我使用Ant signjar task簽署了jar文件,現在我想在部署之前進行測試。如何使用Ant檢查簽名的jar文件?
我可以
jarsigner -verify sbundle.jar
檢查,但我不知道是否有可能做同樣的使用Ant?
我使用Ant signjar task簽署了jar文件,現在我想在部署之前進行測試。如何使用Ant檢查簽名的jar文件?
我可以
jarsigner -verify sbundle.jar
檢查,但我不知道是否有可能做同樣的使用Ant?
另一種方法是將您的構建基於maven腳本。
的Maven確實提出了jarsigner:verify
plugin
如果這不是一個有效的可能性,你仍然可以使用Exec
Ant task直接調用jarsigner
命令。 如果返回碼設置正確,則可以添加屬性failonerror
(如果該命令以非0的返回碼退出,則停止構建過程。)
Ant條件提供「已簽名」。 「
」測試一個jar文件是否被簽名如果簽名名稱被傳遞,則檢查該文件是否存在該特定簽名;否則檢查該文件是否存在任何簽名,但不執行嚴格的簽名驗證;它僅查找簽名的存在 此條件已添加到Apache Ant 1.7中。「
以下螞蟻代碼可用於驗證JAR文件的簽名。只要遇到簽名無效或缺失的JAR文件,腳本就會失敗。
請注意ant-contrib是需要爲爲任務。
<!-- Macro to verify whether or not a JAR file is signed -->
<macrodef name="verify-signatures">
<attribute name="filesetref" />
<sequential>
<for param="file">
<path>
<fileset refid="@{filesetref}" />
</path>
<sequential>
<echo message="Verifying signature on file: @{file}" />
<exec executable="jarsigner" failonerror="true">
<arg value="-verify" />
<arg value="@{file}" />
</exec>
<fail message="@{file} must be signed">
<condition>
<not>
<issigned file="@{file}" />
</not>
</condition>
</fail>
</sequential>
</for>
</sequential>
</macrodef>
<!-- Define the list of files to check -->
<fileset dir="p2repo" id="jarfiles">
<include name="**/*.jar" />
</fileset>
<!-- Verify signatures -->
<verify-signatures filesetref="jarfiles" />
根據@ torkildr的回答。
可以使宏傳遞嵌套路徑或文件集到ant-contrib for task。
<target name="verify-artifacts" description="Just an example of usage">
<verify-artifacts>
<fileset dir="${project.ear.dir}" includes="*.*ar"/>
</verify-artifacts>
</target>
<macrodef name="verify-artifacts">
<element name="artifact-path" implicit="true"/>
<sequential>
<for param="file">
<artifact-path/>
<sequential>
<verify-artifact file="@{file}"/>
</sequential>
</for>
</sequential>
</macrodef>
<macrodef name="verify-artifact">
<attribute name="file"/>
<attribute name="alias" default="${artifact.sign.keystore.alias}"/>
<attribute name="keystore" default="${artifact.sign.keystore.path}"/>
<attribute name="password" default="${artifact.sign.keystore.password}"/>
<sequential>
<if>
<istrue value="${artifact.sign.enabled}"/>
<then>
<echo message="Trying to verify @{file} with alias @{alias} from @{keystore}"/>
<required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
<required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
<required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
<fail message="Keystore path '@{keystore}' not found">
<condition>
<not><available file="@{keystore}" type="file"/></not>
</condition>
</fail>
<fail message="Artifact '@{file}' not found">
<condition>
<not><available file="@{file}" type="file"/></not>
</condition>
</fail>
<!-- jarsigner -verify -keystore @{keystore} -storepass @{password} @{file} @{alias} -->
<exec executable="jarsigner" failonerror="true">
<arg value="-verify"/>
<arg value="-keystore"/>
<arg value="@{keystore}"/>
<arg value="-storepass"/>
<arg value="@{password}"/>
<arg value="@{file}"/>
<arg value="@{alias}"/>
</exec>
</then>
</if>
</sequential>
</macrodef>
<macrodef name="required-macro-param">
<attribute name="prop"/>
<attribute name="value"/>
<sequential>
<!--<echo message="@{value}"/>-->
<fail message="You must set property '@{prop}'">
<condition>
<and>
<or>
<equals arg1="@{value}" arg2=""/>
<matches string="@{value}" pattern="^\$\{.*?\}$"/>
</or>
<!--<not><isset property="@{prop}"/></not>-->
</and>
</condition>
</fail>
</sequential>
</macrodef>
<macrodef name="sign-artifact">
<attribute name="file"/>
<attribute name="alias" default="${artifact.sign.keystore.alias}"/>
<attribute name="keystore" default="${artifact.sign.keystore.path}"/>
<attribute name="password" default="${artifact.sign.keystore.password}"/>
<sequential>
<if>
<istrue value="${artifact.sign.enabled}"/>
<then>
<echo message="Trying to sign @{file} with alias @{alias} from @{keystore}"/>
<required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/>
<required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/>
<required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/>
<fail message="Keystore path '@{keystore}' not found">
<condition>
<not><available file="@{keystore}" type="file"/></not>
</condition>
</fail>
<fail message="Artifact '@{file}' not found">
<condition>
<not><available file="@{file}" type="file"/></not>
</condition>
</fail>
<signjar jar="@{file}" alias="@{alias}" keystore="@{keystore}" storepass="@{password}"/>
<fail message="Signature check failed">
<condition>
<not><issigned file="@{file}" name="@{alias}"/></not>
</condition>
</fail>
</then>
</if>
</sequential>
</macrodef>
<macrodef name="sign-artifacts">
<element name="artifact-path" implicit="true"/>
<sequential>
<for param="file">
<artifact-path/>
<sequential>
<sign-artifact file="@{file}"/>
</sequential>
</for>
</sequential>
</macrodef>
<property name="artifact.sign.enabled" value="true"/>
<property name="artifact.sign.keystore.alias" value="alias"/>
<property name="artifact.sign.keystore.path" value="keystore.jks"/>
<property name="artifact.sign.keystore.password" value="pwd"/>
因爲它實際上會檢查罐子與指定密鑰庫簽署。第一個腳本因爲只檢查了他們簽名,後來與不同簽名者的罐子有問題,所以我遇到了問題。 – javydreamercsw 2013-12-18 22:56:00
您可以在Ant中使用VerifyJar Task來執行此操作。以下是指向Ant幫助的鏈接 https://ant.apache.org/manual/Tasks/verifyjar.html
用於一次驗證多個JAR文件的示例代碼。
verifyjar keystore="mykeystore" keypass="abc"
storepass="abc" alias="myalias">
<path>
<fileset dir="${build.dir}/signedjar" includes="**/*.jar" />
</path>
</verifyjar>
@馬丁:謝謝你,我更喜歡這個答案的編輯(錯字和鏈接) – VonC 2011-01-09 07:32:12