ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ste...@apache.org
Subject cvs commit: ant WHATSNEW
Date Wed, 23 Mar 2005 15:06:48 GMT
stevel      2005/03/23 07:06:48

  Modified:    docs/manual/CoreTasks signjar.html
               src/main/org/apache/tools/ant/taskdefs SignJar.java
               src/etc/testcases/taskdefs signjar.xml
               src/testcases/org/apache/tools/ant/taskdefs SignJarTest.java
               .        WHATSNEW
  Log:
  -TSA support, bug 32390
  
  Revision  Changes    Path
  1.21      +27 -0     ant/docs/manual/CoreTasks/signjar.html
  
  Index: signjar.html
  ===================================================================
  RCS file: /home/cvs/ant/docs/manual/CoreTasks/signjar.html,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- signjar.html	23 Mar 2005 14:09:06 -0000	1.20
  +++ signjar.html	23 Mar 2005 15:06:48 -0000	1.21
  @@ -113,6 +113,19 @@
         time as the original jar files.</td>
       <td valign="top" align="center">No; default false.</td>
     </tr>
  +  <tr>
  +    <td valign="top">tsaurl</td>
  +    <td valign="top">URL for a timestamp authority for timestamped
  +    JAR files in Java1.5+</td>
  +    <td valign="top" align="center">No</td>
  +  </tr>
  +  <tr>
  +    <td valign="top">tsacert</td>
  +    <td valign="top">alias in the keystore for a timestamp authority for 
  +    timestamped JAR files in Java1.5+</td>
  +    <td valign="top" align="center">No</td>
  +  </tr>
  +  
   </table>
   <h3>Parameters as nested elements</h3>
   <table border="1" cellpadding="2" cellspacing="0">
  @@ -141,6 +154,20 @@
     signs the ant.jar with alias &quot;apache-group&quot; accessing the
     keystore and private key via &quot;secret&quot; password.
   </p>
  +
  +<h3>About timestamp signing</h3>
  +
  +<p>
  +Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since
  +Ant 1.7. Ant does not yet support proxy setup for this singing process, and
  +the whole TSA feature is not tested yet. Furthermore, the 
  +<a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing-beta1.html">
  +official TSA documentation</a>
  +warns that the API is subject to change. If a future version of Java changes the
  +API, Ant will break. It may be possible to hide changes if and when they occur,
  +but this can not be guaranteed. 
  +</p>
  +
   <hr>
   <p align="center">Copyright &copy; 2000-2005 The Apache Software Foundation.
All rights
   Reserved.</p>
  
  
  
  1.51      +88 -2     ant/src/main/org/apache/tools/ant/taskdefs/SignJar.java
  
  Index: SignJar.java
  ===================================================================
  RCS file: /home/cvs/ant/src/main/org/apache/tools/ant/taskdefs/SignJar.java,v
  retrieving revision 1.50
  retrieving revision 1.51
  diff -u -r1.50 -r1.51
  --- SignJar.java	23 Mar 2005 14:09:06 -0000	1.50
  +++ SignJar.java	23 Mar 2005 15:06:48 -0000	1.51
  @@ -41,6 +41,10 @@
    * exists then its modification date is used as a cue as to whether to resign
    * any JAR file.
    *
  + * Timestamp driven signing is based on the unstable and inadequately documented
  + * information in the Java1.5 docs
  + * @see <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing-beta1.html">
  + * beta documentation</a>
    * @ant.task category="java"
    * @since Ant 1.1
    */
  @@ -94,11 +98,23 @@
       protected boolean verbose;
   
       /**
  -     * flag for
  +     * flag for internal sf signing
        */
       protected boolean internalsf;
  +
  +    /**
  +     * sign sections only?
  +     */
       protected boolean sectionsonly;
  +
  +    /**
  +     * flag to preserve timestamp on modified files
  +     */
       private boolean preserveLastModified;
  +
  +    /**
  +     * redirector used to talk to the jarsigner program
  +     */
       private RedirectorElement redirector;
   
       /**
  @@ -128,6 +144,16 @@
       private FileNameMapper mapper;
   
       /**
  +     * URL for a tsa; null implies no tsa support
  +     */
  +    protected String tsaurl;
  +
  +    /**
  +     * alias for the TSA in the keystore
  +     */
  +    protected String tsacert;
  +
  +    /**
        * error string for unit test verification: {@value}
        */
       public static final String ERROR_TODIR_AND_SIGNEDJAR
  @@ -327,11 +353,51 @@
           mapper = newMapper;
       }
   
  +    /**
  +     * get the active mapper; may be null
  +     * @return mapper or null
  +     * @since Ant 1.7
  +     */
       public FileNameMapper getMapper() {
           return mapper;
       }
   
