src/site/apt/index.apt.vm - maven-jarsigner - Git at Google

  ------
  Overview
  ------
  Olivier Lamy
  ------
  2011-11-01
  ------

  ~~ Licensed to the Apache Software Foundation (ASF) under one
  ~~ or more contributor license agreements.  See the NOTICE file
  ~~ distributed with this work for additional information
  ~~ regarding copyright ownership.  The ASF licenses this file
  ~~ to you under the Apache License, Version 2.0 (the
  ~~ "License"); you may not use this file except in compliance
  ~~ with the License.  You may obtain a copy of the License at
  ~~
  ~~   http://www.apache.org/licenses/LICENSE-2.0
  ~~
  ~~ Unless required by applicable law or agreed to in writing,
  ~~ software distributed under the License is distributed on an
  ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  ~~ KIND, either express or implied.  See the License for the
  ~~ specific language governing permissions and limitations
  ~~ under the License.

  ~~ NOTE: For help with the syntax of this file, see:
  ~~ http://maven.apache.org/doxia/references/apt-format.html

 Overview

   This component provides some utilities to sign/verify jars/files in your Mojos.

 * Dependency declaration

 +---------
     <dependency>
       <groupId>org.apache.maven.shared</groupId>
       <artifactId>maven-jarsigner</artifactId>
       <version>${project.version}</version>
     </dependency>
 +---------

 * Sign a jar

   You must construct a JarSignerSignRequest. See {{{./apidocs/org/apache/maven/shared/jarsigner/JarSignerSignRequest.html}javadoc}} for more available options.

 +---------

     JarSignerSignRequest jarSignerRequest = new JarSignerSignRequest();
     jarSignerRequest.setArchive( target );
     jarSignerRequest.setKeystore( "src/test/keystore" );
     jarSignerRequest.setVerbose( true );
     jarSignerRequest.setAlias( "foo_alias" );
     jarSignerRequest.setKeypass( "key-passwd" );
     jarSignerRequest.setStorepass( "changeit" );
     jarSignerRequest.setSignedjar( new File( "target/ssimple.jar" ) );

 +---------

   Now you can use the component to sign your jar:

 +---------

     JarSignerResult jarSignerResult = jarSigner.execute( jarSignerRequest );
     // control the execution result
     jarSignerResult.getExitCode()
     // get exception
     jarSignerResult.getExecutionException()

 +---------

 * Verify a signed jar

   You must construct a JarSignerVerifyRequest. See {{{./apidocs/org/apache/maven/shared/jarsigner/JarSignerVerifyRequest.html}javadoc}} for more available options.

 +----------
     JarSignerVerifyRequest request = new JarSignerVerifyRequest();
     request.setCerts( true );
     request.setVerbose( true );
     request.setArchive( new File( "target/ssimple.jar" ) );
 +----------

   Now you can use the component to verify your signe jar:

 +----------
     JarSignerResult jarSignerResult = jarSigner.execute( request );
     // control the execution result
     jarSignerResult.getExitCode()
     // get exception
     jarSignerResult.getExecutionException()
 +----------
	------
	Overview
	------
	Olivier Lamy
	------
	2011-11-01
	------

	~~ Licensed to the Apache Software Foundation (ASF) under one
	~~ or more contributor license agreements. See the NOTICE file
	~~ distributed with this work for additional information
	~~ regarding copyright ownership. The ASF licenses this file
	~~ to you under the Apache License, Version 2.0 (the
	~~ "License"); you may not use this file except in compliance
	~~ with the License. You may obtain a copy of the License at
	~~
	~~ http://www.apache.org/licenses/LICENSE-2.0
	~~
	~~ Unless required by applicable law or agreed to in writing,
	~~ software distributed under the License is distributed on an
	~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~~ KIND, either express or implied. See the License for the
	~~ specific language governing permissions and limitations
	~~ under the License.

	~~ NOTE: For help with the syntax of this file, see:
	~~ http://maven.apache.org/doxia/references/apt-format.html

	Overview

	This component provides some utilities to sign/verify jars/files in your Mojos.

	* Dependency declaration

	+---------
	<dependency>
	<groupId>org.apache.maven.shared</groupId>
	<artifactId>maven-jarsigner</artifactId>
	<version>${project.version}</version>
	</dependency>
	+---------

	* Sign a jar

	You must construct a JarSignerSignRequest. See {{{./apidocs/org/apache/maven/shared/jarsigner/JarSignerSignRequest.html}javadoc}} for more available options.

	+---------

	JarSignerSignRequest jarSignerRequest = new JarSignerSignRequest();
	jarSignerRequest.setArchive( target );
	jarSignerRequest.setKeystore( "src/test/keystore" );
	jarSignerRequest.setVerbose( true );
	jarSignerRequest.setAlias( "foo_alias" );
	jarSignerRequest.setKeypass( "key-passwd" );
	jarSignerRequest.setStorepass( "changeit" );
	jarSignerRequest.setSignedjar( new File( "target/ssimple.jar" ) );

	+---------

	Now you can use the component to sign your jar:

	+---------

	JarSignerResult jarSignerResult = jarSigner.execute( jarSignerRequest );
	// control the execution result
	jarSignerResult.getExitCode()
	// get exception
	jarSignerResult.getExecutionException()

	+---------

	* Verify a signed jar

	You must construct a JarSignerVerifyRequest. See {{{./apidocs/org/apache/maven/shared/jarsigner/JarSignerVerifyRequest.html}javadoc}} for more available options.

	+----------
	JarSignerVerifyRequest request = new JarSignerVerifyRequest();
	request.setCerts( true );
	request.setVerbose( true );
	request.setArchive( new File( "target/ssimple.jar" ) );
	+----------

	Now you can use the component to verify your signe jar:

	+----------
	JarSignerResult jarSignerResult = jarSigner.execute( request );
	// control the execution result
	jarSignerResult.getExitCode()
	// get exception
	jarSignerResult.getExecutionException()
	+----------