From f88b3add41d41de674712d9b5ce06a0f2a2f63bf Mon Sep 17 00:00:00 2001 From: Brian Hinz Date: Mon, 2 Dec 2013 02:53:10 +0000 Subject: [PATCH] Added attributes to the Java viewer MANIFEST file in order to conform to upcoming JRE requirements. Added support for specifying a signing certificate in place of the self-signed certificate. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@5145 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- BUILDING.txt | 22 ++++++++ java/CMakeLists.txt | 12 +++++ java/cmake/SignJar.cmake | 67 ++++++++++++++++++++----- java/com/tigervnc/vncviewer/MANIFEST.MF | 3 ++ 4 files changed, 91 insertions(+), 13 deletions(-) diff --git a/BUILDING.txt b/BUILDING.txt index 4ed06671..98c7c6b0 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -385,6 +385,28 @@ Similarly, if the Java viewer is built along with the Unix TigerVNC Server (Xvnc), then the build system will include the Java viewer in the server tarball. +By default, a self-signed certificate will be generated and used to sign the +jar file. By specifying the following command line arguments to the CMake +command line, an alternate certificate may be used for signing. + + -DJAVA_KEYSTORE=${keystore_location_or_url} + -DJAVA_KEYSTORE_TYPE=${keystore_type} (Default: "jks") + -DJAVA_KEY_ALIAS=${keytore_key_alias} + -DJAVA_STOREPASS=${keystore_password} + -DJAVA_KEYPASS=${keystore_entry_password} + -DJAVA_TSA_URL=${url_of_timestamping_authority} + +The values of the JAVA_STOREPASS and JAVA_KEYPASS arguments may optionally be +read from file or environment variables by prefixing the value with ":env " +or ":file " (see the jarsigner documentation for more info): + + export StorePass=tigervnc + export KeyPass=tigervnc + cmake \ + ... + -DJAVA_STOREPASS=":env StorePass" + -DJAVA_KEYPASS=":env KeyPass" + ====================================== Building Native Language Support (NLS) diff --git a/java/CMakeLists.txt b/java/CMakeLists.txt index 3477c8d0..c98c69c0 100644 --- a/java/CMakeLists.txt +++ b/java/CMakeLists.txt @@ -15,6 +15,12 @@ message(STATUS "Java compiler flags = ${JAVACFLAGS}") set(CLASSPATH com/tigervnc/vncviewer) set(SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}) set(BINDIR ${CMAKE_CURRENT_BINARY_DIR}) +set(JAVA_KEYSTORE NOTFOUND CACHE STRING "URL of keystore location") +set(JAVA_KEYSTORE_TYPE "jks" CACHE STRING "Type of keystore (Default: \"jks\")") +set(JAVA_KEY_ALIAS NOTFOUND CACHE STRING "Alias for the keystore entry used to generate the signature") +set(JAVA_STOREPASS NOTFOUND CACHE STRING "Password required to access the keystore") +set(JAVA_KEYPASS NOTFOUND CACHE STRING "Password used to protect the private key of the specified keystore entry") +set(JAVA_TSA_URL NOTFOUND CACHE STRING "URL of Time Stamping Authority (TSA)") if(NOT BUILD) execute_process(COMMAND "date" "+%Y%m%d" OUTPUT_VARIABLE BUILD) @@ -136,6 +142,12 @@ add_custom_command(OUTPUT VncViewer.jar com/tigervnc/vncviewer/tigervnc.ico COMMAND ${CMAKE_COMMAND} ARGS -DJava_PATH=${Java_PATH} -DJAR_FILE=${BINDIR}/VncViewer.jar + -DJAVA_KEYSTORE=${JAVA_KEYSTORE} + -DJAVA_KEYSTORE_TYPE=${JAVA_KEYSTORE_TYPE} + -DJAVA_STOREPASS=${JAVA_STOREPASS} + -DJAVA_KEYPASS=${JAVA_KEYPASS} + -DJAVA_KEY_ALIAS=${JAVA_KEY_ALIAS} + -DJAVA_TSA_URL=${JAVA_TSA_URL} -P ${SRCDIR}/cmake/SignJar.cmake) add_custom_target(java ALL DEPENDS VncViewer.jar) diff --git a/java/cmake/SignJar.cmake b/java/cmake/SignJar.cmake index abc35ba6..067116d4 100644 --- a/java/cmake/SignJar.cmake +++ b/java/cmake/SignJar.cmake @@ -6,25 +6,66 @@ if(NOT JAR_FILE) message(FATAL_ERROR "JAR_FILE must be defined") endif() -message(STATUS "Signing ${JAR_FILE}") - set(KEYTOOL "${Java_PATH}/keytool") set(JARSIGNER "${Java_PATH}/jarsigner") -file(REMOVE tigervnc.keystore) -execute_process(COMMAND - ${KEYTOOL} -genkey -alias TigerVNC -keystore tigervnc.keystore -keyalg RSA - -storepass tigervnc -keypass tigervnc -validity 7300 - -dname "CN=TigerVNC, OU=Software Development, O=The TigerVNC Project, L=Austin, S=Texas, C=US" - RESULT_VARIABLE RESULT OUTPUT_VARIABLE OUTPUT ERROR_VARIABLE ERROR) -if(NOT RESULT EQUAL 0) - message(FATAL_ERROR "${KEYTOOL} failed:\n${ERROR}") +if(JAVA_KEYSTORE) + if((NOT JAVA_STOREPASS) OR (NOT JAVA_KEYPASS) OR (NOT JAVA_KEY_ALIAS)) + message(FATAL_ERROR "When JAVA_KEYSTORE is specified, JAVA_KEY_ALIAS, JAVA_STOREPASS, and JAVA_KEYPASS must also be specified:\n${ERROR}") + endif() +else() + message(STATUS "Generating self-signed certificate") + file(REMOVE tigervnc.keystore) + execute_process(COMMAND + ${KEYTOOL} -genkey -alias TigerVNC -keystore tigervnc.keystore -keyalg RSA + -storepass tigervnc -keypass tigervnc -validity 7300 + -dname "CN=TigerVNC, OU=Software Development, O=The TigerVNC Project, L=Austin, S=Texas, C=US" + RESULT_VARIABLE RESULT OUTPUT_VARIABLE OUTPUT ERROR_VARIABLE ERROR) + if(NOT RESULT EQUAL 0) + message(FATAL_ERROR "${KEYTOOL} failed:\n${ERROR}") + endif() + set(JAVA_KEYSTORE "tigervnc.keystore") + set(JAVA_STOREPASS "tigervnc") + set(JAVA_KEYPASS "tigervnc") + set(JAVA_KEY_ALIAS "TigerVNC") +endif() + +message(STATUS "Signing ${JAR_FILE}") + +set(ARGS -keystore ${JAVA_KEYSTORE} -storetype ${JAVA_KEYSTORE_TYPE}) + +if(${JAVA_STOREPASS} MATCHES "^:env") + string(REGEX REPLACE "^:env[\t ]+(.*)$" "\\1" JAVA_STOREPASS "${JAVA_STOREPASS}") + set(ARGS ${ARGS} -storepass:env ${JAVA_STOREPASS}) +elseif("${JAVA_STOREPASS}" MATCHES "^:file") + string(REGEX REPLACE "^:file[\t ]+(.*)$" "\\1" JAVA_STOREPASS "${JAVA_STOREPASS}") + set(ARGS ${ARGS} -storepass:file ${JAVA_STOREPASS}) +else() + set(ARGS ${ARGS} -storepass ${JAVA_STOREPASS}) +endif() + +if(${JAVA_KEYPASS} MATCHES "^:env") + string(REGEX REPLACE "^:env[\t ]+(.*)$" "\\1" JAVA_KEYPASS "${JAVA_KEYPASS}") + set(ARGS ${ARGS} -keypass:env ${JAVA_KEYPASS}) +elseif("${JAVA_KEYPASS}" MATCHES "^:file") + string(REGEX REPLACE "^:file[\t ]+(.*)$" "\\1" JAVA_KEYPASS "${JAVA_KEYPASS}") + set(ARGS ${ARGS} -keypass:file ${JAVA_KEYPASS}) +else() + set(ARGS ${ARGS} -keypass ${JAVA_KEYPASS}) +endif() + +if(JAVA_TSA_URL) + set(ARGS ${ARGS} -tsa ${JAVA_TSA_URL}) endif() + execute_process(COMMAND - ${JARSIGNER} -keystore tigervnc.keystore - -storepass tigervnc -keypass tigervnc ${JAR_FILE} TigerVNC + ${JARSIGNER} ${ARGS} ${JAR_FILE} ${JAVA_KEY_ALIAS} RESULT_VARIABLE RESULT OUTPUT_VARIABLE OUTPUT ERROR_VARIABLE ERROR) + if(NOT RESULT EQUAL 0) message(FATAL_ERROR "${JARSIGNER} failed:\n${ERROR}") endif() -file(REMOVE tigervnc.keystore) + +if(EXISTS tigervnc.keystore) + file(REMOVE tigervnc.keystore) +endif() diff --git a/java/com/tigervnc/vncviewer/MANIFEST.MF b/java/com/tigervnc/vncviewer/MANIFEST.MF index b3574fe2..4ba75f6a 100644 --- a/java/com/tigervnc/vncviewer/MANIFEST.MF +++ b/java/com/tigervnc/vncviewer/MANIFEST.MF @@ -1,2 +1,5 @@ Manifest-Version: 1.0 Main-Class: com.tigervnc.vncviewer.VncViewer +Application-Name: TigerVNC Viewer +Permissions: all-permissions +Codebase: * -- 2.39.5