Class JarSigner.Builder
- java.lang.Object
-
- jdk.security.jarsigner.JarSigner.Builder
- Enclosing class:
- JarSigner
public static class JarSigner.Builder extends Object
A mutable builder class that can create an immutable JarSigner
from various signing-related parameters.
- Since:
- 9
Constructors
Constructor | Description |
---|---|
Builder(KeyStore.PrivateKeyEntry entry) | Creates a |
Builder(PrivateKey privateKey,
CertPath certPath) | Creates a |
Methods
Modifier and Type | Method | Description |
---|---|---|
JarSigner | build() | Builds a |
JarSigner.Builder | digestAlgorithm(String algorithm) | Sets the digest algorithm. |
JarSigner.Builder | digestAlgorithm(String algorithm,
Provider provider) | Sets the digest algorithm from the specified provider. |
JarSigner.Builder | eventHandler(BiConsumer<String,String> handler) | Sets en event handler that will be triggered when a |
static String | getDefaultDigestAlgorithm() | Gets the default digest algorithm. |
static String | getDefaultSignatureAlgorithm(PrivateKey key) | Gets the default signature algorithm for a private key. |
JarSigner.Builder | setProperty(String key,
String value) | Sets an additional implementation-specific property indicated by the specified key. |
JarSigner.Builder | signatureAlgorithm(String algorithm) | Sets the signature algorithm. |
JarSigner.Builder | signatureAlgorithm(String algorithm,
Provider provider) | Sets the signature algorithm from the specified provider. |
JarSigner.Builder | signerName(String name) | Sets the signer name. |
JarSigner.Builder | tsa(URI uri) | Sets the URI of the Time Stamping Authority (TSA). |
Methods declared in class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Constructors
Builder
public Builder(KeyStore.PrivateKeyEntry entry)
Creates a JarSigner.Builder
object with a KeyStore.PrivateKeyEntry
object.
- Parameters:
-
entry
- theKeyStore.PrivateKeyEntry
of the signer.
Builder
public Builder(PrivateKey privateKey, CertPath certPath)
Creates a JarSigner.Builder
object with a private key and a certification path.
- Parameters:
-
privateKey
- the private key of the signer. -
certPath
- the certification path of the signer. - Throws:
-
IllegalArgumentException
- ifcertPath
is empty, or theprivateKey
algorithm does not match the algorithm of thePublicKey
in the end entity certificate (the first certificate incertPath
).
Methods
digestAlgorithm
public JarSigner.Builder digestAlgorithm(String algorithm) throws NoSuchAlgorithmException
Sets the digest algorithm. If no digest algorithm is specified, the default algorithm returned by getDefaultDigestAlgorithm()
will be used.
- Parameters:
-
algorithm
- the standard name of the algorithm. See theMessageDigest
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
NoSuchAlgorithmException
- ifalgorithm
is not available.
digestAlgorithm
public JarSigner.Builder digestAlgorithm(String algorithm, Provider provider) throws NoSuchAlgorithmException
Sets the digest algorithm from the specified provider. If no digest algorithm is specified, the default algorithm returned by getDefaultDigestAlgorithm()
will be used.
- Parameters:
-
algorithm
- the standard name of the algorithm. See theMessageDigest
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names. -
provider
- the provider. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
NoSuchAlgorithmException
- ifalgorithm
is not available in the specified provider.
signatureAlgorithm
public JarSigner.Builder signatureAlgorithm(String algorithm) throws NoSuchAlgorithmException
Sets the signature algorithm. If no signature algorithm is specified, the default signature algorithm returned by getDefaultSignatureAlgorithm(java.security.PrivateKey)
for the private key will be used.
- Parameters:
-
algorithm
- the standard name of the algorithm. See theSignature
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
NoSuchAlgorithmException
- ifalgorithm
is not available. -
IllegalArgumentException
- ifalgorithm
is not compatible with the algorithm of the signer's private key.
signatureAlgorithm
public JarSigner.Builder signatureAlgorithm(String algorithm, Provider provider) throws NoSuchAlgorithmException
Sets the signature algorithm from the specified provider. If no signature algorithm is specified, the default signature algorithm returned by getDefaultSignatureAlgorithm(java.security.PrivateKey)
for the private key will be used.
- Parameters:
-
algorithm
- the standard name of the algorithm. See theSignature
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names. -
provider
- the provider. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
NoSuchAlgorithmException
- ifalgorithm
is not available in the specified provider. -
IllegalArgumentException
- ifalgorithm
is not compatible with the algorithm of the signer's private key.
tsa
public JarSigner.Builder tsa(URI uri)
Sets the URI of the Time Stamping Authority (TSA).
- Parameters:
-
uri
- the URI. - Returns:
- the
JarSigner.Builder
itself.
signerName
public JarSigner.Builder signerName(String name)
Sets the signer name. The name will be used as the base name for the signature files. All lowercase characters will be converted to uppercase for signature file names. If a signer name is not specified, the string "SIGNER" will be used.
- Parameters:
-
name
- the signer name. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
IllegalArgumentException
- ifname
is empty or has a size bigger than 8, or it contains characters not from the set "a-zA-Z0-9_-".
eventHandler
public JarSigner.Builder eventHandler(BiConsumer<String,String> handler)
Sets en event handler that will be triggered when a JarEntry
is to be added, signed, or updated during the signing process.
The handler can be used to display signing progress. The first argument of the handler can be "adding", "signing", or "updating", and the second argument is the name of the JarEntry
being processed.
- Parameters:
-
handler
- the event handler. - Returns:
- the
JarSigner.Builder
itself.
setProperty
public JarSigner.Builder setProperty(String key, String value)
Sets an additional implementation-specific property indicated by the specified key.
- Implementation Note:
- This implementation supports the following properties:
- "tsaDigestAlg": algorithm of digest data in the timestamping request. The default value is the same as the result of
getDefaultDigestAlgorithm()
. - "tsaPolicyId": TSAPolicyID for Timestamping Authority. No default value.
- "internalsf": "true" if the .SF file is included inside the signature block, "false" otherwise. Default "false".
- "sectionsonly": "true" if the .SF file only contains the hash value for each section of the manifest and not for the whole manifest, "false" otherwise. Default "false".
- "tsaDigestAlg": algorithm of digest data in the timestamping request. The default value is the same as the result of
- Parameters:
-
key
- the name of the property. -
value
- the value of the property. - Returns:
- the
JarSigner.Builder
itself. - Throws:
-
UnsupportedOperationException
- if the key is not supported by this implementation. -
IllegalArgumentException
- if the value is not accepted as a legal value for this key.
getDefaultDigestAlgorithm
public static String getDefaultDigestAlgorithm()
Gets the default digest algorithm.
- Implementation Note:
- This implementation returns "SHA-256". The value may change in the future.
- Returns:
- the default digest algorithm.
getDefaultSignatureAlgorithm
public static String getDefaultSignatureAlgorithm(PrivateKey key)
Gets the default signature algorithm for a private key. For example, SHA256withRSA for a 2048-bit RSA key, and SHA384withECDSA for a 384-bit EC key.
- Implementation Note:
- This implementation makes use of comparable strengths as defined in Tables 2 and 3 of NIST SP 800-57 Part 1-Rev.4. Specifically, if a DSA or RSA key with a key size greater than 7680 bits, or an EC key with a key size greater than or equal to 512 bits, SHA-512 will be used as the hash function for the signature. If a DSA or RSA key has a key size greater than 3072 bits, or an EC key has a key size greater than or equal to 384 bits, SHA-384 will be used. Otherwise, SHA-256 will be used. The value may change in the future.
- Parameters:
-
key
- the private key. - Returns:
- the default signature algorithm. Returns null if a default signature algorithm cannot be found. In this case,
signatureAlgorithm(java.lang.String)
must be called to specify a signature algorithm. Otherwise, thebuild()
method will throw anIllegalArgumentException
.
build
public JarSigner build()
Builds a JarSigner
object from the parameters set by the setter methods.
This method does not modify internal state of this Builder
object and can be called multiple times to generate multiple JarSigner
objects. After this method is called, calling any method on this Builder
will have no effect on the newly built JarSigner
object.
- Returns:
- the
JarSigner
object. - Throws:
-
IllegalArgumentException
- if a signature algorithm is not set and cannot be derived from the private key using thegetDefaultSignatureAlgorithm(java.security.PrivateKey)
method.
© 1993, 2020, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/11/docs/api/jdk.jartool/jdk/security/jarsigner/JarSigner.Builder.html