Uploaded image for project: 'Maven Jar Signer Plugin'
  1. Maven Jar Signer Plugin
  2. MJARSIGNER-16

Add the option -tsa to the configuration

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.2
    • 1.3
    • None
    • all
    • Patch

    Description

      Since JDK 5, Sun/Oracle added to the JDK jarsigner tool, the possibility to use a Timestamp authority while signing.
      The option is docuemnted there :
      http://download.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options

      and for those interested in this feature (timestamping), some good explanation about this technology can be found there :
      http://en.wikipedia.org/wiki/Trusted_timestamping

      I have attached a patch that includes the addition of this argument to the command line; and a new integration test.

      Applying this patch, you should be able to ask a timestamp authority to certify the date of signing, using this configuration for example :

       
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jarsigner-plugin</artifactId>
        <version>@project.version@</version>
        <configuration>
          <alias>test-01</alias>
          <keypass>key-passwd</keypass>
          <sigfile>TESTING</sigfile>
          <tsa>https://timestamp.geotrust.com/tsa</tsa>
        </configuration>
        <executions>
          <execution>
            <id>sign-jars</id>
            <goals>
              <goal>sign</goal>
            </goals>
          </execution>
          <execution>
            <id>verify-jars</id>
            <goals>
              <goal>verify</goal>
            </goals>
          </execution>
        </executions>
      </plugin>

      you can find this code in the patch integration test (timestampauthority , src/it/timestampauthority)

      Working on this patch, I THOUGHT there was a workaround, playing around with the <arguments> option :

       
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jarsigner-plugin</artifactId>
        <version>@project.version@</version>
        <configuration>
          <alias>test-01</alias>
          <keypass>key-passwd</keypass>
          <sigfile>TESTING</sigfile>
          <arguments>
             <arguments>-tsa https://timestamp.geotrust.com/tsa</arguments>
          <arguments>  
        </configuration>
        <executions>
          etc...
        </executions>
      </plugin>

      but it wraps this argument with quotes ("-tsa https://timestamp.geotrust.com/tsa" ) ; something the JDK jarsigner tool does not accept; so... no workaround possible

      Attachments

        1. maven-jarsigner-plugin.patch
          8 kB
          Anthony Dahanne

        Issue Links

          depends upon

          New Feature - A new feature of the product, which has yet to be developed. MSHARED-299 Add support for -tsa during signing (Trusted Timestamping)

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MJARSIGNER-27 Use maven-jarsigner 1.3

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              tchemit Tony Chemit
              anthony.dahanne Anthony Dahanne
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: