lib/Jar/Signer.pm - metacpan.org

package Jar::Signer;

use File::Basename;
use File::chdir;

our $VERSION = 0.1;

sub AUTOLOAD{
	my $self = shift;
	my $type = ref $self || die "$self is not an object";
	my $name = $AUTOLOAD;
	$name =~ s/.*://;
	if(@_){
		$self->{$name} = shift;
	}
	return $self->{$name};
}

sub new{
	my $self = shift;
	my $class = ref $self || $self;
	my $this = bless {}, $class;
	return $this;
}

sub process{
	my $this = shift;
	my $jar = $this->jar;
	die "Cannot find Jar file $jar\n" unless -e $jar;

	(my $base = $jar) =~ s/\.jar$//;

	my $signed_jar = $this->signed_jar;
	unless( $signed_jar ){
		$this->signed_jar("$base.signed.jar");
	}
	
	my $policy_file = "$base.policy";
	$this->policy_file($policy_file);
		
	if( -e $policy_file ){
		warn sprintf("Adding policy file %s to Jar %s\n",$policy_file,$jar);
		$this->add_policy_file;
	}	
	else {
		my @files = `jar -tf $jar`;
		my $base_policy = basename($policy_file);
		unless( grep( /^${base_policy}$/, @files) ){
			die sprintf("Cannot find policy file '%s' for this Jar file and the Jar does not appear to contain it.\nA policy file for this Jar might look something like:\n\n%s\n"
						, $this->policy_file
						, $this->_demo_policy_file
						);	
		}
	}
	
	$this->generate_keystore unless -e $this->keystore;
	my $alias = $this->alias;
	$this->generate_cert unless -e "$alias.cert";
	$this->generate_fingerprint unless -e "$alias.fingerprint";

	$this->generate_signed_jar;
	return;
}

sub add_policy_file{
	my $this = shift;
	local $CWD = dirname($this->jar);
	my $jar = basename($this->jar);
	my $policy_file = basename($this->policy_file);
	system('jar','-uf',$jar,$policy_file) == 0 or die $!;
	return;
}

sub generate_signed_jar{
	my $this = shift;
	my $jar = $this->jar;
	my $signed_jar = $this->signed_jar;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	# jar -> signedjar
	@cmd = ( 'jarsigner', '-keystore', $keystore, '-signedjar', $signed_jar, $jar, $base_alias );
	system(@cmd) == 0 or die $!;
	return;
}

sub generate_fingerprint{
	my $this = shift;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	system("keytool -printcert -file $alias.cert > $alias.fingerprint") == 0 or die $!;
	return;
}

sub generate_cert{
	my $this = shift;
	my $keystore = $this->keystore;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	@cmd = ( 'keytool', '-export', '-rfc', '-keystore', $keystore, '-alias', $base_alias, '-file', "$alias.cert" );
	system(@cmd) == 0 or die $!;
	return;
}

sub generate_keystore{
	my $this = shift;
	my $alias = $this->alias;
	my $base_alias = basename $alias;
	my $keystore = $this->keystore;
	my $dname = $this->dname;
	my @cmd = ( 'keytool', '-genkey', '-alias', $base_alias, '-keystore', $keystore, '-dname', $dname );
	system(@cmd) == 0 or die $!;
	return;
}

sub _demo_policy_file{
	my $this = shift;
	my $signed_jar = basename( $this->signed_jar );
	my $keystore = basename( $this->keystore );
	my $policy = <<"EOF";
keystore "file:$keystore";

grant signedBy "$keystore",  codeBase "http://host/path/to/$signed_jar" {
  permission java.security.AllPermission;
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.lang.RuntimePermission "createClassLoader";
};

grant signedBy "$keystore",  codeBase "file:$signed_jar" {
  permission java.security.AllPermission;
  permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
  permission java.lang.RuntimePermission "createClassLoader";
};
EOF
	return $policy;
}

1;

__END__

=head1 NAME

Jar::Signer - Ease the process of creating a signed Jar file.

=head1 SYNOPSIS

# using FindBin is just a suggestion.

use FindBin qw( $RealBin );

use Jar::Signer;

my $signer = Jar::Signer->new;

# location of the keystore, created if needed.

$signer->keystore("$RealBin/MyKeyStore");

# dname properties of the certificate.

$signer->dname("CN=Mark Southern, O=My Corporation, L=My State, C=USA"); 

# name for .fingerprint and ..cert files, created if needed.

$signer->alias("$RealBin/MyCert");

# the Jar file that we want to sign.

$signer->jar(shift);

# if signed_jar is undefined then the default is basename.signed.jar where basename is the basename of the Jar file.

$signer->signed_jar(shift); 

# create the signed Jar.

$signer->process; 

=head1 DESCRIPTION

This module, and the script that uses it make it a lot simpler to generate 
signed Jar files for use in Java applets etc. It steps through all the needed 
jar, jarsigner and keytool command lines.

=head1 METHODS

jar

=over

Sets/returns the name of the jar file to sign

=back

signed_jar

=over

Sets/returns the name of the signed Jar file to create. if this is undefined 
then the default is basename.signed.jar where basename is the basename of the 
Jar file.

=back

keystore

=over

Sets/returns the name of the key store to use.

=back

alias

=over

Sets/returns the base name for the .cert and .fingerprint files to use

=back

process

=over

The method that scripts everything together. You do not need to call any of 
the methods below as 'process' does this for you.

First the existance of the Jar file and the Keystore, certificate and 
fingerprint files are checked for with the latter three being created as 
needed. Then the policy file is checked for and added to the Jar. The jar is 
then signed.

=back

add_policy_file

=over

Adds the policy file to the Jar. Normally you do not need to call this. It is 
scripted by the 'process' method.

=back

generate_signed_jar

=over

Generates the signed Jar file. Normally you do not need to call this. It is 
scripted by the 'process' method.

=back

generate_fingerprint

=over

Generates a .fingerprint file. Normally you do not need to call this. It is 
scripted by the 'process' method.

=back

generate_cert

=over

Generates a .cert file. Normally you do not need to call this. It is 
scripted by the 'process' method.
generate_keystore

=head1 SEE ALSO

http://java.sun.com/security/signExample12/

=head1 BUGS

Please report them!

=head1 TODO

You are still required to type in a password where required. It would be nice 
if this were set up as a property too.

The jarsigner.pl script could do with a lot of beefing up.

=head1 AUTHOR

Mark Southern (msouthern@exsar.com)

=head1 COPYRIGHT

Copyright (c) 2003, ExSAR Corporation. All Rights Reserved.
This module is free software. It may be used, redistributed
and/or modified under the terms of the Perl Artistic License
(see http://www.perl.com/perl/misc/Artistic.html)

=cut
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)