当前位置: 文江博客话题详情

如何使用 Ant 检查签名的 jar 文件?

发布于 2024-09-02 02:39:27 字数 241 浏览 3 评论 0原文

我使用 Ant signjar 任务 签署 jar 文件,现在我想先测试一下部署。

我可以检查一下,

jarsigner -verify sbundle.jar

但我不知道是否可以用 Ant 做同样的事情?

原文

I sign jar files with the Ant signjar task and now I want to test before deploy.

I can check with

jarsigner -verify sbundle.jar

but I do not know if it is possible to do the same with Ant?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

℡Ms空城旧梦 2024-09-09 02:39:27

另一种方法是基于 Maven 脚本进行构建。
Maven 确实提出了 jarsigner:verify< /code>插件

如果这不是一个有效的可能性,您仍然可以使用 Exec Ant任务直接调用jarsigner命令。
如果返回码设置正确,您可以添加属性 failonerror (如果命令退出时返回码不是 0,则停止构建过程。)

An alternative would be to base your build on a maven script.
Maven does propose the jarsigner:verify plugin

If that is not a valid possibility, you still can use the Exec Ant task to directly call the jarsigner command.
If the return code is correctly set, you can add the attribute failonerror (Stop the build process if the command exits with a return code other than 0.)

回复 原文
一紙繁鸢 2024-09-09 02:39:27

以下 Ant 代码可用于验证 JAR 文件签名。一旦遇到签名无效或缺失的 JAR 文件,脚本就会失败

请注意,for 任务需要 ant-contrib

<!-- Macro to verify whether or not a JAR file is signed -->
<macrodef name="verify-signatures">
    <attribute name="filesetref" />
    <sequential>
        <for param="file">
            <path>
                <fileset refid="@{filesetref}" />
            </path>
            <sequential>
                <echo message="Verifying signature on file: @{file}" />
                <exec executable="jarsigner" failonerror="true">
                    <arg value="-verify" />
                    <arg value="@{file}" />
                </exec>
                <fail message="@{file} must be signed">
                    <condition>
                        <not>
                            <issigned file="@{file}" />
                        </not>
                    </condition>
                </fail>
            </sequential>
        </for>
    </sequential>
</macrodef>

<!-- Define the list of files to check -->
<fileset dir="p2repo" id="jarfiles">
    <include name="**/*.jar" />
</fileset>

<!-- Verify signatures -->   
<verify-signatures filesetref="jarfiles" />

The following Ant code can be used for verifying JAR-file signatures. The script will fail as soon as it encounters a JAR-file where the signature is not valid or where it is missing.

Note that ant-contrib is required for the for task.

<!-- Macro to verify whether or not a JAR file is signed -->
<macrodef name="verify-signatures">
    <attribute name="filesetref" />
    <sequential>
        <for param="file">
            <path>
                <fileset refid="@{filesetref}" />
            </path>
            <sequential>
                <echo message="Verifying signature on file: @{file}" />
                <exec executable="jarsigner" failonerror="true">
                    <arg value="-verify" />
                    <arg value="@{file}" />
                </exec>
                <fail message="@{file} must be signed">
                    <condition>
                        <not>
                            <issigned file="@{file}" />
                        </not>
                    </condition>
                </fail>
            </sequential>
        </for>
    </sequential>
</macrodef>

<!-- Define the list of files to check -->
<fileset dir="p2repo" id="jarfiles">
    <include name="**/*.jar" />
</fileset>

<!-- Verify signatures -->   
<verify-signatures filesetref="jarfiles" />
回复 原文
初懵 2024-09-09 02:39:27

蚂蚁条件报价“已分配”。

“测试 jarfile 是否已签名。如果传递了签名的名称,则检查文件是否存在该特定签名;否则检查文件是否存在任何签名。它不执行严格的签名验证;它只执行寻找签名的存在。
此条件是在 Apache Ant 1.7 中添加的。”

来自 Ant 条件

Ant conditions offer "issigned".

"Test whether a jarfile is signed. If the name of the signature is passed, the file is checked for presence of that particular signature; otherwise the file is checked for the existence of any signature. It does not perform rigorous signature validation; it only looks for the presence of a signature.
This condition was added in Apache Ant 1.7."

