Apache Maven Jarsigner

This component provides some utilities to sign/verify jars/files in your Mojos.

Dependency declaration

    <dependency>
      <groupId>org.apache.maven.shared</groupId>
      <artifactId>maven-jarsigner</artifactId>
      <version>1.1</version>
    </dependency>

Sign a jar

You must construct a JarSignerSignRequest. See javadoc for more available options.

    JarSignerSignRequest jarSignerRequest = new JarSignerSignRequest();
    jarSignerRequest.setArchive( target );
    jarSignerRequest.setKeystore( "src/test/keystore" );
    jarSignerRequest.setVerbose( true );
    jarSignerRequest.setAlias( "foo_alias" );
    jarSignerRequest.setKeypass( "key-passwd" );
    jarSignerRequest.setStorepass( "changeit" );
    jarSignerRequest.setSignedjar( new File( "target/ssimple.jar" ) );

Now you can use the component to sign your jar:

    JarSignerResult jarSignerResult = jarSigner.execute( jarSignerRequest );
    // control the execution result
    jarSignerResult.getExitCode()
    // get exception
    jarSignerResult.getExecutionException()

Verify a signed jar

You must construct a JarSignerVerifyRequest. See javadoc for more available options.

    JarSignerVerifyRequest request = new JarSignerVerifyRequest();
    request.setCerts( true );
    request.setVerbose( true );
    request.setArchive( new File( "target/ssimple.jar" ) );

Now you can use the component to verify your signe jar:

    JarSignerResult jarSignerResult = jarSigner.execute( request );
    // control the execution result
    jarSignerResult.getExitCode()
    // get exception
    jarSignerResult.getExecutionException()