       /**
  +     * get the -tsaurl url
  +     * @return url or null
  +     * @since Ant 1.7
  +     */
  +    public String getTsaurl() {
  +        return tsaurl;
  +    }
  +
  +    /**
  +     *
  +     * @param tsaurl
  +     * @since Ant 1.7
  +     */
  +    public void setTsaurl(String tsaurl) {
  +        this.tsaurl = tsaurl;
  +    }
  +
  +    /**
  +     * get the -tsacert option
  +     * @since Ant 1.7
  +     * @return a certificate alias or null
  +     */
  +    public String getTsacert() {
  +        return tsacert;
  +    }
  +
  +    /**
  +     * set the alias in the keystore of the TSA to use;
  +     * @param tsacert
  +     */
  +    public void setTsacert(String tsacert) {
  +        this.tsacert = tsacert;
  +    }
  +
  +    /**
        * sign the jar(s)
        *
        * @throws BuildException on errors
  @@ -523,6 +589,9 @@
               cmd.createArg().setValue("-sectionsonly");
           }
   
  +        //add -tsa operations if declared
  +        addTimestampAuthorityCommands(cmd);
  +
           //JAR source is required
           cmd.createArg().setValue(jarSource.getPath());
   
  @@ -545,6 +614,23 @@
       }
   
       /**
  +     * If the tsa parameters are set, this passes them to the command.
  +     * There is no validation of java version, as third party JDKs
  +     * may implement this on earlier/later jarsigner implementations.
  +     * @param cmd
  +     */
  +    private void addTimestampAuthorityCommands(final ExecTask cmd) {
  +        if(tsaurl!=null) {
  +            cmd.createArg().setValue("-tsa");
  +            cmd.createArg().setValue(tsaurl);
  +        }
  +        if (tsacert != null) {
  +            cmd.createArg().setValue("-tsacert");
  +            cmd.createArg().setValue(tsacert);
  +        }
  +    }
  +
  +    /**
        * Compare a jar file with its corresponding signed jar. The logic for this
        * is complex, and best explained in the source itself. Essentially if
        * either file doesnt exist, or the destfile has an out of date timestamp,
  @@ -559,7 +645,7 @@
        */
       protected boolean isUpToDate(File jarFile, File signedjarFile) {
           if (null == jarFile && !jarFile.exists()) {
  -            //these are pathological case, but retained in case somebody
  +            //these are pathological cases, but retained in case somebody
               //subclassed us.
               return false;
           }
  
  
  
  1.8       +5 -0      ant/src/etc/testcases/taskdefs/signjar.xml
  
  Index: signjar.xml
  ===================================================================
  RCS file: /home/cvs/ant/src/etc/testcases/taskdefs/signjar.xml,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- signjar.xml	23 Mar 2005 14:09:06 -0000	1.7
  +++ signjar.xml	23 Mar 2005 15:06:48 -0000	1.8
  @@ -5,6 +5,7 @@
     <property name="subdir" location="${sign.dir}/subdir" />
     <property name="test.jar" location="${sign.dir}/signtest.jar" />
     <property name="subdirtest.jar" location="${subdir}/signtest.jar" />
  +  
     <mkdir dir="${sign.dir}" />
     <mkdir dir="${subdir}" />
     
  @@ -168,6 +169,10 @@
          alias="testonly"
          jar="${test.jar}"/>
     </target>
  +
  +  <target name="testTsaLocalhost" depends="jar">
  +    <sign tsaurl="http://localhost:0/" />
  +  </target>
     
   </project>
   
  
  
  
  1.11      +8 -2      ant/src/testcases/org/apache/tools/ant/taskdefs/SignJarTest.java
  
  Index: SignJarTest.java
  ===================================================================
  RCS file: /home/cvs/ant/src/testcases/org/apache/tools/ant/taskdefs/SignJarTest.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- SignJarTest.java	23 Mar 2005 14:09:06 -0000	1.10
  +++ SignJarTest.java	23 Mar 2005 15:06:48 -0000	1.11
  @@ -143,7 +143,13 @@
   
       public void testNoStorePass() {
           expectBuildExceptionContaining("testNoStorePass",
  -                "no files",
  +                "no password",
                   SignJar.ERROR_NO_STOREPASS);
       }
  - }
  +
  +    public void testTsaLocalhost() {
  +        expectBuildException("testTsaLocalhost",
  +            "no TSA at localhost:0");
  +        assertLogContaining("java.net.ConnectException");
  +    }
  +}
  
  
  
  1.791     +1 -0      ant/WHATSNEW
  
  Index: WHATSNEW
  ===================================================================
  RCS file: /home/cvs/ant/WHATSNEW,v
  retrieving revision 1.790
  retrieving revision 1.791
  diff -u -r1.790 -r1.791
  --- WHATSNEW	23 Mar 2005 14:09:06 -0000	1.790
  +++ WHATSNEW	23 Mar 2005 15:06:48 -0000	1.791
  @@ -151,6 +151,7 @@
     -a destDir attribute with the appropriate dependency logic, which
      can be used with the jar attribute or nested filesets
     -a mapper to permit filename remapping on signing
  +  -tsaurl and tsacert attributes for timestamped JAR signing
   
   Changes from Ant 1.6.2 to current Ant 1.6 CVS version
   =====================================================
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message