From Ant conditions

回复 原文
东走西顾 2024-09-09 02:39:27

您可以使用 Ant 中的VerifyJar 任务来执行此操作。这是 Ant 帮助的链接
https://ant.apache.org/manual/Tasks/verifyjar.html

一次验证多个 JAR 文件的示例代码。

<verifyjar keystore="mykeystore" keypass="abc"
          storepass="abc" alias="myalias">
    <path>
        <fileset dir="${build.dir}/signedjar" includes="**/*.jar" />
    </path>
</verifyjar>

You can use the VerifyJar Task in Ant to do this. Here is the link to Ant help
https://ant.apache.org/manual/Tasks/verifyjar.html

Sample code for Verifying multiple JAR files at once.

<verifyjar keystore="mykeystore" keypass="abc"
          storepass="abc" alias="myalias">
    <path>
        <fileset dir="${build.dir}/signedjar" includes="**/*.jar" />
    </path>
</verifyjar>
回复 原文
野鹿林 2024-09-09 02:39:27

基于@torkildr 的回答。

可以使宏将嵌套路径或文件集传递到 ant-contrib 任务

<target name="verify-artifacts" description="Just an example of usage">
    <verify-artifacts>
        <fileset dir="${project.ear.dir}" includes="*.*ar"/>
    </verify-artifacts>
</target>

<macrodef name="verify-artifacts">
    <element name="artifact-path" implicit="true"/>
    <sequential>
        <for param="file">
            <artifact-path/>
            <sequential>
                <verify-artifact file="@{file}"/>
            </sequential>
        </for>
    </sequential>
</macrodef>

<macrodef name="verify-artifact">
    <attribute name="file"/>
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/>
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/>
    <attribute name="password" default="${artifact.sign.keystore.password}"/>
    <sequential>
        <if>
            <istrue value="${artifact.sign.enabled}"/>
            <then>
                <echo message="Trying to verify @{file} with alias @{alias} from @{keystore}"/>
                <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
                <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
                <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
                <fail message="Keystore path '@{keystore}' not found">
                    <condition>
                        <not><available file="@{keystore}" type="file"/></not>
                    </condition>
                </fail>
                <fail message="Artifact '@{file}' not found">
                    <condition>
                        <not><available file="@{file}" type="file"/></not>
                    </condition>
                </fail>
                <!-- jarsigner -verify -keystore @{keystore} -storepass @{password} @{file} @{alias} -->
                <exec executable="jarsigner" failonerror="true">
                    <arg value="-verify"/>
                    <arg value="-keystore"/>
                    <arg value="@{keystore}"/>
                    <arg value="-storepass"/>
                    <arg value="@{password}"/>
                    <arg value="@{file}"/>
                    <arg value="@{alias}"/>
                </exec>
            </then>
        </if>
    </sequential>
</macrodef>

<macrodef name="required-macro-param">
    <attribute name="prop"/>
    <attribute name="value"/>
    <sequential>
        <!--<echo message="@{value}"/>-->
        <fail message="You must set property '@{prop}'">
            <condition>
                <and>
                    <or>
                        <equals arg1="@{value}" arg2=""/>
                        <matches string="@{value}" pattern="^\$\{.*?\}$"/>
                    </or>
                    <!--<not><isset property="@{prop}"/></not>-->
                </and>
            </condition>
        </fail>
    </sequential>
</macrodef>

<macrodef name="sign-artifact">
    <attribute name="file"/>
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/>
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/>
    <attribute name="password" default="${artifact.sign.keystore.password}"/>
    <sequential>
        <if>
            <istrue value="${artifact.sign.enabled}"/>
            <then>
                <echo message="Trying to sign @{file} with alias @{alias} from @{keystore}"/>
                <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
                <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
                <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
                <fail message="Keystore path '@{keystore}' not found">
                    <condition>
                        <not><available file="@{keystore}" type="file"/></not>
                    </condition>
                </fail>
                <fail message="Artifact '@{file}' not found">
                    <condition>
                        <not><available file="@{file}" type="file"/></not>
                    </condition>
                </fail>
                <signjar jar="@{file}" alias="@{alias}" keystore="@{keystore}" storepass="@{password}"/>
                <fail message="Signature check failed">
                    <condition>
                        <not><issigned file="@{file}" name="@{alias}"/></not>
                    </condition>
                </fail>
            </then>
        </if>
    </sequential>
</macrodef>

<macrodef name="sign-artifacts">
    <element name="artifact-path" implicit="true"/>
    <sequential>
        <for param="file">
            <artifact-path/>
            <sequential>
                <sign-artifact file="@{file}"/>
            </sequential>
        </for>
    </sequential>
</macrodef>

<property name="artifact.sign.enabled" value="true"/>
<property name="artifact.sign.keystore.alias" value="alias"/>
<property name="artifact.sign.keystore.path" value="keystore.jks"/>
<property name="artifact.sign.keystore.password" value="pwd"/>

Based on @torkildr's answer.

