View Javadoc

1   package org.apache.maven.plugins.jarsigner;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.maven.plugin.MojoExecutionException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.Parameter;
26  import org.apache.maven.shared.jarsigner.JarSignerRequest;
27  import org.apache.maven.shared.jarsigner.JarSignerUtil;
28  import org.apache.maven.shared.jarsigner.JarSignerVerifyRequest;
29  
30  import java.io.File;
31  import java.io.IOException;
32  
33  /**
34   * Checks the signatures of a project artifact and attachments using jarsigner.
35   *
36   * @author <a href="cs@schulte.it">Christian Schulte</a>
37   * @version $Id: JarsignerVerifyMojo.java 1541835 2013-11-14 06:29:17Z tchemit $
38   * @since 1.0
39   */
40  @Mojo( name = "verify", defaultPhase = LifecyclePhase.VERIFY )
41  public class JarsignerVerifyMojo
42      extends AbstractJarsignerMojo
43  {
44  
45      /**
46       * See <a href="http://java.sun.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options">options</a>.
47       */
48      @Parameter( property = "jarsigner.certs", defaultValue = "false" )
49      private boolean certs;
50  
51      /**
52       * See <a href="http://java.sun.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options">options</a>.
53       */
54      @Parameter( property = "jarsigner.alias" )
55      private String alias;
56  
57      /** When <code>true</code> this will make the execute() operation fail,
58       * throwing an exception, when verifying a non signed jar.
59       *
60       * Primarily to keep backwards compatibility with existing code, and allow reusing the
61       * bean in unattended operations when set to <code>false</code>.
62       *
63       * @since 1.3
64       **/
65      @Parameter( property = "jarsigner.errorWhenNotSigned", defaultValue = "false" )
66      private boolean errorWhenNotSigned;
67  
68      /**
69       * {@inheritDoc}
70       */
71      protected JarSignerRequest createRequest( File archive )
72      {
73          JarSignerVerifyRequest request = new JarSignerVerifyRequest();
74          request.setAlias( alias );
75          request.setCerts( certs );
76          return request;
77      }
78  
79      @Override
80      protected void preProcessArchive( File archive )
81          throws MojoExecutionException
82      {
83          super.preProcessArchive( archive );
84  
85          if (errorWhenNotSigned) {
86  
87              // check archive if signed
88              boolean archiveSigned;
89              try
90              {
91                  archiveSigned = JarSignerUtil.isArchiveSigned( archive );
92              }
93              catch ( IOException e )
94              {
95                  throw new MojoExecutionException( "Failed to check if archive " + archive + " is signed: " + e.getMessage(), e );
96              }
97  
98              if ( !archiveSigned ) {
99  
100                 // fails, archive must be signed
101                 throw new MojoExecutionException( getMessage( "archiveNotSigned", archive ) );
102             }
103         }
104     }
105 }