From c9028f9f98c663cc91696a8eb3689652012af2d8 Mon Sep 17 00:00:00 2001
From: Matthew Jason Benson <mbenson@apache.org>
Date: Thu, 10 Feb 2005 22:43:27 +0000
Subject: [PATCH] Tighten security by sending storepass and keypass to signjar
 via the input stream of the forked process.

Also, create signjar's helper ExecTask instance directly rather than by
typedef discovery mechanisms.
PR: 33433


git-svn-id: https://svn.apache.org/repos/asf/ant/core/trunk@277629 13f79535-47bb-0310-9956-ffa450edef68
---
 WHATSNEW                                      |  6 +++
 docs/manual/CoreTasks/signjar.html            |  7 ----
 .../apache/tools/ant/taskdefs/SignJar.java    | 42 +++++++++++++------
 3 files changed, 35 insertions(+), 20 deletions(-)

diff --git a/WHATSNEW b/WHATSNEW
index 4dacbc190..8bc4caa29 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -44,6 +44,9 @@ Fixed bugs:
 * Commandline.describeCommand() methods would attempt to describe
   arguments even when none, other than the executable name, were present.
 
+* Create signjar's helper ExecTask instance directly rather than by
+  typedef discovery mechanisms. Bugzilla report 33433.
+
 Other changes:
 --------------
 
@@ -110,6 +113,9 @@ Other changes:
 
 * Added loginputstring attribute to the redirector type.
 
+* Tighten security by sending storepass and keypass to signjar
+  via the input stream of the forked process.
+
 Changes from Ant 1.6.2 to current Ant 1.6 CVS version
 =====================================================
 
diff --git a/docs/manual/CoreTasks/signjar.html b/docs/manual/CoreTasks/signjar.html
index c1c998882..c441dd330 100644
--- a/docs/manual/CoreTasks/signjar.html
+++ b/docs/manual/CoreTasks/signjar.html
@@ -16,13 +16,6 @@ generate; if this file exists then
 its modification date is used as a cue as to whether to resign any JAR file.
 </p>
 
-<p>
-<b>Security warning</b>. This task forks the <tt>jarsigner</tt> executable
-(which must of course be on the path). The store password is passed in on
-the command line, so visible in Unix to anyone running <tt>ps -ef</tt>
-on the same host, while signing takes place. Only sign on a secured system.
-</p>
-
 <h3>Parameters</h3>
 <table border="1" cellpadding="2" cellspacing="0">
   <tr>
diff --git a/src/main/org/apache/tools/ant/taskdefs/SignJar.java b/src/main/org/apache/tools/ant/taskdefs/SignJar.java
index 1b75dddb9..dcddb5600 100644
--- a/src/main/org/apache/tools/ant/taskdefs/SignJar.java
+++ b/src/main/org/apache/tools/ant/taskdefs/SignJar.java
@@ -25,6 +25,7 @@ import org.apache.tools.ant.Project;
 import org.apache.tools.ant.Task;
 import org.apache.tools.ant.taskdefs.condition.IsSigned;
 import org.apache.tools.ant.types.FileSet;
+import org.apache.tools.ant.types.RedirectorElement;
 import org.apache.tools.ant.util.JavaEnvUtils;
 import org.apache.tools.ant.util.FileUtils;
 
@@ -66,6 +67,7 @@ public class SignJar extends Task {
     protected boolean internalsf;
     protected boolean sectionsonly;
     private   boolean preserveLastModified;
+    private RedirectorElement redirector;
 
     /** The maximum amount of memory to use for Jar signer */
     private String maxMemory;
@@ -212,6 +214,7 @@ public class SignJar extends Task {
             throw new BuildException("jar must be set through jar attribute "
                                      + "or nested filesets");
         }
+        redirector = createRedirector();
         if (null != jar) {
             if (filesets.size() != 0) {
                 log("nested filesets will be ignored if the jar attribute has"
@@ -233,6 +236,27 @@ public class SignJar extends Task {
         }
     }
 
+    /**
+     * Create the redirector to use, if any.
+     * @return a configured RedirectorElement.
+     */
+    private RedirectorElement createRedirector() {
+        if (storepass == null && keypass == null) {
+            return null;
+        }
+        RedirectorElement result = new RedirectorElement();
+        StringBuffer input = new StringBuffer();
+        if (storepass != null) {
+            input.append(storepass).append('\n');
+        }
+        if (keypass != null) {
+            input.append(keypass).append('\n');
+        }
+        result.setInputString(input.toString());
+        result.setLogInputString(false);
+        return result;
+    }
+
     /**
      * sign one jar
      */
@@ -252,7 +276,8 @@ public class SignJar extends Task {
         }
 
         long lastModified = jarSource.lastModified();
-        final ExecTask cmd = (ExecTask) getProject().createTask("exec");
+        final ExecTask cmd = new ExecTask();
+        cmd.setProject(getProject());
         cmd.setExecutable(JavaEnvUtils.getJdkExecutable("jarsigner"));
 
         if (maxMemory != null) {
@@ -271,22 +296,10 @@ public class SignJar extends Task {
                 cmd.createArg().setValue(keystore);
             }
         }
-
-        if (null != storepass) {
-            cmd.createArg().setValue("-storepass");
-            cmd.createArg().setValue(storepass);
-        }
-
         if (null != storetype) {
             cmd.createArg().setValue("-storetype");
             cmd.createArg().setValue(storetype);
         }
-
-        if (null != keypass) {
-            cmd.createArg().setValue("-keypass");
-            cmd.createArg().setValue(keypass);
-        }
-
         if (null != sigfile) {
             cmd.createArg().setValue("-sigfile");
             cmd.createArg().setValue(sigfile);
@@ -316,6 +329,9 @@ public class SignJar extends Task {
         log("Signing JAR: " + jarSource.getAbsolutePath());
         cmd.setFailonerror(true);
         cmd.setTaskName(getTaskName());
+        if (redirector != null) {
+            cmd.addConfiguredRedirector(redirector);
+        }
         cmd.execute();
 
         // restore the lastModified attribute