Class JarSigner.Builder
java.lang.Object
jdk.security.jarsigner.JarSigner.Builder
- Enclosing class:
JarSigner
A mutable builder class that can create an immutable
JarSigner
from various signing-related parameters.- Since:
- 9
-
Constructor Summary
ConstructorDescriptionBuilder
(KeyStore.PrivateKeyEntry entry) Creates aJarSigner.Builder
object with aKeyStore.PrivateKeyEntry
object.Builder
(PrivateKey privateKey, CertPath certPath) Creates aJarSigner.Builder
object with a private key and a certification path. -
Method Summary
Modifier and TypeMethodDescriptionbuild()
Builds aJarSigner
object from the parameters set by the setter methods.digestAlgorithm
(String algorithm) Sets the digest algorithm.digestAlgorithm
(String algorithm, Provider provider) Sets the digest algorithm from the specified provider.eventHandler
(BiConsumer<String, String> handler) Sets en event handler that will be triggered when aJarEntry
is to be added, signed, or updated during the signing process.static String
Gets the default digest algorithm.static String
Gets the default signature algorithm for a private key.setProperty
(String key, String value) Sets an additional implementation-specific property indicated by the specified key.signatureAlgorithm
(String algorithm) Sets the signature algorithm.signatureAlgorithm
(String algorithm, Provider provider) Sets the signature algorithm from the specified provider.signerName
(String name) Sets the signer name.Sets the URI of the Time Stamping Authority (TSA).
-
Constructor Details
-
Builder
Creates aJarSigner.Builder
object with aKeyStore.PrivateKeyEntry
object.- Parameters:
entry
- theKeyStore.PrivateKeyEntry
of the signer.
-
Builder
Creates aJarSigner.Builder
object with a private key and a certification path.- Parameters:
privateKey
- the private key of the signer.certPath
- the certification path of the signer.- Throws:
IllegalArgumentException
- ifcertPath
is empty, or theprivateKey
algorithm does not match the algorithm of thePublicKey
in the end entity certificate (the first certificate incertPath
).
-
-
Method Details
-
digestAlgorithm
Sets the digest algorithm. If no digest algorithm is specified, the default algorithm returned bygetDefaultDigestAlgorithm()
will be used.- Parameters:
algorithm
- the standard name of the algorithm. See theMessageDigest
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.- Returns:
- the
JarSigner.Builder
itself. - Throws:
NoSuchAlgorithmException
- ifalgorithm
is not available.
-
digestAlgorithm
public JarSigner.Builder digestAlgorithm(String algorithm, Provider provider) throws NoSuchAlgorithmException Sets the digest algorithm from the specified provider. If no digest algorithm is specified, the default algorithm returned bygetDefaultDigestAlgorithm()
will be used.- Parameters:
algorithm
- the standard name of the algorithm. See theMessageDigest
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.provider
- the provider.- Returns:
- the
JarSigner.Builder
itself. - Throws:
NoSuchAlgorithmException
- ifalgorithm
is not available in the specified provider.
-
signatureAlgorithm
Sets the signature algorithm. If no signature algorithm is specified, the default signature algorithm returned bygetDefaultSignatureAlgorithm(java.security.PrivateKey)
for the private key will be used.- Parameters:
algorithm
- the standard name of the algorithm. See theSignature
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.- Returns:
- the
JarSigner.Builder
itself. - Throws:
NoSuchAlgorithmException
- ifalgorithm
is not available.IllegalArgumentException
- ifalgorithm
is not compatible with the algorithm of the signer's private key.
-
signatureAlgorithm
public JarSigner.Builder signatureAlgorithm(String algorithm, Provider provider) throws NoSuchAlgorithmException Sets the signature algorithm from the specified provider. If no signature algorithm is specified, the default signature algorithm returned bygetDefaultSignatureAlgorithm(java.security.PrivateKey)
for the private key will be used.- Parameters:
algorithm
- the standard name of the algorithm. See theSignature
section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.provider
- the provider.- Returns:
- the
JarSigner.Builder
itself. - Throws:
NoSuchAlgorithmException
- ifalgorithm
is not available in the specified provider.IllegalArgumentException
- ifalgorithm
is not compatible with the algorithm of the signer's private key.
