1. 首頁
  2. 問答
  3. 如何使用Ant檢查簽名的jar文件?

如何使用Ant檢查簽名的jar文件?

2010-05-20 21 views

回答

5

另一種方法是將您的構建基於maven腳本。
的Maven確實提出了jarsigner:verify plugin

如果這不是一個有效的可能性,你仍然可以使用Exec Ant task直接調用jarsigner命令。 如果返回碼設置正確,則可以添加屬性failonerror(如果該命令以非0的返回碼退出,則停止構建過程。)

來源

2010-05-20 09:03:28 VonC

+0

@馬丁:謝謝你,我更喜歡這個答案的編輯(錯字和鏈接) – VonC 2011-01-09 07:32:12

3

Ant條件提供「已簽名」。 「

」測試一個jar文件是否被簽名如果簽名名稱被傳遞,則檢查該文件是否存在該特定簽名;否則檢查該文件是否存在任何簽名,但不執行嚴格的簽名驗證;它僅查找簽名的存在 此條件已添加到Apache Ant 1.7中。「

Ant conditions

來源

2011-12-12 11:51:07

4

以下螞蟻代碼可用於驗證JAR文件的簽名。只要遇到簽名無效或缺失的JAR文件,腳本就會失敗

請注意ant-contrib是需要爲任務。

<!-- Macro to verify whether or not a JAR file is signed --> 
<macrodef name="verify-signatures"> 
    <attribute name="filesetref" /> 
    <sequential> 
     <for param="file"> 
      <path> 
       <fileset refid="@{filesetref}" /> 
      </path> 
      <sequential> 
       <echo message="Verifying signature on file: @{file}" /> 
       <exec executable="jarsigner" failonerror="true"> 
        <arg value="-verify" /> 
        <arg value="@{file}" /> 
       </exec> 
       <fail message="@{file} must be signed"> 
        <condition> 
         <not> 
          <issigned file="@{file}" /> 
         </not> 
        </condition> 
       </fail> 
      </sequential> 
     </for> 
    </sequential> 
</macrodef> 

<!-- Define the list of files to check --> 
<fileset dir="p2repo" id="jarfiles"> 
    <include name="**/*.jar" /> 
</fileset> 

<!-- Verify signatures --> 
<verify-signatures filesetref="jarfiles" />

來源

2013-02-05 13:29:42 torkildr

1

根據@ torkildr的回答。

可以使宏傳遞嵌套路徑或文件集到ant-contrib for task

<target name="verify-artifacts" description="Just an example of usage"> 
    <verify-artifacts> 
     <fileset dir="${project.ear.dir}" includes="*.*ar"/> 
    </verify-artifacts> 
</target> 

<macrodef name="verify-artifacts"> 
    <element name="artifact-path" implicit="true"/> 
    <sequential> 
     <for param="file"> 
      <artifact-path/> 
      <sequential> 
       <verify-artifact file="@{file}"/> 
      </sequential> 
     </for> 
    </sequential> 
</macrodef> 

<macrodef name="verify-artifact"> 
    <attribute name="file"/> 
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/> 
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/> 
    <attribute name="password" default="${artifact.sign.keystore.password}"/> 
    <sequential> 
     <if> 
      <istrue value="${artifact.sign.enabled}"/> 
      <then> 
       <echo message="Trying to verify @{file} with alias @{alias} from @{keystore}"/> 
       <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/> 
       <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/> 
       <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/> 
       <fail message="Keystore path '@{keystore}' not found"> 
        <condition> 
         <not><available file="@{keystore}" type="file"/></not> 
        </condition> 
       </fail> 
       <fail message="Artifact '@{file}' not found"> 
        <condition> 
         <not><available file="@{file}" type="file"/></not> 
        </condition> 
       </fail> 
       <!-- jarsigner -verify -keystore @{keystore} -storepass @{password} @{file} @{alias} --> 
       <exec executable="jarsigner" failonerror="true"> 
        <arg value="-verify"/> 
        <arg value="-keystore"/> 
        <arg value="@{keystore}"/> 
        <arg value="-storepass"/> 
        <arg value="@{password}"/> 
        <arg value="@{file}"/> 
        <arg value="@{alias}"/> 
       </exec> 
      </then> 
     </if> 
    </sequential> 
</macrodef> 

<macrodef name="required-macro-param"> 
    <attribute name="prop"/> 
    <attribute name="value"/> 
    <sequential> 
     <!--<echo message="@{value}"/>--> 
     <fail message="You must set property '@{prop}'"> 
      <condition> 
       <and> 
        <or> 
         <equals arg1="@{value}" arg2=""/> 
         <matches string="@{value}" pattern="^\$\{.*?\}$"/> 
        </or> 
        <!--<not><isset property="@{prop}"/></not>--> 
       </and> 
      </condition> 
     </fail> 
    </sequential> 
</macrodef> 

<macrodef name="sign-artifact"> 
    <attribute name="file"/> 
    <attribute name="alias" default="${artifact.sign.keystore.alias}"/> 
    <attribute name="keystore" default="${artifact.sign.keystore.path}"/> 
    <attribute name="password" default="${artifact.sign.keystore.password}"/> 
    <sequential> 
     <if> 
      <istrue value="${artifact.sign.enabled}"/> 
      <then> 
       <echo message="Trying to sign @{file} with alias @{alias} from @{keystore}"/> 
       <required-macro-param value="@{alias}" prop="artifact.sign.keystore.alias"/> 
       <required-macro-param value="@{keystore}" prop="artifact.sign.keystore.path"/> 
       <required-macro-param value="@{password}" prop="artifact.sign.keystore.password"/> 
       <fail message="Keystore path '@{keystore}' not found"> 
        <condition> 
         <not><available file="@{keystore}" type="file"/></not> 
        </condition> 
       </fail> 
       <fail message="Artifact '@{file}' not found"> 
        <condition> 
         <not><available file="@{file}" type="file"/></not> 
        </condition> 
       </fail> 
       <signjar jar="@{file}" alias="@{alias}" keystore="@{keystore}" storepass="@{password}"/> 
       <fail message="Signature check failed"> 
        <condition> 
         <not><issigned file="@{file}" name="@{alias}"/></not> 
        </condition> 
       </fail> 
      </then> 
     </if> 
    </sequential> 
</macrodef> 

<macrodef name="sign-artifacts"> 
    <element name="artifact-path" implicit="true"/> 
    <sequential> 
     <for param="file"> 
      <artifact-path/> 
      <sequential> 
       <sign-artifact file="@{file}"/> 
      </sequential> 
     </for> 
    </sequential> 
</macrodef> 

<property name="artifact.sign.enabled" value="true"/> 
<property name="artifact.sign.keystore.alias" value="alias"/> 
<property name="artifact.sign.keystore.path" value="keystore.jks"/> 
<property name="artifact.sign.keystore.password" value="pwd"/>

來源

2013-10-23 08:17:15 Vadzim

+0

因爲它實際上會檢查罐子與指定密鑰庫簽署。第一個腳本因爲只檢查了他們簽名,後來與不同簽名者的罐子有問題,所以我遇到了問題。 – javydreamercsw 2013-12-18 22:56:00

1

您可以在Ant中使用VerifyJar Task來執行此操作。以下是指向Ant幫助的鏈接 https://ant.apache.org/manual/Tasks/verifyjar.html

用於一次驗證多個JAR文件的示例代碼。

verifyjar keystore="mykeystore" keypass="abc" 
      storepass="abc" alias="myalias"> 
    <path> 
     <fileset dir="${build.dir}/signedjar" includes="**/*.jar" /> 
    </path> 
</verifyjar>

來源

2016-10-11 09:16:26

相關問題

 相關問題