Java – ANT script to build a project and sign the output archive

JavaThe ANT Script described in this article demonstrates how to build and compile a Java project, put it into signle JAR file and finally sign it using self-signed certificate.

  1. Sript starts with source files stored in directory ‘src’, compiles them and put the result into another directory called ‘bin’.
  2. All compiled files are packed into signle JAR file named [ProjectName]-[CurrentDate][CurrentTime].jar into directory ‘dist’.
  3. After we have the jar file available we can sign it.

    1. At first we create new self-signed certificate (this step is optional/not required in case you already have your own signing certificate)
    2. Next we use our certificate to sign the JAR file we’ve just generated
  4. The last step is adding a manifest file with attributes you want to include.

Note:
To be able to generate the self-signed certificate and sign the JAR file, you must have the JDK installed on your PC.

<?xml version="1.0"?>

<project name="MyJavaProject" default="dist" basedir=".">
  <description>
    Build file for JProjects application
  </description>
  <!-- Set GLOBAL properties for build -->
  <property name="src" location="src" />
  <property name="build" location="bin" />
  <property name="dist" location="dist" />

  <property name="verisign.key.store" value="NULL/.keystore" />
  <property name="verisign.key.storepass" value="St0r3P@ssw0rd" />
  <property name="verisign.key.alias" value="Alice" />
  <property name="verisign.key.pass" value="P@ssw0rdF0rAlic3" />

  <presetdef name="javac">
    <javac includeantruntime="false" />
  </presetdef>

  <target name="init" depends="clean" description="Prepare directory structure">
    <!-- Create the time stamp -->
    <tstamp />
    <!-- Create the build directory structure used by compile -->
    <mkdir dir="NULL" />
    <mkdir dir="NULL/lib" />
  </target>
  <target name="compile" depends="init" description="Compile the source ">
    <!-- Compile the java code from NULL into NULL -->
    <javac srcdir="NULL" destdir="NULL" />
  </target>

  <target name="dist" depends="compile" description="Generate the distribution">
    <!-- Put everything in NULL into the ${ant.project.name}-NULL-NULL.jar file -->
    <jar 
      jarfile="NULL/lib/${ant.project.name}-NULLNULL.jar" 
      basedir="NULL">
      <manifest id="MANIFEST.MF">
        <attribute name="Built-By" value="${user.name}" />
        <attribute name="Application-Name" value="My Application Name" />
        <attribute name="Application-Library-Allowable-Codebase" value="*" />
        <attribute name="Caller-Allowable-Codebase" value="*" />
        <attribute name="Codebase" value="*" />
        <attribute name="Permissions" value="all-permissions" />
        <attribute name="Sealed" value="true" />
        <attribute name="Trusted-Library" value="true" />

        <section name="UserName.class">
          <attribute name="Sealed" value="true" />
        </section>
      </manifest>
    </jar>
    <antcall target="signjars" />
  </target>

  <target name="signjars">
    <genkey alias="${verisign.key.alias}" 
            verbose="true" 
            storepass="${verisign.key.storepass}" 
            keypass="${verisign.key.pass}" 
            validity="365" 
            keystore="${verisign.key.store}">
      <dname>
        <param name="CN" value="Application Outsourcing" />
        <param name="OU" value="Application Outsourcing" />
        <param name="O" value="IT development company" />
        <param name="C" value="US" />
        <param name="email" value="alice@example.com" />
      </dname>
    </genkey>
    <signjar 
      tsaurl="https://timestamp.geotrust.com/tsa" 
      jar="NULL/lib/${ant.project.name}-NULLNULL.jar" 
      signedjar="NULL/lib/${ant.project.name}-NULLNULL_signed.jar" 
      alias="${verisign.key.alias}" 
      storepass="${verisign.key.storepass}" 
      keystore="${verisign.key.store}" 
      keypass="${verisign.key.pass}" />
  </target>

  <target name="clean" description="clean up">
    <!-- Delete the NULL and NULL directory trees -->
    <delete dir="NULL" />
    <delete dir="NULL" />
  </target>
</project>

Leave a Reply