-
tsa
Sets the URI of the Time Stamping Authority (TSA).- Parameters:
uri
- the URI.- Returns:
- the
JarSigner.Builder
itself.
-
signerName
Sets the signer name. The name will be used as the base name for the signature files. All lowercase characters will be converted to uppercase for signature file names. If a signer name is not specified, the string "SIGNER" will be used.- Parameters:
name
- the signer name.- Returns:
- the
JarSigner.Builder
itself. - Throws:
IllegalArgumentException
- ifname
is empty or has a size bigger than 8, or it contains characters not from the set "a-zA-Z0-9_-".
-
eventHandler
Sets en event handler that will be triggered when aJarEntry
is to be added, signed, or updated during the signing process.The handler can be used to display signing progress. The first argument of the handler can be "adding", "signing", or "updating", and the second argument is the name of the
JarEntry
being processed.- Parameters:
handler
- the event handler.- Returns:
- the
JarSigner.Builder
itself.
-
setProperty
Sets an additional implementation-specific property indicated by the specified key.- Implementation Note:
- This implementation supports the following properties:
- "tsaDigestAlg": algorithm of digest data in the timestamping
request. The default value is the same as the result of
getDefaultDigestAlgorithm()
. - "tsaPolicyId": TSAPolicyID for Timestamping Authority. No default value.
- "internalsf": "true" if the .SF file is included inside the signature block, "false" otherwise. Default "false".
- "sectionsonly": "true" if the .SF file only contains the hash value for each section of the manifest and not for the whole manifest, "false" otherwise. Default "false".
- "tsaDigestAlg": algorithm of digest data in the timestamping
request. The default value is the same as the result of
- Parameters:
key
- the name of the property.value
- the value of the property.- Returns:
- the
JarSigner.Builder
itself. - Throws:
UnsupportedOperationException
- if the key is not supported by this implementation.IllegalArgumentException
- if the value is not accepted as a legal value for this key.
-
getDefaultDigestAlgorithm
Gets the default digest algorithm.- Implementation Note:
- This implementation returns "SHA-384". The value may change in the future.
- Returns:
- the default digest algorithm.
-
getDefaultSignatureAlgorithm
Gets the default signature algorithm for a private key. For example, SHA384withRSA for a 2048-bit RSA key, and SHA384withECDSA for a 384-bit EC key.- Implementation Note:
- This implementation makes use of comparable strengths as defined in Tables 2 and 3 of NIST SP 800-57 Part 1-Rev.5 as well as NIST recommendations as appropriate. Specifically, if an RSA key with a key size greater than 7680 bits, or an EC key with a key size greater than or equal to 512 bits, SHA-512 will be used as the hash function for the signature. Otherwise, SHA-384 will be used unless the key size is too small for resulting signature algorithm. As for DSA keys, the SHA256withDSA signature algorithm is returned regardless of key size. The value may change in the future.
- Parameters:
key
- the private key.- Returns:
- the default signature algorithm. Returns null if a default
signature algorithm cannot be found. In this case,
signatureAlgorithm(java.lang.String)
must be called to specify a signature algorithm. Otherwise, thebuild()
method will throw anIllegalArgumentException
.
-
build
Builds aJarSigner
object from the parameters set by the setter methods.This method does not modify internal state of this
Builder
object and can be called multiple times to generate multipleJarSigner
objects. After this method is called, calling any method on thisBuilder
will have no effect on the newly builtJarSigner
object.- Returns:
- the
JarSigner
object. - Throws:
IllegalArgumentException
- if a signature algorithm is not set and cannot be derived from the private key using thegetDefaultSignatureAlgorithm(java.security.PrivateKey)
method.
-