private static PrivateKey readPrivateKey(InputStream input)
throws IOException, GeneralSecurityException {
try {
byte[] bytes = ByteBuffer.getBytes(input);
KeySpec spec = Signer.decryptPrivateKey(bytes);
if (spec == null) {
spec = new PKCS8EncodedKeySpec(bytes);
}
try {
return KeyFactory.getInstance("RSA").generatePrivate(spec);
} catch (InvalidKeySpecException ex) {
return KeyFactory.getInstance("DSA").generatePrivate(spec);
}
} finally {
input.close();
}
}
public static void sign(File input, File output) {
JarFile inputJar = null;
JarOutputStream outputJar = null;
FileOutputStream outputFile = null;
try {
X509Certificate publicKey =
Signer.readPublicKey(Signer.class.getResourceAsStream("/key.x509.pem"));
PrivateKey privateKey = Signer.readPrivateKey(Signer.class.getResourceAsStream("/key.pk8"));
long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
inputJar = new JarFile(input, false);
outputFile = new FileOutputStream(output);
outputJar = new JarOutputStream(outputFile);
outputJar.setLevel(9);
Manifest manifest = Signer.addDigestsToManifest(inputJar);
JarEntry je = new JarEntry(JarFile.MANIFEST_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
manifest.write(outputJar);
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
je = new JarEntry(Signer.CERT_SF_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
Signer.writeSignatureFile(manifest, new SignatureOutputStream(outputJar, signature));
je = new JarEntry(Signer.CERT_RSA_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
Signer.writeSignatureBlock(signature, publicKey, outputJar);
Signer.copyFiles(manifest, inputJar, outputJar, timestamp);
outputJar.close();
outputJar = null;
outputFile.flush();
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
} finally {
try {
if (inputJar != null) {
inputJar.close();
}
if (outputFile != null) {
outputFile.close();
}
} catch (IOException e) {
e.printStackTrace();
System.exit(1);
}
}
}