196 lines
5.6 KiB
Bash
196 lines
5.6 KiB
Bash
##@cooked comments # -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
|
|
## Support de la signature des jars pour WebObjects
|
|
##@cooked nocomments
|
|
##@require webobjects
|
|
uprovide wosign
|
|
urequire webobjects
|
|
|
|
WOSIGN_KEYSTORE=
|
|
WOSIGN_STOREPASS=
|
|
WOSIGN_KEYALIAS=
|
|
|
|
function wosign_setup_maybe() {
|
|
WOSIGN_CONFDIR="$WOCONFIGURATION/Signatures"
|
|
WOSIGN_CONF="$WOSIGN_CONFDIR/signature.conf"
|
|
if [ -f "$WOSIGN_CONF" ]; then
|
|
eval "$(
|
|
keystore=
|
|
storepass=
|
|
keyalias=
|
|
source "$WOSIGN_CONF"
|
|
set_var_cmd WOSIGN_KEYSTORE "$keystore"
|
|
set_var_cmd WOSIGN_STOREPASS "$storepass"
|
|
set_var_cmd WOSIGN_KEYALIAS "$keyalias"
|
|
)"
|
|
|
|
[ -n "$WOSIGN_XTMPDIR" ] || ac_set_tmpdir WOSIGN_XTMPDIR
|
|
[ -n "$WOSIGN_JTMPDIR" ] || ac_set_tmpdir WOSIGN_JTMPDIR
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
function __issjar() {
|
|
[ "${1%.sjar}" != "$1" ]
|
|
}
|
|
|
|
function __tosjar() {
|
|
local jarname="$(basename "$1")"
|
|
local jardir="${1%$jarname}"
|
|
local sjarname= jarbn="$(basename "$jarname" .jar)"
|
|
if [ "$jarbn" != "$jarname" ]; then
|
|
sjarname="$jarbn.sjar"
|
|
else
|
|
sjarname="$jarname.sjar"
|
|
fi
|
|
echo "$jardir$sjarname"
|
|
}
|
|
|
|
function __tojar() {
|
|
local jarname="$(basename "$1")"
|
|
local jardir="${1%$jarname}"
|
|
local jarbn="$(basename "$jarname" .sjar)"
|
|
[ "$jarbn" != "$jarname" ] && jarname="$jarbn.jar"
|
|
echo "$jardir$jarname"
|
|
}
|
|
|
|
function wosign_jar() {
|
|
local default=1 sign= unsign=
|
|
while [ -n "$1" ]; do
|
|
case "$1" in
|
|
-s) default=; sign=1;;
|
|
-d) default=; unsign=1;;
|
|
*) break;;
|
|
esac
|
|
shift
|
|
done
|
|
[ -n "$default" ] && sign=1
|
|
|
|
local curdir="$(pwd)"
|
|
local jar="$(abspath "$1")"
|
|
local cjar="$WOSIGN_JTMPDIR/$(basename "$jar")"
|
|
local sjar="$(__tosjar "$jar")"
|
|
|
|
cd "$WOSIGN_XTMPDIR"
|
|
rm -rf *
|
|
jar xf "$jar"
|
|
rm -f META-INF/*.{SF,RSA,DSA}
|
|
|
|
jar cf "$cjar" *
|
|
if [ -n "$unsign" ]; then
|
|
cp "$cjar" "$jar"
|
|
fi
|
|
|
|
if [ -n "$sign" ]; then
|
|
rm -f "$sjar"
|
|
jarsigner -keystore "$WOSIGN_KEYSTORE" ${WOSIGN_STOREPASS:+-storepass "$WOSIGN_STOREPASS" }-signedjar "$sjar" "$cjar" $WOSIGN_KEYALIAS
|
|
fi
|
|
|
|
cd "$curdir"
|
|
}
|
|
|
|
function wosignable() {
|
|
if [ -z "$WOSIGN_KEYSTORE" ]; then
|
|
echo "Il faut spécifier le paramètre keystore"
|
|
return 1
|
|
elif [ -z "$WOSIGN_KEYALIAS" ]; then
|
|
echo "Il faut spécifier le parammètre keyalias"
|
|
return 1
|
|
fi
|
|
|
|
local srcdir="$1"
|
|
if endswith "$srcdir" .woa; then
|
|
srcdir="$srcdir/Contents/WebServerResources/Java"
|
|
elif endswith "$1" .framework; then
|
|
srcdir="$srcdir/WebServerResources/Java"
|
|
fi
|
|
if [ -d "$srcdir" ]; then
|
|
if [ -z "$(list_files "$srcdir" "*.jar")" ]; then
|
|
echo "Il n'y a pas de jars à signer"
|
|
return 1
|
|
fi
|
|
elif [ -f "$srcdir" ]; then
|
|
if ! endswith "$srcdir" .jar; then
|
|
echo "Le fichier spécifié n'est pas un jar"
|
|
return 1
|
|
fi
|
|
else
|
|
echo "Il faut spécifier un répertoire ou un jar individuel"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
function __may_sign() {
|
|
# Si l'option -f est spécifiée, retourner true
|
|
# Si ce jar a une version signée associée, retourner true
|
|
# Si ce jar n'a pas de version signée associée, retourner true
|
|
# Si ce jar est la version signée d'un autre jar, retourner false
|
|
[ "$1" != "-f" ] && __issjar "$1" && [ -f "$(__tojar "$1")" ] && return 1
|
|
return 0
|
|
}
|
|
|
|
function __should_sign() {
|
|
# Si l'option -f est spécifiée, retourner true
|
|
# Sinon retourner true si la version signée n'existe pas
|
|
# On assume que __may_sign est vrai.
|
|
[ "$1" != "-f" ] && [ -f "$(__tosjar "$1")" ] && return 1
|
|
return 0
|
|
}
|
|
|
|
function wosign() {
|
|
# Signer un bundle, les jars d'un répertoire, ou un jar
|
|
# L'option -f force la resignature des jars d'un répertoire ou d'un
|
|
# bundle. Elle force aussi la signature d'un jar, même s'il semble qu'il
|
|
# soit la version signée d'un autre jar
|
|
# on présuppose que wosignable a retourné true
|
|
local default=1 sign= unsign= resign=
|
|
while [ -n "$1" ]; do
|
|
case "$1" in
|
|
-s) default=; sign=1;;
|
|
-d) default=; unsign=1;;
|
|
-f) resign=1;;
|
|
*) break;;
|
|
esac
|
|
shift
|
|
done
|
|
[ -n "$default" ] && sign=1
|
|
|
|
local srcdir="$1"
|
|
local candidates jars jar jarname jardir
|
|
|
|
if endswith "$srcdir" .woa; then
|
|
srcdir="$srcdir/Contents/WebServerResources/Java"
|
|
elif endswith "$1" .framework; then
|
|
srcdir="$srcdir/WebServerResources/Java"
|
|
fi
|
|
|
|
if [ -d "$srcdir" ]; then
|
|
array_from_lines candidates "$(list_files "$srcdir" "*.jar")"
|
|
jars=()
|
|
for jar in "${candidates[@]}"; do
|
|
__may_sign "$srcdir/$jar" && jars=("${jars[@]}" "$srcdir/$jar")
|
|
done
|
|
for jar in "${jars[@]}"; do
|
|
if __should_sign ${resign:+-f }"$jar"; then
|
|
ebegin "$(ppath "$jar")"
|
|
wosign_jar ${sign:+-s }${unsign:+-d }"$jar" &
|
|
ewait $!
|
|
eend
|
|
fi
|
|
done
|
|
elif [ -f "$srcdir" ]; then
|
|
jar="$srcdir"
|
|
if ! __may_sign ${resign:+-f }"$jar"; then
|
|
jardir="$(dirname "$jar")"
|
|
jarname="$(basename "$jar")"
|
|
eerror "$(ppath "$jar"): Ce jar est la version signée de $(ppath "$jardir/${jarname#s}")"
|
|
elif __should_sign ${resign:+-f }"$jar"; then
|
|
ebegin "$(ppath "$jar")"
|
|
wosign_jar ${sign:+-s }${unsign:+-d }"$jar" &
|
|
ewait $!
|
|
eend
|
|
fi
|
|
fi
|
|
}
|