Tighten security by sending storepass and keypass to signjar

via the input stream of the forked process.

Also, create signjar's helper ExecTask instance directly rather than by
typedef discovery mechanisms.
PR: 33433


git-svn-id: https://svn.apache.org/repos/asf/ant/core/trunk@277629 13f79535-47bb-0310-9956-ffa450edef68

WHATSNEW

@@ -44,6 +44,9 @@ Fixed bugs:
 * Commandline.describeCommand() methods would attempt to describe
   arguments even when none, other than the executable name, were present.
 
+* Create signjar's helper ExecTask instance directly rather than by
+  typedef discovery mechanisms. Bugzilla report 33433.
+
 Other changes:
 --------------
 
@@ -110,6 +113,9 @@ Other changes:
 
 * Added loginputstring attribute to the redirector type.
 
+* Tighten security by sending storepass and keypass to signjar
+  via the input stream of the forked process.
+
 Changes from Ant 1.6.2 to current Ant 1.6 CVS version
 =====================================================
 

docs/manual/CoreTasks/signjar.html

@@ -16,13 +16,6 @@ generate; if this file exists then
 its modification date is used as a cue as to whether to resign any JAR file.
 </p>
 
-<p>
-<b>Security warning</b>. This task forks the <tt>jarsigner</tt> executable
-(which must of course be on the path). The store password is passed in on
-the command line, so visible in Unix to anyone running <tt>ps -ef</tt>
-on the same host, while signing takes place. Only sign on a secured system.
-</p>
-
 <h3>Parameters</h3>
 <table border="1" cellpadding="2" cellspacing="0">
   <tr>

src/main/org/apache/tools/ant/taskdefs/SignJar.java

@@ -25,6 +25,7 @@ import org.apache.tools.ant.Project;
 import org.apache.tools.ant.Task;
 import org.apache.tools.ant.taskdefs.condition.IsSigned;
 import org.apache.tools.ant.types.FileSet;
+import org.apache.tools.ant.types.RedirectorElement;
 import org.apache.tools.ant.util.JavaEnvUtils;
 import org.apache.tools.ant.util.FileUtils;
 
@@ -66,6 +67,7 @@ public class SignJar extends Task {
     protected boolean internalsf;
     protected boolean sectionsonly;
     private   boolean preserveLastModified;
+    private RedirectorElement redirector;
 
     /** The maximum amount of memory to use for Jar signer */
     private String maxMemory;
@@ -212,6 +214,7 @@ public class SignJar extends Task {
             throw new BuildException("jar must be set through jar attribute "
                                      + "or nested filesets");
         }
+        redirector = createRedirector();
         if (null != jar) {
             if (filesets.size() != 0) {
                 log("nested filesets will be ignored if the jar attribute has"
@@ -233,6 +236,27 @@ public class SignJar extends Task {
         }
     }
 
+    /**
+     * Create the redirector to use, if any.
+     * @return a configured RedirectorElement.
+     */
+    private RedirectorElement createRedirector() {
+        if (storepass == null && keypass == null) {
+            return null;
+        }
+        RedirectorElement result = new RedirectorElement();
+        StringBuffer input = new StringBuffer();
+        if (storepass != null) {
+            input.append(storepass).append('\n');
+        }
+        if (keypass != null) {
+            input.append(keypass).append('\n');
+        }
+        result.setInputString(input.toString());
+        result.setLogInputString(false);
+        return result;
+    }
+
     /**
      * sign one jar
      */
@@ -252,7 +276,8 @@ public class SignJar extends Task {
         }
 
         long lastModified = jarSource.lastModified();
-        final ExecTask cmd = (ExecTask) getProject().createTask("exec");
+        final ExecTask cmd = new ExecTask();
+        cmd.setProject(getProject());
         cmd.setExecutable(JavaEnvUtils.getJdkExecutable("jarsigner"));
 
         if (maxMemory != null) {
@@ -271,22 +296,10 @@ public class SignJar extends Task {
                 cmd.createArg().setValue(keystore);
             }
         }
-
-        if (null != storepass) {
-            cmd.createArg().setValue("-storepass");
-            cmd.createArg().setValue(storepass);
-        }
-
         if (null != storetype) {
             cmd.createArg().setValue("-storetype");
             cmd.createArg().setValue(storetype);
         }
-
-        if (null != keypass) {
-            cmd.createArg().setValue("-keypass");
-            cmd.createArg().setValue(keypass);
-        }
-
         if (null != sigfile) {
             cmd.createArg().setValue("-sigfile");
             cmd.createArg().setValue(sigfile);
@@ -316,6 +329,9 @@ public class SignJar extends Task {
         log("Signing JAR: " + jarSource.getAbsolutePath());
         cmd.setFailonerror(true);
         cmd.setTaskName(getTaskName());
+        if (redirector != null) {
+            cmd.addConfiguredRedirector(redirector);
+        }
         cmd.execute();
 
         // restore the lastModified attribute