You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tony Chemit (JIRA)" <ji...@codehaus.org> on 2013/11/12 16:31:20 UTC

[jira] (MJARSIGNER-16) Add the option -tsa to the configuration

     [ https://jira.codehaus.org/browse/MJARSIGNER-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tony Chemit updated MJARSIGNER-16:
----------------------------------

    Assignee: Tony Chemit
    
> Add the option -tsa to the configuration
> ----------------------------------------
>
>                 Key: MJARSIGNER-16
>                 URL: https://jira.codehaus.org/browse/MJARSIGNER-16
>             Project: Maven Jar Signer Plugin
>          Issue Type: New Feature
>    Affects Versions: 1.2
>         Environment: all
>            Reporter: Anthony Dahanne
>            Assignee: Tony Chemit
>         Attachments: maven-jarsigner-plugin.patch
>
>
> Since JDK 5, Sun/Oracle added to the JDK jarsigner tool, the possibility to use a Timestamp authority while signing.
> The option is docuemnted there :
> http://download.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options
> and for those interested in this feature (timestamping), some good explanation about this technology can be found there :
> http://en.wikipedia.org/wiki/Trusted_timestamping
> I have attached a patch that includes the addition of this argument to the command line; and a new integration test.
> Applying this patch, you should be able to ask a timestamp authority to certify the date of signing, using this configuration for example :
> {code:xml} 
>       <plugin>
>         <groupId>org.apache.maven.plugins</groupId>
>         <artifactId>maven-jarsigner-plugin</artifactId>
>         <version>@project.version@</version>
>         <configuration>
>           <alias>test-01</alias>
>           <keypass>key-passwd</keypass>
>           <sigfile>TESTING</sigfile>
>           <tsa>https://timestamp.geotrust.com/tsa</tsa>
>         </configuration>
>         <executions>
>           <execution>
>             <id>sign-jars</id>
>             <goals>
>               <goal>sign</goal>
>             </goals>
>           </execution>
>           <execution>
>             <id>verify-jars</id>
>             <goals>
>               <goal>verify</goal>
>             </goals>
>           </execution>
>         </executions>
>       </plugin>
> {code}
> you can find this code in the patch integration test (timestampauthority , src/it/timestampauthority)
> Working on this patch, I THOUGHT there was a workaround, playing around with the <arguments> option :
> {code:xml} 
>       <plugin>
>         <groupId>org.apache.maven.plugins</groupId>
>         <artifactId>maven-jarsigner-plugin</artifactId>
>         <version>@project.version@</version>
>         <configuration>
>           <alias>test-01</alias>
>           <keypass>key-passwd</keypass>
>           <sigfile>TESTING</sigfile>
>           <arguments>
>              <arguments>-tsa https://timestamp.geotrust.com/tsa</arguments>
>           <arguments>  
>         </configuration>
>         <executions>
>           etc...
>         </executions>
>       </plugin>
> {code}
> but it wraps this argument with quotes ("-tsa https://timestamp.geotrust.com/tsa" ) ; something the JDK jarsigner tool does not accept; so... no workaround possible :-(

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira