
|
---|
19 | import java.io.File;
|
---|
20 | import java.io.IOException;
|
---|
21 | import java.util.Enumeration;
|
---|
22 | import java.util.Vector;
|
---|
23 | import java.util.zip.ZipEntry;
|
---|
24 | import java.util.zip.ZipFile;
|
---|
25 | import org.apache.tools.ant.BuildException;
|
---|
26 | import org.apache.tools.ant.DirectoryScanner;
|
---|
27 | import org.apache.tools.ant.Project;
|
---|
28 | import org.apache.tools.ant.Task;
|
---|
29 | import org.apache.tools.ant.types.FileSet;
|
---|
30 | import org.apache.tools.ant.util.JavaEnvUtils;
|
---|
31 |
|
---|
32 | /**
|
---|
33 | * Signs JAR or ZIP files with the javasign command line tool. The
|
---|
34 | * tool detailed dependency checking: files are only signed if they
|
---|
35 | * are not signed. The <tt>signjar</tt> attribute can point to the file to
|
---|
36 | * generate; if this file exists then
|
---|
37 | * its modification date is used as a cue as to whether to resign any JAR file.
|
---|
38 | *
|
---|
39 | * @since Ant 1.1
|
---|
40 | * @ant.task category="java"
|
---|
41 | */
|
---|
42 | public class SignJar extends Task {
|
---|
43 |
|
---|
44 | /**
|
---|
45 | * The name of the jar file.
|
---|
46 | */
|
---|
47 | protected File jar;
|
---|
48 |
|
---|
49 | /**
|
---|
50 | * The alias of signer.
|
---|
51 | */
|
---|
52 | protected String alias;
|
---|
53 |
|
---|
54 | /**
|
---|
55 | * The name of keystore file.
|
---|
56 | */
|
---|
57 | private String keystore;
|
---|
58 |
|
---|
59 | protected String storepass;
|
---|
60 | protected String storetype;
|
---|
61 | protected String keypass;
|
---|
62 | protected String sigfile;
|
---|
63 | protected File signedjar;
|
---|
64 | protected boolean verbose;
|
---|
65 | protected boolean internalsf;
|
---|
66 | protected boolean sectionsonly;
|
---|
67 |
|
---|
68 | /** The maximum amount of memory to use for Jar signer */
|
---|
69 | private String maxMemory;
|
---|
70 |
|
---|
71 | /**
|
---|
72 | * the filesets of the jars to sign
|
---|
73 | */
|
---|
74 | protected Vector filesets = new Vector();
|
---|
75 |
|
---|
76 | /**
|
---|
77 | * Whether to assume a jar which has an appropriate .SF file in is already
|
---|
78 | * signed.
|
---|
79 | */
|
---|
80 | protected boolean lazy;
|
---|
81 |
|
---|
82 |
|
---|
83 | /**
|
---|
84 | * Set the maximum memory to be used by the jarsigner process
|
---|
85 | *
|
---|
86 | * @param max a string indicating the maximum memory according to the
|
---|
87 | * JVM conventions (e.g. 128m is 128 Megabytes)
|
---|
88 | */
|
---|
89 | public void setMaxmemory(String max) {
|
---|
90 | maxMemory = max;
|
---|
91 | }
|
---|
92 |
|
---|
93 | /**
|
---|
94 | * the jar file to sign; required
|
---|
95 | */
|
---|
96 | public void setJar(final File jar) {
|
---|
97 | this.jar = jar;
|
---|
98 | }
|
---|
99 |
|
---|
100 | /**
|
---|
101 | * the alias to sign under; required
|
---|
102 | */
|
---|
103 | public void setAlias(final String alias) {
|
---|
104 | this.alias = alias;
|
---|
105 | }
|
---|
106 |
|
---|
107 | /**
|
---|
108 | * keystore location; required
|
---|
109 | */
|
---|
110 | public void setKeystore(final String keystore) {
|
---|
111 | this.keystore = keystore;
|
---|
112 | }
|
---|
113 |
|
---|
114 | /**
|
---|
115 | * password for keystore integrity; required
|
---|
116 | */
|
---|
117 | public void setStorepass(final String storepass) {
|
---|
118 | this.storepass = storepass;
|
---|
119 | }
|
---|
120 |
|
---|
121 | /**
|
---|
122 | * keystore type; optional
|
---|
123 | */
|
---|
124 | public void setStoretype(final String storetype) {
|
---|
125 | this.storetype = storetype;
|
---|
126 | }
|
---|
127 |
|
---|
128 | /**
|
---|
129 | * password for private key (if different); optional
|
---|
130 | */
|
---|
131 | public void setKeypass(final String keypass) {
|
---|
132 | this.keypass = keypass;
|
---|
133 | }
|
---|
134 |
|
---|
135 | /**
|
---|
136 | * name of .SF/.DSA file; optional
|
---|
137 | */
|
---|
138 | public void setSigfile(final String sigfile) {
|
---|
139 | this.sigfile = sigfile;
|
---|
140 | }
|
---|
141 |
|
---|
142 | /**
|
---|
143 | * name of signed JAR file; optional
|
---|
144 | */
|
---|
145 | public void setSignedjar(final File signedjar) {
|
---|
146 | this.signedjar = signedjar;
|
---|
147 | }
|
---|
148 |
|
---|
149 | /**
|
---|
150 | * Enable verbose output when signing
|
---|
151 | * ; optional: default false
|
---|
152 | */
|
---|
153 | public void setVerbose(final boolean verbose) {
|
---|
154 | this.verbose = verbose;
|
---|
155 | }
|
---|
156 |
|
---|
157 | /**
|
---|
158 | * Flag to include the .SF file inside the signature;
|
---|
159 | * optional; default false
|
---|
160 | */
|
---|
161 | public void setInternalsf(final boolean internalsf) {
|
---|
162 | this.internalsf = internalsf;
|
---|
163 | }
|
---|
164 |
|
---|
165 | /**
|
---|
166 | * flag to compute hash of entire manifest;
|
---|
167 | * optional, default false
|
---|
168 | */
|
---|
169 | public void setSectionsonly(final boolean sectionsonly) {
|
---|
170 | this.sectionsonly = sectionsonly;
|
---|
171 | }
|
---|
172 |
|
---|
173 | /**
|
---|
174 | * flag to control whether the presence of a signature
|
---|
175 | * file means a JAR is signed;
|
---|
176 | * optional, default false
|
---|
177 | */
|
---|
178 | public void setLazy(final boolean lazy) {
|
---|
179 | this.lazy = lazy;
|
---|
180 | }
|
---|
181 |
|
---|
182 | /**
|
---|
183 | * Adds a set of files to sign
|
---|
184 | * @since Ant 1.4
|
---|
185 | */
|
---|
186 | public void addFileset(final FileSet set) {
|
---|
187 | filesets.addElement(set);
|
---|
188 | }
|
---|
189 |
|
---|
190 |
|
---|
191 | /**
|
---|
192 | * sign the jar(s)
|
---|
193 | */
|
---|
194 | public void execute() throws BuildException {
|
---|
195 | if (null == jar && filesets.size() == 0) {
|
---|
196 | throw new BuildException("jar must be set through jar attribute "
|
---|
197 | + "or nested filesets");
|
---|
198 | }
|
---|
199 | if (null != jar) {
|
---|
200 | if (filesets.size() != 0) {
|
---|
201 | log("nested filesets will be ignored if the jar attribute has"
|
---|
202 | + " been specified.", Project.MSG_WARN);
|
---|
203 | }
|
---|
204 |
|
---|
205 | doOneJar(jar, signedjar);
|
---|
206 | return;
|
---|
207 | } else {
|
---|
208 | // deal with the filesets
|
---|
209 | for (int i = 0; i < filesets.size(); i++) {
|
---|
210 | FileSet fs = (FileSet) filesets.elementAt(i);
|
---|
211 | DirectoryScanner ds = fs.getDirectoryScanner(getProject());
|
---|
212 | String[] jarFiles = ds.getIncludedFiles();
|
---|
213 | for (int j = 0; j < jarFiles.length; j++) {
|
---|
214 | doOneJar(new File(fs.getDir(getProject()), jarFiles[j]), null);
|
---|
215 | }
|
---|
216 | }
|
---|
217 | }
|
---|
218 | }
|
---|
219 |
|
---|
220 | /**
|
---|
221 | * sign one jar
|
---|
222 | */
|
---|
223 | private void doOneJar(File jarSource, File jarTarget)
|
---|
224 | throws BuildException {
|
---|
225 |
|
---|
226 | if (null == alias) {
|
---|
227 | throw new BuildException("alias attribute must be set");
|
---|
228 | }
|
---|
229 |
|
---|
230 | if (null == storepass) {
|
---|
231 | throw new BuildException("storepass attribute must be set");
|
---|
232 | }
|
---|
233 |
|
---|
234 | if (isUpToDate(jarSource, jarTarget)) {
|
---|
235 | return;
|
---|
236 | }
|
---|
237 |
|
---|
238 | final ExecTask cmd = (ExecTask) getProject().createTask("exec");
|
---|
239 | cmd.setExecutable(JavaEnvUtils.getJdkExecutable("jarsigner"));
|
---|
240 |
|
---|
241 | if (maxMemory != null) {
|
---|
242 | cmd.createArg().setValue("-J-Xmx" + maxMemory);
|
---|
243 | }
|
---|
244 |
|
---|
245 | if (null != keystore) {
|
---|
246 | // is the keystore a file
|
---|
247 | File keystoreFile = getProject().resolveFile(keystore);
|
---|
248 | if (keystoreFile.exists()) {
|
---|
249 | cmd.createArg().setValue("-keystore");
|
---|
250 | cmd.createArg().setValue(keystoreFile.getPath());
|
---|
251 | } else {
|
---|
252 | // must be a URL - just pass as is
|
---|
253 | cmd.createArg().setValue("-keystore");
|
---|
254 | cmd.createArg().setValue(keystore);
|
---|
255 | }
|
---|
256 | }
|
---|
257 |
|
---|
258 | if (null != storepass) {
|
---|
259 | cmd.createArg().setValue("-storepass");
|
---|
260 | cmd.createArg().setValue(storepass);
|
---|
261 | }
|
---|
262 |
|
---|
263 | if (null != storetype) {
|
---|
264 | cmd.createArg().setValue("-storetype");
|
---|
265 | cmd.createArg().setValue(storetype);
|
---|
266 | }
|
---|
267 |
|
---|
268 | if (null != keypass) {
|
---|
269 | cmd.createArg().setValue("-keypass");
|
---|
270 | cmd.createArg().setValue(keypass);
|
---|
271 | }
|
---|
272 |
|
---|
273 | if (null != sigfile) {
|
---|
274 | cmd.createArg().setValue("-sigfile");
|
---|
275 | cmd.createArg().setValue(sigfile);
|
---|
276 | }
|
---|
277 |
|
---|
278 | if (null != jarTarget) {
|
---|
279 | cmd.createArg().setValue("-signedjar");
|
---|
280 | cmd.createArg().setValue(jarTarget.toString());
|
---|
281 | }
|
---|
282 |
|
---|
283 | if (verbose) {
|
---|
284 | cmd.createArg().setValue("-verbose");
|
---|
285 | }
|
---|
286 |
|
---|
287 | if (internalsf) {
|
---|
288 | cmd.createArg().setValue("-internalsf");
|
---|
289 | }
|
---|
290 |
|
---|
291 | if (sectionsonly) {
|
---|
292 | cmd.createArg().setValue("-sectionsonly");
|
---|
293 | }
|
---|
294 |
|
---|
295 | cmd.createArg().setValue(jarSource.toString());
|
---|
296 |
|
---|
297 | cmd.createArg().setValue(alias);
|
---|
298 |
|
---|
299 | log("Signing JAR: " + jarSource.getAbsolutePath());
|
---|
300 | cmd.setFailonerror(true);
|
---|
301 | cmd.setTaskName(getTaskName());
|
---|
302 | cmd.execute();
|
---|
303 | }
|
---|
304 |
|
---|
305 | protected boolean isUpToDate(File jarFile, File signedjarFile) {
|
---|
306 | if (null == jarFile) {
|
---|
307 | return false;
|
---|
308 | }
|
---|
309 |
|
---|
310 | if (null != signedjarFile) {
|
---|
311 |
|
---|
312 | if (!jarFile.exists()) {
|
---|
313 | return false;
|
---|
314 | }
|
---|
315 | if (!signedjarFile.exists()) {
|
---|
316 | return false;
|
---|
317 | }
|
---|
318 | if (jarFile.equals(signedjarFile)) {
|
---|
319 | return false;
|
---|
320 | }
|
---|
321 | if (signedjarFile.lastModified() > jarFile.lastModified()) {
|
---|
322 | return true;
|
---|
323 | }
|
---|
324 | } else {
|
---|
325 | if (lazy) {
|
---|
326 | return isSigned(jarFile);
|
---|
327 | }
|
---|
328 | }
|
---|
329 |
|
---|
330 | return false;
|
---|
331 | }
|
---|
332 |
|
---|
333 | /**
|
---|
334 | * test for a file being signed, by looking for a signature in the META-INF
|
---|
335 | * directory
|
---|
336 | * @param file
|
---|
337 | * @return true if the file is signed
|
---|
338 | */
|
---|
339 | protected boolean isSigned(File file) {
|
---|
340 | final String SIG_START = "META-INF/";
|
---|
341 | final String SIG_END = ".SF";
|
---|
342 |
|
---|
343 | if (!file.exists()) {
|
---|
344 | return false;
|
---|
345 | }
|
---|
346 | ZipFile jarFile = null;
|
---|
347 | try {
|
---|
348 | jarFile = new ZipFile(file);
|
---|
349 | if (null == alias) {
|
---|
350 | Enumeration entries = jarFile.entries();
|
---|
351 | while (entries.hasMoreElements()) {
|
---|
352 | String name = ((ZipEntry) entries.nextElement()).getName();
|
---|
353 | if (name.startsWith(SIG_START) && name.endsWith(SIG_END)) {
|
---|
354 | return true;
|
---|
355 | }
|
---|
356 | }
|
---|
357 | return false;
|
---|
358 | } else {
|
---|
359 | return jarFile.getEntry(SIG_START + alias.toUpperCase()
|
---|
360 | + SIG_END) != null;
|
---|
361 | }
|
---|
362 | } catch (IOException e) {
|
---|
363 | return false;
|
---|
364 | } finally {
|
---|
365 | if (jarFile != null) {
|
---|
366 | try {
|
---|
367 | jarFile.close();
|
---|
368 | } catch (IOException e) {
|
---|
369 | }
|
---|
370 | }
|
---|
371 | }
|
---|
372 | }
|
---|
373 | }
|
---|
374 |
|
---|