View Javadoc

1   package org.apache.maven.plugins.jarsigner;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.maven.plugin.MojoExecutionException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.Parameter;
26  import org.apache.maven.shared.jarsigner.JarSignerRequest;
27  import org.apache.maven.shared.jarsigner.JarSignerUtil;
28  import org.apache.maven.shared.jarsigner.JarSignerVerifyRequest;
29  
30  import java.io.File;
31  import java.io.IOException;
32  
33  /**
34   * Checks the signatures of a project artifact and attachments using jarsigner.
35   *
36   * @author <a href="cs@schulte.it">Christian Schulte</a>
37   * @version $Id: JarsignerVerifyMojo.java 1557259 2014-01-10 21:12:24Z tchemit $
38   * @since 1.0
39   */
40  @Mojo( name = "verify", defaultPhase = LifecyclePhase.VERIFY )
41  public class JarsignerVerifyMojo
42      extends AbstractJarsignerMojo
43  {
44  
45      /**
46       * See <a href="http://java.sun.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options">options</a>.
47       */
48      @Parameter( property = "jarsigner.certs", defaultValue = "false" )
49      private boolean certs;
50  
51      /** When <code>true</code> this will make the execute() operation fail,
52       * throwing an exception, when verifying a non signed jar.
53       *
54       * Primarily to keep backwards compatibility with existing code, and allow reusing the
55       * bean in unattended operations when set to <code>false</code>.
56       *
57       * @since 1.3
58       **/
59      @Parameter( property = "jarsigner.errorWhenNotSigned", defaultValue = "false" )
60      private boolean errorWhenNotSigned;
61  
62      /**
63       * {@inheritDoc}
64       */
65      protected JarSignerRequest createRequest( File archive )
66      {
67          JarSignerVerifyRequest request = new JarSignerVerifyRequest();
68          request.setCerts( certs );
69          return request;
70      }
71  
72      @Override
73      protected void preProcessArchive( File archive )
74          throws MojoExecutionException
75      {
76          super.preProcessArchive( archive );
77  
78          if (errorWhenNotSigned) {
79  
80              // check archive if signed
81              boolean archiveSigned;
82              try
83              {
84                  archiveSigned = JarSignerUtil.isArchiveSigned( archive );
85              }
86              catch ( IOException e )
87              {
88                  throw new MojoExecutionException( "Failed to check if archive " + archive + " is signed: " + e.getMessage(), e );
89              }
90  
91              if ( !archiveSigned ) {
92  
93                  // fails, archive must be signed
94                  throw new MojoExecutionException( getMessage( "archiveNotSigned", archive ) );
95              }
96          }
97      }
98  }