Jar::Signer - Ease the process of creating a signed Jar file.

Jar-Signer documentation Contained in the Jar-Signer distribution.

Index

Code Index:

NAME

Top

Jar::Signer - Ease the process of creating a signed Jar file.

SYNOPSIS

Top

# using FindBin is just a suggestion.

use FindBin qw( $RealBin );

use Jar::Signer;

my $signer = Jar::Signer->new;

# location of the keystore, created if needed.

$signer->keystore("$RealBin/MyKeyStore");

# dname properties of the certificate.

$signer->dname("CN=Mark Southern, O=My Corporation, L=My State, C=USA");

# name for .fingerprint and ..cert files, created if needed.

$signer->alias("$RealBin/MyCert");

# the Jar file that we want to sign.

$signer->jar(shift);

# if signed_jar is undefined then the default is basename.signed.jar where basename is the basename of the Jar file.

$signer->signed_jar(shift);

# create the signed Jar.

$signer->process;

DESCRIPTION

Top

This module, and the script that uses it make it a lot simpler to generate signed Jar files for use in Java applets etc. It steps through all the needed jar, jarsigner and keytool command lines.

METHODS

Top

jar

Sets/returns the name of the jar file to sign

signed_jar

Sets/returns the name of the signed Jar file to create. if this is undefined then the default is basename.signed.jar where basename is the basename of the Jar file.

keystore

Sets/returns the name of the key store to use.

alias

Sets/returns the base name for the .cert and .fingerprint files to use

process

The method that scripts everything together. You do not need to call any of the methods below as 'process' does this for you.

First the existance of the Jar file and the Keystore, certificate and fingerprint files are checked for with the latter three being created as needed. Then the policy file is checked for and added to the Jar. The jar is then signed.

add_policy_file

Adds the policy file to the Jar. Normally you do not need to call this. It is scripted by the 'process' method.

generate_signed_jar

Generates the signed Jar file. Normally you do not need to call this. It is scripted by the 'process' method.

generate_fingerprint

Generates a .fingerprint file. Normally you do not need to call this. It is scripted by the 'process' method.

generate_cert

Generates a .cert file. Normally you do not need to call this. It is scripted by the 'process' method. generate_keystore

SEE ALSO

Top

http://java.sun.com/security/signExample12/

BUGS

Top

Please report them!

TODO

Top

You are still required to type in a password where required. It would be nice if this were set up as a property too.

The jarsigner.pl script could do with a lot of beefing up.

AUTHOR

Top

Mark Southern (msouthern@exsar.com)

COPYRIGHT

Top

Copyright (c) 2003, ExSAR Corporation. All Rights Reserved. This module is free software. It may be used, redistributed and/or modified under the terms of the Perl Artistic License (see http://www.perl.com/perl/misc/Artistic.html)

Jar-Signer documentation Contained in the Jar-Signer distribution. 
package Jar::Signer;

use File::Basename;
use File::chdir;

our $VERSION = 0.1;

sub AUTOLOAD{
	my $self = shift;
	my $type = ref $self || die "$self is not an object";
	my $name = $AUTOLOAD;
	$name =~ s/.*://;
	if(@_){
		$self->{$name} = shift;
	}
	return $self->{$name};
}

sub new{
	my $self = shift;
	my $class = ref $self || $self;
	my $this = bless {}, $class;
	return $this;
}

sub process{
	my $this = shift;
	my $jar = $this->jar;
	die "Cannot find Jar file $jar\n" unless -e $jar;

	(my $base = $jar) =~ s/\.jar$//;

	my $signed_jar = $this->signed_jar;
	unless( $signed_jar ){
		$this->signed_jar("$base.signed.jar");
	}
	
	my $policy_file = "$base.policy";
	$this->policy_file($policy_file);
		
	if( -e $policy_file ){
		warn sprintf("Adding policy file %s to Jar %s\n",$policy_file,$jar);
		$this->add_policy_file;
	}	
	else {
		my @files = `jar -tf $jar`;
		my $base_policy = basename($policy_file);
		unless( grep( /^${base_policy}$/, @files) ){
			die sprintf("Cannot find policy file '%s' for this Jar file and the Jar does not appear to contain it.\nA policy file for this Jar might look something like:\n\n%s\n"
						, $this->policy_file
						, $this->_demo_policy_file
						);	
		}
	}
	
	$this->generate_keystore unless -e $this->keystore;
	my $alias = $this->alias;
	$this->generate_cert unless -e "$alias.cert";
	$this->generate_fingerprint unless -e "$alias.fingerprint";

	$this->generate_signed_jar;
	return;
}

sub add_policy_file{
	my $this = shift;
	local $CWD = dirname($this->jar);
	my $jar = basename($this->jar);
	my $policy_file = basename($this->policy_file);
	system('jar','-uf',$jar,$policy_file) == 0 or die $!;
	return;
}

sub generate_signed_jar{
	my $this = shift;
	my $jar = $this->jar;
	my $signed_jar = $this->signed_jar;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	# jar -> signedjar
	@cmd = ( 'jarsigner', '-keystore', $keystore, '-signedjar', $signed_jar, $jar, $base_alias );
	system(@cmd) == 0 or die $!;
	return;
}

sub generate_fingerprint{
	my $this = shift;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	system("keytool -printcert -file $alias.cert > $alias.fingerprint") == 0 or die $!;
	return;
}

sub generate_cert{
	my $this = shift;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	@cmd = ( 'keytool', '-export', '-rfc', '-keystore', $keystore, '-alias', $base_alias, '-file', "$alias.cert" );
	system(@cmd) == 0 or die $!;
	return;
}

sub generate_keystore{
	my $this = shift;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	my $keystore = $this->keystore;
	my $dname = $this->dname;
	my @cmd = ( 'keytool', '-genkey', '-alias', $base_alias, '-keystore', $keystore, '-dname', $dname );
	system(@cmd) == 0 or die $!;
	return;
}

sub _demo_policy_file{
	my $this = shift;
	my $signed_jar = basename( $this->signed_jar );
	my $keystore = basename( $this->keystore );
	my $policy = <<"EOF";
keystore "file:$keystore";

grant signedBy "$keystore",  codeBase "http://host/path/to/$signed_jar" {
  permission java.security.AllPermission;
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.lang.RuntimePermission "createClassLoader";
};

grant signedBy "$keystore",  codeBase "file:$signed_jar" {
  permission java.security.AllPermission;
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.lang.RuntimePermission "createClassLoader";
};
EOF
	return $policy;
}

1;

__END__