This component provides some utilities to sign/verify jars/files in your Mojos.
<dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-jarsigner</artifactId> <version>1.1</version> </dependency>
You must construct a JarSignerSignRequest. See javadoc for more available options.
JarSignerSignRequest jarSignerRequest = new JarSignerSignRequest(); jarSignerRequest.setArchive( target ); jarSignerRequest.setKeystore( "src/test/keystore" ); jarSignerRequest.setVerbose( true ); jarSignerRequest.setAlias( "foo_alias" ); jarSignerRequest.setKeypass( "key-passwd" ); jarSignerRequest.setStorepass( "changeit" ); jarSignerRequest.setSignedjar( new File( "target/ssimple.jar" ) );
Now you can use the component to sign your jar:
JarSignerResult jarSignerResult = jarSigner.execute( jarSignerRequest ); // control the execution result jarSignerResult.getExitCode() // get exception jarSignerResult.getExecutionException()
You must construct a JarSignerVerifyRequest. See javadoc for more available options.
JarSignerVerifyRequest request = new JarSignerVerifyRequest(); request.setCerts( true ); request.setVerbose( true ); request.setArchive( new File( "target/ssimple.jar" ) );
Now you can use the component to verify your signe jar:
JarSignerResult jarSignerResult = jarSigner.execute( request ); // control the execution result jarSignerResult.getExitCode() // get exception jarSignerResult.getExecutionException()