It's possible to make macro pass nested path or fileset to ant-contrib for task.

<target name="verify-artifacts" description="Just an example of usage">
    <verify-artifacts>
        <fileset dir="${project.ear.dir}" includes="*.*ar"/>
    </verify-artifacts>
</target>

<macrodef name="verify-artifacts">
    <element name="artifact-path" implicit="true"/>
    <sequential>
        <for param="file">
            <artifact-path/>
            <sequential>
                <verify-artifact file="@{file}"/>
            </sequential>
        </for>
    </sequential>
</macrodef>

<macrodef name="verify-artifact">
    <attribute name="file"/>
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/>
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/>
    <attribute name="password" default="${artifact.sign.keystore.password}"/>
    <sequential>
        <if>
            <istrue value="${artifact.sign.enabled}"/>
            <then>
                <echo message="Trying to verify @{file} with alias @{alias} from @{keystore}"/>
                <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
                <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
                <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
                <fail message="Keystore path '@{keystore}' not found">
                    <condition>
                        <not><available file="@{keystore}" type="file"/></not>
                    </condition>
                </fail>
                <fail message="Artifact '@{file}' not found">
                    <condition>
                        <not><available file="@{file}" type="file"/></not>
                    </condition>
                </fail>
                <!-- jarsigner -verify -keystore @{keystore} -storepass @{password} @{file} @{alias} -->
                <exec executable="jarsigner" failonerror="true">
                    <arg value="-verify"/>
                    <arg value="-keystore"/>
                    <arg value="@{keystore}"/>
                    <arg value="-storepass"/>
                    <arg value="@{password}"/>
                    <arg value="@{file}"/>
                    <arg value="@{alias}"/>
                </exec>
            </then>
        </if>
    </sequential>
</macrodef>

<macrodef name="required-macro-param">
    <attribute name="prop"/>
    <attribute name="value"/>
    <sequential>
        <!--<echo message="@{value}"/>-->
        <fail message="You must set property '@{prop}'">
            <condition>
                <and>
                    <or>
                        <equals arg1="@{value}" arg2=""/>
                        <matches string="@{value}" pattern="^\$\{.*?\}$"/>
                    </or>
                    <!--<not><isset property="@{prop}"/></not>-->
                </and>
            </condition>
        </fail>
    </sequential>
</macrodef>

<macrodef name="sign-artifact">
    <attribute name="file"/>
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/>
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/>
    <attribute name="password" default="${artifact.sign.keystore.password}"/>
    <sequential>
        <if>
            <istrue value="${artifact.sign.enabled}"/>
            <then>
                <echo message="Trying to sign @{file} with alias @{alias} from @{keystore}"/>
                <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
                <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
                <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
                <fail message="Keystore path '@{keystore}' not found">
                    <condition>
                        <not><available file="@{keystore}" type="file"/></not>
                    </condition>
                </fail>
                <fail message="Artifact '@{file}' not found">
                    <condition>
                        <not><available file="@{file}" type="file"/></not>
                    </condition>
                </fail>
                <signjar jar="@{file}" alias="@{alias}" keystore="@{keystore}" storepass="@{password}"/>
                <fail message="Signature check failed">
                    <condition>
                        <not><issigned file="@{file}" name="@{alias}"/></not>
                    </condition>
                </fail>
            </then>
        </if>
    </sequential>
</macrodef>

<macrodef name="sign-artifacts">
    <element name="artifact-path" implicit="true"/>
    <sequential>
        <for param="file">
            <artifact-path/>
            <sequential>
                <sign-artifact file="@{file}"/>
            </sequential>
        </for>
    </sequential>
</macrodef>

<property name="artifact.sign.enabled" value="true"/>
<property name="artifact.sign.keystore.alias" value="alias"/>
<property name="artifact.sign.keystore.path" value="keystore.jks"/>
<property name="artifact.sign.keystore.password" value="pwd"/>
回复 原文
~没有更多了~

关于作者

颜漓半夏

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lioqio

文章 0 评论 0

Single

文章 0 评论 0

禾厶谷欠

文章 0 评论 0

alipaysp_2zg8elfGgC

文章 0 评论 0

qq_N6d4X7

文章 0 评论 0

放低过去

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文