Apache Maven Jarsigner

This component provides some utilities to sign/verify jars/files in your Mojos.

Dependency declaration

    <dependency>
      <groupId>org.apache.maven.shared</groupId>
      <artifactId>maven-jarsigner</artifactId>
      <version>3.0.0</version>
    </dependency>

Sign a jar

You must construct a JarSignerSignRequest. See javadoc for more available options.

    JarSignerSignRequest request = new JarSignerSignRequest();
    request.setArchive( target );
    request.setKeystore( "src/test/keystore" );
    request.setVerbose( true );
    request.setAlias( "foo_alias" );
    request.setKeypass( "key-passwd" );
    request.setStorepass( "changeit" );
    request.setSignedjar( new File( "target/ssimple.jar" ) );

Now you can use the component to sign your jar:

    JavaToolResult result = jarSigner.execute( jarSignerRequest );
    // control the execution result
    result.getExitCode()
    // get exception
    result.getExecutionException()

Verify a signed jar

You must construct a JarSignerVerifyRequest. See javadoc for more available options.

    JarSignerVerifyRequest request = new JarSignerVerifyRequest();
    request.setCerts( true );
    request.setKeystore( "src/test/keystore" );
    request.setVerbose( true );
    request.setAlias( "foo_alias" );
    request.setArchive( new File( "target/ssimple.jar" ) );

Now you can use the component to verify your signed jar:

    JavaToolResult result = jarSigner.execute( request );
    // control the execution result
    result.getExitCode()
    // get exception
    result.getExecutionException()