corda - Corda 默认对构建的 jar 进行签名,但坚持我应该添加签名凭据或将 enable 设置为 false
问题描述
我已经克隆了 corda-training-template repo 并想在 Corda v4.x 中测试签名约束。为了方便起见,我不会使用测试密钥来签署 jar,而是使用默认的 corda dev 密钥。但是我的理解是,如果您不输入任何自定义凭据,则默认使用 corda dev 密钥,以便所有 jar 都使用它进行签名。但是,它在构建过程中不断打印出错误消息:
* What went wrong:
Execution failed for task ':kotlin-source:jar'. > Exception while signing kotlin-source-0.1.jar, ensure the 'cordapp.signing.options' entry contains correct keyStore configuration, or disable signing by 'cordapp.signing.enabled false'. Run with --info or --debug option and search for 'ant:signjar' in log output.
以下是 kotlin-source 的原始 build.gradle 删除了签名启用错误:
repositories {
mavenLocal()
jcenter()
mavenCentral()
maven { url 'https://dl.bintray.com/kotlin/exposed' }
maven { url 'https://jitpack.io' }
maven { url 'https://ci-artifactory.corda.r3cev.com/artifactory/corda-releases' }
}
apply plugin: 'kotlin'
apply plugin: 'idea'
apply plugin: 'net.corda.plugins.cordapp'
apply plugin: 'net.corda.plugins.publish-utils'
apply plugin: 'net.corda.plugins.cordformation'
apply plugin: 'net.corda.plugins.quasar-utils'
apply plugin: 'maven-publish'
cordapp {
targetPlatformVersion 4
minimumPlatformVersion 3
contract {
name "Corda Training Material"
vendor "R3"
licence "Contact R3 for Kotlin Source Contract License."
versionId 1
}
workflow {
name "Corda Training Material"
vendor "R3"
licence "Contact R3 for Kotlin Source Workflow License."
versionId 1
}
}
sourceSets {
main {
resources {
srcDir "../config/dev"
}
}
test {
resources {
srcDir "../config/test"
}
}
}
dependencies {
compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
testCompile "junit:junit:$junit_version"
// Corda integration dependencies
cordaCompile "$corda_release_distribution:corda-core:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-finance-contracts:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-finance-workflows:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-jackson:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-rpc:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-node-api:$corda_release_version"
cordaCompile "$corda_release_distribution:corda-webserver-impl:$corda_release_version"
cordaRuntime "$corda_release_distribution:corda:$corda_release_version"
cordaRuntime "$corda_release_distribution:corda-webserver:$corda_release_version"
testCompile "$corda_release_distribution:corda-test-utils:$corda_release_version"
testCompile "$corda_release_distribution:corda-node-driver:$corda_release_version"
// GraphStream: For visualisation (required by TemplateClientRPC app)
compile "org.graphstream:gs-core:1.3"
compile("org.graphstream:gs-ui:1.3") {
exclude group: "bouncycastle"
}
// CorDapp dependencies
// Specify your cordapp's dependencies below, including dependent cordapps
cordapp "$corda_release_distribution:corda-finance-contracts:$corda_release_version"
cordapp "$corda_release_distribution:corda-finance-workflows:$corda_release_version"
cordapp "$corda_release_distribution:corda-confidential-identities:$corda_release_version"
}
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).all {
kotlinOptions {
languageVersion = "1.2"
apiVersion = "1.2"
jvmTarget = "1.8"
javaParameters = true // Useful for reflection.
}
}
task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
delete "./build/nodes"
directory "./build/nodes"
nodeDefaults {
cordapp("$corda_release_distribution:corda-finance-contracts:$corda_release_version")
cordapp("$corda_release_distribution:corda-finance-workflows:$corda_release_version")
cordapp("$corda_release_distribution:corda-confidential-identities:$corda_release_version")
rpcUsers = [[ user: "user1", "password": "password", "permissions": ["ALL"]]]
}
node {
name "O=Notary,L=London,C=GB"
notary = [validating: false]
p2pPort 10002
rpcSettings {
useSsl false
standAloneBroker false
address "0.0.0.0:10003"
adminAddress "0.0.0.0:10103"
}
}
node {
name "O=ParticipantA,L=London,C=GB"
p2pPort 10007
webPort 10009
rpcSettings {
useSsl false
standAloneBroker false
address "0.0.0.0:10008"
adminAddress "0.0.0.0:10108"
}
}
node {
name "O=ParticipantB,L=New York,C=US"
p2pPort 10010
webPort 10012
rpcSettings {
useSsl false
standAloneBroker false
address "0.0.0.0:10011"
adminAddress "0.0.0.0:10111"
}
}
node {
name "O=ParticipantC,L=Paris,C=FR"
p2pPort 10013
webPort 10015
rpcSettings {
useSsl false
standAloneBroker false
address "0.0.0.0:10014"
adminAddress "0.0.0.0:10114"
}
}
}
idea {
module {
downloadJavadoc = true // defaults to false
downloadSources = true
}
}
为了响应错误消息,我在两个cordapp(https://docs.corda.net/releases/release-V4.0/cordapp-build-systems.html#signing-the -cordapp-jar)和 deployNodes (https://docs.corda.net/releases/release-V4.0/generating-a-node.html#signing-cordapp-jars)任务在不同的排列,但相同的错误消息询问对于正确的密钥库配置不断出现:
signing {
enabled true
options {
keystore
alias
storepass
storetype
keyalg
}
}
如果没有提及密钥库的凭据,甚至没有指定签名选项,corda 应该使用默认的 corda dev 密钥构建 jar,但事实并非如此。
解决方案
首先,错误消息具有误导性,并没有准确说明 java jarsigner 工具中发生的事情(请参阅 ant signjar)。相反,jar 可能存在问题,导致 jarsigner 无法签名。SignJar.kt(第 23 到 24 行)在corda core plugin
遇到错误时会抛出一般错误消息,因此需要使用 --info 或 --debug 模式运行 jar 任务,然后扫描消息以查找 [ant :signjar]。
在我使用 --debug 模式运行 jar 签名任务之后,我遇到了以下错误消息:
01:00:15.040 [INFO] [org.gradle.api.internal.project.ant.AntLoggingAdapter] [ant:signjar] jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry: META-INF/LICENSE.txt
问题可能是在尝试 fatjar(与其他库)时,来自其他 jar 的许可证文件导致冲突。在我的情况下,解决方案是从我的构建中排除许可证文件。将以下内容添加到 build.gradle jar 任务中。
jar {
duplicatesStrategy = DuplicatesStrategy.EXCLUDE
}
构建 jar 后,我使用 jarsigner 工具(包含在您的 JDK 中)来验证 jar 是否已签名。
jarsigner -verify <your jar.file name>
如果已签名,它将输出以下内容:
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains entries whose signer certificate will expire within six months.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2019-11-26) or after any future revocation date.
Re-run with the -verbose and -certs options for more details.
推荐阅读
- jdbc - 最快的 JDBC 驱动程序
- java - Netbans MySQL LIKE 语句
- node.js - 无法从反应 js 发送 httponly cookie 到 express 服务器
- python-3.x - 如何在python中打乱字符串的字母
- algorithm - 在有约束的网格中找到最大区域的高效算法
- php - 与年份无关的日期差异
- angular - 将 scss 文件导入父类 css 时无法正常工作
- faunadb - FaunaDB:如何在过去 n 天内对所有文档进行分页/计数
- regex - 正则表达式:在指定单词或行尾之间提取文本
- c++ - QHash 在不同的 qt 版本中表现不同