Replace jarsigner with the jdk.security.jarsigner API

Signed-off-by: Graham <gpe@openrs2.dev>
5 years ago · 8e0b480cfb
parent 164e02cbce
commit 8e0b480cfb
2 changed files with 34 additions and 29 deletions
--- a/asm/src/main/java/dev/openrs2/asm/classpath/Library.kt
+++ b/asm/src/main/java/dev/openrs2/asm/classpath/Library.kt
@ -101,8 +101,14 @@ class Library constructor() : Iterable<ClassNode> {
        val unsignedPath = Files.createTempFile("tmp", ".jar")
        try {
            writeJar(classPath, unsignedPath, manifest)
-            keyStore.signJar(unsignedPath)
+
-            DeterministicJarOutputStream.repack(unsignedPath, path)
+            val signedPath = Files.createTempFile("tmp", ".jar")
            try {
                keyStore.signJar(unsignedPath, signedPath)
                DeterministicJarOutputStream.repack(signedPath, path)
            } finally {
                Files.deleteIfExists(signedPath)
            }
        } finally {
            Files.deleteIfExists(unsignedPath)
        }
--- a/common/src/main/java/dev/openrs2/common/crypto/Pkcs12KeyStore.kt
+++ b/common/src/main/java/dev/openrs2/common/crypto/Pkcs12KeyStore.kt
@ -1,5 +1,6 @@
 package dev.openrs2.common.crypto
 import jdk.security.jarsigner.JarSigner
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
 import org.bouncycastle.asn1.x500.X500NameBuilder
@ -10,7 +11,6 @@ import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory
 import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder
 import org.bouncycastle.util.BigIntegers
 import java.io.IOException
 import java.nio.file.Files
 import java.nio.file.Path
 import java.security.KeyFactory
@ -19,18 +19,21 @@ import java.time.OffsetDateTime
 import java.time.Period
 import java.time.ZoneOffset
 import java.util.Date
-
+import java.util.jar.JarFile
-class Pkcs12KeyStore private constructor(private val path: Path) {
+
-    fun signJar(jar: Path) {
+class Pkcs12KeyStore private constructor(privateKeyEntry: KeyStore.PrivateKeyEntry) {
-        exec(
+    private val signer = JarSigner.Builder(privateKeyEntry)
-            "jarsigner",
+        .signatureAlgorithm("SHA256withRSA")
-            "-keystore", path.toString(),
+        .digestAlgorithm("SHA-256")
-            "-storetype", "pkcs12",
+        .signerName(SIGNER_NAME)
-            "-storepass", PASSWORD,
+        .build()
-            "-keypass", PASSWORD,
+
-            jar.toString(),
+    fun signJar(input: Path, output: Path) {
-            ALIAS
+        JarFile(input.toFile()).use { file ->
-        )
+            Files.newOutputStream(output).use { os ->
                signer.sign(file, os)
            }
        }
    }
    companion object {
@ -43,8 +46,9 @@ class Pkcs12KeyStore private constructor(private val path: Path) {
        private const val SERIAL_LENGTH = 128
        // TODO(gpe): add support for overriding this
        private const val SIGNER_NAME = "OpenRS2"
        private val DNAME = X500NameBuilder()
-            .addRDN(BCStyle.CN, "OpenRS2")
+            .addRDN(BCStyle.CN, SIGNER_NAME)
            .build()
        private val MAX_CLOCK_SKEW = Period.ofDays(1)
@ -63,15 +67,20 @@ class Pkcs12KeyStore private constructor(private val path: Path) {
                keyStore.load(null)
            }
-            if (!keyStore.containsAlias(ALIAS)) {
+            val privateKeyEntry = if (keyStore.containsAlias(ALIAS)) {
-                keyStore.setEntry(ALIAS, createPrivateKeyEntry(), PASSWORD_PARAMETER)
+                keyStore.getEntry(ALIAS, PASSWORD_PARAMETER) as KeyStore.PrivateKeyEntry
            } else {
                val entry = createPrivateKeyEntry()
                keyStore.setEntry(ALIAS, entry, PASSWORD_PARAMETER)
                Files.newOutputStream(path).use { output ->
                    keyStore.store(output, PASSWORD_CHARS)
                }
                entry
            }
-            return Pkcs12KeyStore(path)
+            return Pkcs12KeyStore(privateKeyEntry)
        }
        private fun createPrivateKeyEntry(): KeyStore.PrivateKeyEntry {
@ -98,15 +107,5 @@ class Pkcs12KeyStore private constructor(private val path: Path) {
            val jcaCertificate = JcaX509CertificateConverter().getCertificate(certificate)
            return KeyStore.PrivateKeyEntry(jcaPrivate, arrayOf(jcaCertificate))
        }
        private fun exec(command: String, vararg args: String) {
            val commandWithArgs = listOf(command, *args)
            val status = ProcessBuilder(commandWithArgs)
                .start()
                .waitFor()
            if (status != 0) {
                throw IOException("$command returned non-zero status code $status")
            }
        }
    }
 }