provide control over signature and digest algorithms in <signjar>. Submitted by Wang Weijun. PR 52344

git-svn-id: https://svn.apache.org/repos/asf/ant/core/trunk@1221901 13f79535-47bb-0310-9956-ffa450edef68

CONTRIBUTORS

@@ -359,6 +359,7 @@ Victor Toni
 Vincent Legoll
 Volker Leidl
 Waldek Herka
+Wang Weijun
 Will Wang
 William Bernardet
 William Ferguson

WHATSNEW

@@ -167,6 +167,10 @@ Other changes:
    be used to make the task sleep between retry attempts.
    Bugzilla Report 52076.
 
+ * <signjar> has new attributes that control the signature and digest
+   algorithms.
+   Bugzilla Report 52344.
+
 Changes from Ant 1.8.1 TO Ant 1.8.2
 ===================================
 

contributors.xml

@@ -1444,6 +1444,10 @@
     <first>Volker</first>
     <last>Leidl</last>
   </name>
+  <name>
+    <first>Wang</first>
+    <last>Weijun</last>
+  </name>
   <name>
     <first>Will</first>
     <last>Wang</last>

manual/Tasks/signjar.html

@@ -158,6 +158,16 @@ block</td>
       <em>since Ant 1.8.0</em>.</td>
     <td align="center" valign="top">No; default false</td>
   </tr>  
+  <tr>
+    <td valign="top">sigalg</td>
+    <td valign="top">name of signature algorithm</td>
+    <td valign="top" align="center">No</td>
+  </tr>
+  <tr>
+    <td valign="top">digestalg</td>
+    <td valign="top">name of digest algorithm</td>
+    <td valign="top" align="center">No</td>
+  </tr>
 </table>
 <h3>Parameters as nested elements</h3>
 <table border="1" cellpadding="2" cellspacing="0">
@@ -230,6 +240,24 @@ all be copied to this directory, not to subdirectories.
 <p>
 Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,
 so the files will only be signed if they are not already signed.
+</p>
+  <blockquote><pre>
+&lt;signjar
+    alias="testonly" keystore="testkeystore"
+    storepass="apacheant"
+    sigalg="MD5withRSA"
+    digestalg="SHA1"&gt;
+  &lt;path&gt;
+    &lt;fileset dir="dist" includes="**/*.jar" /&gt;
+  &lt;/path&gt;
+&lt;/signjar&gt;
+</pre></blockquote>
+<p>
+Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the
+signature algorithm MD5withRSA. This is especially useful when you want to use
+the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create
+signed jars that will be deployed on platforms not supporting SHA256 and
+SHA256withRSA.
 </p>
 <h3>About timestamp signing</h3>
 

src/main/org/apache/tools/ant/taskdefs/SignJar.java

@@ -109,6 +109,16 @@ public class SignJar extends AbstractJarSignerTask {
      */
     private boolean force = false;
 
+    /**
+     * signature algorithm
+     */
+    private String sigAlg;
+
+    /**
+     * digest algorithm
+     */
+    private String digestAlg;
+
     /**
      * error string for unit test verification: {@value}
      */
@@ -275,6 +285,38 @@ public class SignJar extends AbstractJarSignerTask {
         return force;
     }
 
+    /**
+     * Signature Algorithm; optional
+     *
+     * @param sigAlg the signature algorithm
+     */
+    public void setSigAlg(String sigAlg) {
+        this.sigAlg = sigAlg;
+    }
+
+    /**
+     * Signature Algorithm; optional
+     */
+    public String getSigAlg() {
+        return sigAlg;
+    }
+
+    /**
+     * Digest Algorithm; optional
+     *
+     * @param digestAlg the digest algorithm
+     */
+    public void setDigestAlg(String digestAlg) {
+        this.digestAlg = digestAlg;
+    }
+
+    /**
+     * Digest Algorithm; optional
+     */
+    public String getDigestAlg() {
+        return digestAlg;
+    }
+
     /**
      * sign the jar(s)
      *
@@ -420,6 +462,16 @@ public class SignJar extends AbstractJarSignerTask {
             addValue(cmd, "-sectionsonly");
         }
 
+        if (sigAlg != null) {
+            addValue(cmd, "-sigalg");
+            addValue(cmd, sigAlg);
+        }
+
+        if (digestAlg != null) {
+            addValue(cmd, "-digestalg");
+            addValue(cmd, digestAlg);
+        }
+
         //add -tsa operations if declared
         addTimestampAuthorityCommands(cmd);