[
http://jira.codehaus.org/browse/MJARSIGNER-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=267080#action_267080
]
Anthony Dahanne commented on MJARSIGNER-16:
-------------------------------------------
Hello Christian,
thank you for your answer.
I just tried the way you suggested, and, splitting the -tsa
https://timestamp.geotrust.com/tsa down to 2 arguments seems to work !
So this workaround is ok for maven jar signer 1.2.
Now, I don't know if you prefer to close this issue or keep it open to support
"out of the box" the tsa option in the next release.
Thanks again !
> Add the option -tsa to the configuration
> ----------------------------------------
>
> Key: MJARSIGNER-16
> URL: http://jira.codehaus.org/browse/MJARSIGNER-16
> Project: Maven 2.x Jar Signer Plugin
> Issue Type: New Feature
> Affects Versions: 1.2
> Environment: all
> Reporter: Anthony Dahanne
> Attachments: maven-jarsigner-plugin.patch
>
>
> Since JDK 5, Sun/Oracle added to the JDK jarsigner tool, the possibility to
> use a Timestamp authority while signing.
> The option is docuemnted there :
> http://download.oracle.com/javase/6/docs/technotes/tools/windows/jarsigner.html#Options
> and for those interested in this feature (timestamping), some good
> explanation about this technology can be found there :
> http://en.wikipedia.org/wiki/Trusted_timestamping
> I have attached a patch that includes the addition of this argument to the
> command line; and a new integration test.
> Applying this patch, you should be able to ask a timestamp authority to
> certify the date of signing, using this configuration for example :
> {code:xml}
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-jarsigner-plugin</artifactId>
> <version>@project.version@</version>
> <configuration>
> <alias>test-01</alias>
> <keypass>key-passwd</keypass>
> <sigfile>TESTING</sigfile>
> <tsa>https://timestamp.geotrust.com/tsa</tsa>
> </configuration>
> <executions>
> <execution>
> <id>sign-jars</id>
> <goals>
> <goal>sign</goal>
> </goals>
> </execution>
> <execution>
> <id>verify-jars</id>
> <goals>
> <goal>verify</goal>
> </goals>
> </execution>
> </executions>
> </plugin>
> {code}
> you can find this code in the patch integration test (timestampauthority ,
> src/it/timestampauthority)
> Working on this patch, I THOUGHT there was a workaround, playing around with
> the <arguments> option :
> {code:xml}
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-jarsigner-plugin</artifactId>
> <version>@project.version@</version>
> <configuration>
> <alias>test-01</alias>
> <keypass>key-passwd</keypass>
> <sigfile>TESTING</sigfile>
> <arguments>
> <arguments>-tsa https://timestamp.geotrust.com/tsa</arguments>
> <arguments>
> </configuration>
> <executions>
> etc...
> </executions>
> </plugin>
> {code}
> but it wraps this argument with quotes ("-tsa
> https://timestamp.geotrust.com/tsa"; ) ; something the JDK jarsigner tool does
> not accept; so... no workaround possible :-(
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
