0

I'm timestamping and signing my deployed .jar files (deployed via JNLP) as part of the build process. I'm doing error logging and would like to include the timestamp from the .jar file as a way of confirming exactly which signed build that the errors are coming from.

How do I access that timestamp from inside the running .jar?

Brian Knoblauch
  • 20,639
  • 15
  • 57
  • 92

1 Answers1

1

I m drawing upon an answer from a similar question.

It seems you can get location of jar file by following :

public class ClassFileHelper {
    public static URL getClassURL(Class<?> clazz) {
        return clazz.getResource('/' + clazz.getName().replace('.', '/') + ".class");
    }

    public static String getJARFromURL(URL url) {
        if (!url.getProtocol().equals("jar"))
            return null;
        String fileName = url.getFile();
        fileName = fileName.substring(0, fileName.lastIndexOf('!'));
        fileName = fileName.substring(fileName.lastIndexOf('/') + 1);
        return fileName;
    }
}

Class clazz = MyClass.class;
URL classURL = ClassFileHelper.getClassURL(clazz);

String jarFile = ClassFileHelper.getJARFromURL(classURL));

Then to get the signed timestamp , I am again copying some other answer from a question here - excuse me for my impunity!

File f = new File( jarFile );

if ( f.exists() ) ->

Execute the command jarsigner -verify -verbose -certs myjar.jar by using Runtime.exec(...) - make sure the right location of jarsigner was passed to arguments.

parse the output which is of the form [entry was signed on 8/2/13 3:48 PM] to get the time stamp.

Another option is to use keytool in JRE :

keytool -printcert -jarfile myApp.jar

Community
  • 1
  • 1
SomeDude
  • 13,876
  • 5
  • 21
  • 44
  • 1
    You're returning the OS timestamp on the file, not the signed timestamp inside the jar file. – Andy Thomas Jan 31 '17 at 16:01
  • Unfortunately, jarsigner.exe is part of the JDK and won't be available on client machines with only the JRE. – Brian Knoblauch Jan 31 '17 at 16:35
  • 1
    @BrianKnoblauch it seems there is one more option to get jar file's certs : `keytool -printcert -jarfile myApp.jar` `keytool.exe` is available in JRE – SomeDude Jan 31 '17 at 17:02
  • If the timestamp is in the printcert printout, I'm just not seeing it. Also not a big fan of shell calls to tools that may or may not be in a user's path. There's gotta be a decent programmatic way to do this. – Brian Knoblauch Feb 15 '17 at 21:18