2

Is it possible to use the JarSigner class to sign a jar file within java? Currently I am using:

String args[] = {"-keystore", keystore, "-storepass", password, jar, keyname};
JarSigner js = new JarSigner();
js.run(args);

but if anything fails, the js.run void will call a System.exit(-1) causing my entire application to crash. I was thinking about running that inside of a thread, joining it until it completes, and checking for the return code. Just seeing if there is a more formal way of doing that... Any help would be appreciated.

wuntee
  • 12,170
  • 26
  • 77
  • 106
  • 2
    That won't work. `System.exit()` will terminate the entire VM, not just the thread that executes it. – hmakholm left over Monica Aug 18 '11 at 21:11
  • is there any way to catch a System.exit? – wuntee Aug 19 '11 at 18:23
  • In principle you could do that by making a custom classloader to load the foreign code, and have it install some bytecode of your own for `java.lang.System`. But that is not for the faint of heart -- you'd need to handle the chaining of all _other_ System methods to the VM's implementations yourself. It's probably much easier and maintainable simply to recreate the jar signing process yourself with java.util.zip.* and java.security.* tools. – hmakholm left over Monica Aug 19 '11 at 19:10

2 Answers2

0

If you sign only with SHA1withRSA algorithm, there is a project called zip-signer. The main target of this project is Android, but the core library of this project, "zipsigner-lib", doesn't depend on Android system so it works in PC as well. You can take a look at sample code for PC named zipsigner-cmdline.

If you need algorithms other than SHA1withRSA, though, you'll probably have to adapt source codes from the GNU ClassPath project, which is no easy task.

NullNoname
  • 2,056
  • 1
  • 15
  • 12
0

I suppose you use Sun/Oracle JarSigner included in JDK tools. You have two option:

Yves Martin
  • 10,217
  • 2
  • 38
  • 77