JDK-8056174 : New APIs for jar signing
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-08-27
  • Updated: 2017-08-12
  • Resolved: 2015-11-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
9 b94Fixed
Related Reports
Blocks :  
Blocks :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8173015 :  
Jar signing is not doable through public APIs, and the jarsigner tool were designed to be run by a human being and it's difficult to run it in an application. The enhancement intends to create new APIs jar signing.

The default signature algorithm in jarsigner will also be updated to be keysize dependent (See JDK-8157389).
Release note: A new jdk.security.jarsigner.JarSigner API is added to the jdk.jartool module which can be used to sign a jar file.

Read http://ccc.us.oracle.com/8056174 for design, still not final.

The digestalg() method is still specific for JARs because it's used to generate lines in manifest and SF file. Not sure if there will be similar methods for modules. I remember you mentioned choosing signature format between pkcs7 and xmlsig. Where can I find the proposal? Anyway, we could change to CodeSigner cs = CodeSigner.getInstance("module", "xmlsig"); cs.initialize(checkValidity, privateKey, certChain, secureRandom); ... cs.sign(file, signerName, outStream);

Suggested spec: /** ��* A utility class to sign a jar file. ��* ��* A caller first creates a JarSigner object, then call various modifiers ��* (any method except for {@link #sign}) to specify the options of ��* signing, and finally call {@link #sign} to sign a given jar file. ��* ��* Calling the same modifier again overwrites the previous option set. ��* Calling it with a null argument unset the option. The signing process ��* might choose a default value if it is unset. See ��* <a href=jarsigner.html#options>jarsigner doc</a> for default values. ��* ��* The sign method does not make change to the state of a JarSigner. ��* Therefore it's safe to run multiple sign methods in parallel. ��*/ public class JarSigner { ��������/** ����������* Create a JarSigner object with signer info ����������* @param check whether to check the capability of the signer ����������* @param key the private key of the signer ����������* @param certs the certificate chain of the signer ����������* @throws IllegalArgumentException if the signer is not capable of ����������* signing. See <a href=jarsigner.html#strict>jarsigner doc</a> for ����������* capability ����������*/ ��������public JarSigner(boolean check, PrivateKey key, X509Certificate... certs); ��������/** ����������* Specify an alternative signing mechanism. ����������* @param signer the signing mechanism ����������*/ ��������public JarSigner altsigner(com.sun.jarsigner.ContentSigner signer); ��������/** ����������* Set the desired digest algorithm ����������* @param alg the digest algorithm ����������* @return the JarSigner itself ����������*/ ��������public JarSigner digestalg(String alg); ��������/** ����������* Set the desired signature algorithm ����������* @param alg the signature algorithm ����������* @return the JarSigner itself ����������*/ ��������public JarSigner sigalg(String alg); ��������/** ����������* Set the URI of the desired TSA ����������* @param uri the URI ����������* @return the JarSigner itself ����������*/ ��������public JarSigner tsa(URI uri); ��������/** ����������* Set the certificate of the desired TSA ����������* @param tsaCert the certificate ����������* @return the JarSigner itself ����������*/ ��������public JarSigner tsacert(X509Certificate tsaCert); ��������/** ����������* Set the desired TSA policyID ����������* @param oid the object identifier ����������* @return the JarSigner itself ����������* @throws IllegalArgumentException if oid is not a valid object identifier ����������*/ ��������public JarSigner tsapolicyid(String oid); ��������/** ����������* Set the desired digest algorithm to used with TSA ����������* @param alg the digest algorithm ����������* @return the JarSigner itself ����������*/ ��������public JarSigner tsadigestalg(String alg); ��������/** ����������* Sign a file into an OutputStream. ����������* @param file the file to sign ����������* @param sigfile the name of block file inside signed jar ����������* @param os the output stream ����������* @throws GeneralSecurityException if the signing fails ����������* @throws IOException if there is another I/O error ����������*/ ��������public void sign(File file, String sigfile, OutputStream os) ������������������������throws GeneralSecurityException, IOException; }

Most of these methods are not specific to JARs. I would like to see if we can create an API that is not specific to JARs, and can be extended to support new file formats that may be developed for modules, etc. Can you think about creating a more abstract Signer API that can be extended to support JARs or other file formats?

Break this RFE to 2 parts: jarsigner remained here and keytool goes to JDK-8058778.