You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tony Chemit (JIRA)" <ji...@codehaus.org> on 2013/11/12 16:31:20 UTC
[jira] (MJARSIGNER-16) Add the option -tsa to the configuration
[ https://jira.codehaus.org/browse/MJARSIGNER-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tony Chemit updated MJARSIGNER-16:
----------------------------------
Assignee: Tony Chemit
> Add the option -tsa to the configuration
> ----------------------------------------
>
> Key: MJARSIGNER-16
> URL: https://jira.codehaus.org/browse/MJARSIGNER-16
> Project: Maven Jar Signer Plugin
> Issue Type: New Feature
> Affects Versions: 1.2
> Environment: all
> Reporter: Anthony Dahanne
> Assignee: Tony Chemit
> Attachments: maven-jarsigner-plugin.patch
>
>
> Since JDK 5, Sun/Oracle added to the JDK jarsigner tool, the possibility to use a Timestamp authority while signing.
> The option is docuemnted there :
> http://download.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options
> and for those interested in this feature (timestamping), some good explanation about this technology can be found there :
> http://en.wikipedia.org/wiki/Trusted_timestamping
> I have attached a patch that includes the addition of this argument to the command line; and a new integration test.
> Applying this patch, you should be able to ask a timestamp authority to certify the date of signing, using this configuration for example :
> {code:xml}
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-jarsigner-plugin</artifactId>
> <version>@project.version@</version>
> <configuration>
> <alias>test-01</alias>
> <keypass>key-passwd</keypass>
> <sigfile>TESTING</sigfile>
> <tsa>https://timestamp.geotrust.com/tsa</tsa>
> </configuration>
> <executions>
> <execution>
> <id>sign-jars</id>
> <goals>
> <goal>sign</goal>
> </goals>
> </execution>
> <execution>
> <id>verify-jars</id>
> <goals>
> <goal>verify</goal>
> </goals>
> </execution>
> </executions>
> </plugin>
> {code}
> you can find this code in the patch integration test (timestampauthority , src/it/timestampauthority)
> Working on this patch, I THOUGHT there was a workaround, playing around with the <arguments> option :
> {code:xml}
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-jarsigner-plugin</artifactId>
> <version>@project.version@</version>
> <configuration>
> <alias>test-01</alias>
> <keypass>key-passwd</keypass>
> <sigfile>TESTING</sigfile>
> <arguments>
> <arguments>-tsa https://timestamp.geotrust.com/tsa</arguments>
> <arguments>
> </configuration>
> <executions>
> etc...
> </executions>
> </plugin>
> {code}
> but it wraps this argument with quotes ("-tsa https://timestamp.geotrust.com/tsa" ) ; something the JDK jarsigner tool does not accept; so... no workaround possible :-(
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira