This component provides some utilities to sign/verify jars/files in your Mojos.
<dependency> <groupId>org.apache.maven.shared</groupId> <artifactId>maven-jarsigner</artifactId> <version>1.4</version> </dependency>
You must construct a JarSignerSignRequest. See javadoc for more available options.
JarSignerSignRequest request = new JarSignerSignRequest(); request.setArchive( target ); request.setKeystore( "src/test/keystore" ); request.setVerbose( true ); request.setAlias( "foo_alias" ); request.setKeypass( "key-passwd" ); request.setStorepass( "changeit" ); request.setSignedjar( new File( "target/ssimple.jar" ) );
Now you can use the component to sign your jar:
JavaToolResult result = jarSigner.execute( jarSignerRequest ); // control the execution result result.getExitCode() // get exception result.getExecutionException()
You must construct a JarSignerVerifyRequest. See javadoc for more available options.
JarSignerVerifyRequest request = new JarSignerVerifyRequest(); request.setCerts( true ); request.setKeystore( "src/test/keystore" ); request.setVerbose( true ); request.setAlias( "foo_alias" ); request.setArchive( new File( "target/ssimple.jar" ) );
Now you can use the component to verify your signed jar:
JavaToolResult result = jarSigner.execute( request ); // control the execution result result.getExitCode() // get exception result.getExecutionException()