Apache Maven Jarsigner
This component provides some utilities to sign/verify jars/files in your Mojos.
Dependency declaration
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-jarsigner</artifactId>
<version>3.1.0</version>
</dependency>Sign a jar
You must construct a JarSignerSignRequest. See javadoc for more available options.
JarSignerSignRequest request = new JarSignerSignRequest();
request.setArchive( target );
request.setKeystore( "src/test/keystore" );
request.setVerbose( true );
request.setAlias( "foo_alias" );
request.setKeypass( "key-passwd" );
request.setStorepass( "changeit" );
request.setSignedjar( new File( "target/ssimple.jar" ) );
Now you can use the component to sign your jar:
JavaToolResult result = jarSigner.execute( jarSignerRequest );
// control the execution result
result.getExitCode()
// get exception
result.getExecutionException()
Verify a signed jar
You must construct a JarSignerVerifyRequest. See javadoc for more available options.
JarSignerVerifyRequest request = new JarSignerVerifyRequest();
request.setCerts( true );
request.setKeystore( "src/test/keystore" );
request.setVerbose( true );
request.setAlias( "foo_alias" );
request.setArchive( new File( "target/ssimple.jar" ) );Now you can use the component to verify your signed jar:
JavaToolResult result = jarSigner.execute( request );
// control the execution result
result.getExitCode()
// get exception
result.getExecutionException()