View Javadoc
1   package org.apache.maven.plugins.jarsigner;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.maven.plugin.MojoExecutionException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.Parameter;
26  import org.apache.maven.shared.jarsigner.JarSignerRequest;
27  import org.apache.maven.shared.jarsigner.JarSignerUtil;
28  import org.apache.maven.shared.jarsigner.JarSignerVerifyRequest;
29  
30  import java.io.File;
31  import java.io.IOException;
32  
33  /**
34   * Checks the signatures of a project artifact and attachments using jarsigner.
35   *
36   * @author <a href="cs@schulte.it">Christian Schulte</a>
37   * @version $Id: JarsignerVerifyMojo.java 1640243 2014-11-17 22:12:18Z khmarbaise $
38   * @since 1.0
39   */
40  @Mojo( name = "verify", defaultPhase = LifecyclePhase.VERIFY )
41  public class JarsignerVerifyMojo
42      extends AbstractJarsignerMojo
43  {
44  
45      /**
46       * See <a href="http://java.sun.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options">options</a>.
47       */
48      @Parameter( property = "jarsigner.certs", defaultValue = "false" )
49      private boolean certs;
50  
51      /**
52       * When <code>true</code> this will make the execute() operation fail,
53       * throwing an exception, when verifying a non signed jar.
54       * Primarily to keep backwards compatibility with existing code, and allow reusing the
55       * bean in unattended operations when set to <code>false</code>.
56       *
57       * @since 1.3
58       **/
59      @Parameter( property = "jarsigner.errorWhenNotSigned", defaultValue = "false" )
60      private boolean errorWhenNotSigned;
61  
62      /**
63       * {@inheritDoc}
64       */
65      protected JarSignerRequest createRequest( File archive )
66      {
67          JarSignerVerifyRequest request = new JarSignerVerifyRequest();
68          request.setCerts( certs );
69          return request;
70      }
71  
72      @Override
73      protected void preProcessArchive( File archive )
74          throws MojoExecutionException
75      {
76          super.preProcessArchive( archive );
77  
78          if ( errorWhenNotSigned )
79          {
80  
81              // check archive if signed
82              boolean archiveSigned;
83              try
84              {
85                  archiveSigned = JarSignerUtil.isArchiveSigned( archive );
86              }
87              catch ( IOException e )
88              {
89                  throw new MojoExecutionException( "Failed to check if archive " + archive + " is signed: "
90                      + e.getMessage(), e );
91              }
92  
93              if ( !archiveSigned )
94              {
95  
96                  // fails, archive must be signed
97                  throw new MojoExecutionException( getMessage( "archiveNotSigned", archive ) );
98              }
99          }
100     }
101 }