From 7f51882300a8e40ff675867e055061867ba6c8bd Mon Sep 17 00:00:00 2001 From: Stefan Bodewig Date: Sun, 6 Jul 2014 11:25:49 +0200 Subject: [PATCH] PR 56678 - add proxy support to signjar when using the TSA. Submitted by Robbie Gibson. --- CONTRIBUTORS | 1 + WHATSNEW | 4 ++ contributors.xml | 4 ++ manual/Tasks/signjar.html | 26 +++++--- .../apache/tools/ant/taskdefs/SignJar.java | 64 ++++++++++++++++++- 5 files changed, 90 insertions(+), 9 deletions(-) diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 4d65e56e8..9c234d052 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -310,6 +310,7 @@ René Krell Richard Evans Richard Steele Rick Beton +Robbie Gibson Robert Anderson Robert Clark Robert Flaherty diff --git a/WHATSNEW b/WHATSNEW index d80727dcb..32932e822 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -30,6 +30,10 @@ Fixed bugs: Other changes: -------------- + * it is now possible to provide proxy configuration when to signjar + when using the timestamped authority. + Bugzilla Report 56678 + Changes from Ant 1.9.3 TO Ant 1.9.4 =================================== diff --git a/contributors.xml b/contributors.xml index 8bdae0f70..63e203044 100644 --- a/contributors.xml +++ b/contributors.xml @@ -1253,6 +1253,10 @@ Rick Beton + + Robbie + Gibson + Robert Anderson diff --git a/manual/Tasks/signjar.html b/manual/Tasks/signjar.html index 0c317f548..c277dfab7 100644 --- a/manual/Tasks/signjar.html +++ b/manual/Tasks/signjar.html @@ -27,7 +27,7 @@

SignJar

Description

Signing a jar allows users to authenticate the publisher.

-

Signs JAR files with the jarsigner command line tool. +

Signs JAR files with the jarsigner command line tool. It will take a named file in the jar attribute, and an optional destDir or signedJar attribute. Nested paths are also supported; here only an (optional) destDir is allowed. If a destination @@ -40,10 +40,10 @@ Dependency rules

  • Nonexistent destination JARs are created/signed
  • Out of date destination JARs are created/signed
  • If a destination file and a source file are the same, -and lazy is true, the JAR is only signed if it does not +and lazy is true, the JAR is only signed if it does not contain a signature by this alias.
  • If a destination file and a source file are the same, -and lazy is false, the JAR is signed.
    • +and lazy is false, the JAR is signed.

    Parameters

    @@ -91,7 +91,7 @@ and lazy is false, the JAR is signed. signedjar - name of signed JAR file. This can only be set when + name of signed JAR file. This can only be set when the jar attribute is set. No. @@ -143,10 +143,20 @@ block tsacert - alias in the keystore for a timestamp authority for + alias in the keystore for a timestamp authority for timestamped JAR files in Java1.5+ No + + tsaproxyhost + proxy host to be used when connecting to TSA server + No + + + getTsaproxyport + proxy port to be used when connecting to TSA server + No + executable Specify a particular jarsigner executable @@ -156,14 +166,14 @@ block jarsigner command. since Ant 1.8.0. No - + force Whether to force signing of the jar file even if it doesn't seem to be out of date or already signed. since Ant 1.8.0. No; default false - + sigalg name of signature algorithm @@ -273,7 +283,7 @@ With trusted timestamping, users can verify that signing occurred before a certi

    Timestamped JAR files were introduced in Java1.5 and supported in Ant since -Ant 1.7. Ant does not yet support proxy setup for this signing process. +Ant 1.7. Since Ant 1.9.5, Ant can use unauthenticated proxies for this signing process.

    Common public timestamp authorities include diff --git a/src/main/org/apache/tools/ant/taskdefs/SignJar.java b/src/main/org/apache/tools/ant/taskdefs/SignJar.java index 7f9b1ee52..009280409 100644 --- a/src/main/org/apache/tools/ant/taskdefs/SignJar.java +++ b/src/main/org/apache/tools/ant/taskdefs/SignJar.java @@ -98,6 +98,16 @@ public class SignJar extends AbstractJarSignerTask { */ protected String tsaurl; + /** + * Proxy host to be used when connecting to TSA server + */ + protected String tsaproxyhost; + + /** + * Proxy port to be used when connecting to TSA server + */ + protected String tsaproxyport; + /** * alias for the TSA in the keystore */ @@ -250,6 +260,42 @@ public class SignJar extends AbstractJarSignerTask { this.tsaurl = tsaurl; } + /** + * Get the proxy host to be used when connecting to the TSA url + * @return url or null + * @since Ant 1.9.5 + */ + public String getTsaproxyhost() { + return tsaproxyhost; + } + + /** + * + * @param tsaproxyhost the proxy host to be used when connecting to the TSA. + * @since Ant 1.9.5 + */ + public void setTsaproxyhost(String tsaproxyhost) { + this.tsaproxyhost = tsaproxyhost; + } + + /** + * Get the proxy host to be used when connecting to the TSA url + * @return url or null + * @since Ant 1.9.5 + */ + public String getTsaproxyport() { + return tsaproxyport; + } + + /** + * + * @param tsaproxyport the proxy port to be used when connecting to the TSA. + * @since Ant 1.9.5 + */ + public void setTsaproxyport(String tsaproxyport) { + this.tsaproxyport = tsaproxyport; + } + /** * get the -tsacert option * @since Ant 1.7 @@ -322,7 +368,7 @@ public class SignJar extends AbstractJarSignerTask { * @throws BuildException on errors */ @Override - public void execute() throws BuildException { + public void execute() throws BuildException { //validation logic final boolean hasJar = jar != null; final boolean hasSignedJar = signedjar != null; @@ -504,10 +550,26 @@ public class SignJar extends AbstractJarSignerTask { addValue(cmd, "-tsa"); addValue(cmd, tsaurl); } + if (tsacert != null) { addValue(cmd, "-tsacert"); addValue(cmd, tsacert); } + + if (tsaproxyhost != null) { + final String connectionType; + if (tsaurl.startsWith("https")) { + connectionType = "https"; + } else { + connectionType = "http"; + } + + addValue(cmd, "-J-D" + connectionType + ".proxyHost=" + tsaproxyhost); + + if (tsaproxyport != null) { + addValue(cmd, "-J-D" + connectionType + ".proxyPort=" + tsaproxyport); + } + } } /**