[jira] Created: (MJARSIGNER-16) Add the option -tsa to the configuration

[Anthony Dahanne (JIRA)]

Add the option -tsa to the configuration
----------------------------------------

                 Key: MJARSIGNER-16
                 URL: http://jira.codehaus.org/browse/MJARSIGNER-16
             Project: Maven 2.x Jar Signer Plugin
          Issue Type: New Feature
    Affects Versions: 1.2
         Environment: all
            Reporter: Anthony Dahanne
         Attachments: maven-jarsigner-plugin.patch

Since JDK 5, Sun/Oracle added to the JDK jarsigner tool, the possibility to use 
a Timestamp authority while signing.
The option is docuemnted there :
http://download.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options

and for those interested in this feature (timestamping), some good explanation 
about this technology can be found there :
http://en.wikipedia.org/wiki/Trusted_timestamping

I have attached a patch that includes the addition of this argument to the 
command line; and a new integration test.

Applying this patch, you should be able to ask a timestamp authority to certify 
the date of signing, using this configuration for example :

{code:xml} 
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jarsigner-plugin</artifactId>
        <version>@project.version@</version>
        <configuration>
          <alias>test-01</alias>
          <keypass>key-passwd</keypass>
          <sigfile>TESTING</sigfile>
          <tsa>https://timestamp.geotrust.com/tsa</tsa>
        </configuration>
        <executions>
          <execution>
            <id>sign-jars</id>
            <goals>
              <goal>sign</goal>
            </goals>
          </execution>
          <execution>
            <id>verify-jars</id>
            <goals>
              <goal>verify</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
{code}

you can find this code in the patch integration test (timestampauthority , 
src/it/timestampauthority)

Working on this patch, I THOUGHT there was a workaround, playing around with 
the <arguments> option :

{code:xml} 
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jarsigner-plugin</artifactId>
        <version>@project.version@</version>
        <configuration>
          <alias>test-01</alias>
          <keypass>key-passwd</keypass>
          <sigfile>TESTING</sigfile>
          <arguments>
             <arguments>-tsa https://timestamp.geotrust.com/tsa</arguments>
          <arguments>  
        </configuration>
        <executions>
          etc...
        </executions>
      </plugin>
{code}

but it wraps this argument with quotes ("-tsa 
https://timestamp.geotrust.com/tsa"; ) ; something the JDK jarsigner tool does 
not accept; so... no workaround possible :-(


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira