ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52344] Add -sigalg and -digestalg support to the signjar task
Date Mon, 19 Dec 2011 06:58:49 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52344

--- Comment #4 from Wang Weijun <wangweij@gmail.com> 2011-12-19 06:58:49 UTC ---
1. Sure, the field can be made private.

2. The two options are only for the signing side, they are not provided on the
verify side, so has better stay inside SignJar.

3. What would "isSigned" be used for? The jarsigner does not care if a jar was
signed or not.

4. Sorry, I'm not familiar with AntUnit tests. Besides the XML file, are there
codes behind? For this patch, you need to check if the output signed jar does
use the new algorithms. As far as I know, digestalg can be checked by looking
into the content of JarFile::getManifest::getEntries(). I cannot think of a
good way to check for sigalg except for checking the .RSA file in raw bytes.

5. Sure, from the jarsigner --help output, we have

   sigalg: name of signature algorithm
   digestalg: name of digest algorithm

and an example can be

<signjar destDir="signed"
    alias="testonly" keystore="testkeystore"
    storepass="apacheant"
    sigalg="MD5withRSA">
    digestalg="SHA1"
  <path>
    <fileset dir="dist" includes="**/*.jar" />
  </path>
  <flattenmapper />
</signjar>

Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the
signature algorithm MD5withRSA. This is especially useful when you want to use
the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create
signed jars that will be deployed on platforms not supporting SHA256 and
SHA256withRSA.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Mime
View raw message