XJar-Maven-Plugin 是对 XJar 的一个Maven Plugin封装,实现可通过Maven命令或绑定在Maven构建的生命周期之中执行,用以更加便捷的方式集成 XJar 。
Home Page: https://github.com/core-lib/xjar-maven-plugin
License: Apache License 2.0
用 maven-jar-plugin分离 lib 时,spring-boot-maven--plugin 设置 layout 为 ZIP 时解密失败,用 JAR 可以
org.springframework.boot
spring-boot-maven-plugin
ZIP
明文做成密文,这样即使在插件中存在密文,也相对安全,并且也会减少实施人员泄露密码的可能性。
maven release中加了参数,还是报错?!
大神,xjar加密后的jar如何作为第三方jar包给其他项目引用呢
Error: Could not find or load main class null
Caused by: java.lang.ClassNotFoundException: null
panic: exit status 1
goroutine 1 [running]:
main.main()
/opt/apps/java/grace/grace-admin/target/xjar.go:86 +0x54e
运行时好像不支持-D参数,使用下面的语句,不能正确读取配置
xjar.exe java -Xms512m -Xmx8192m -jar protocol-1.0.1.6_e.jar -Dlogging.config=./config/logback-spring-dev.xml -Dspring.config.location=./config/
不使用加密包的时候,使用以下命令是正常的
java -Xms512m -Xmx8192m -jar -Dloader.path=./target/lib -Dlogging.config=./config/logback-spring-dev.xml -Dspring.config.location=./config/ -Dio.netty.allocator.type=pooled ./target/protocol-1.0.1.6.jar
由于项目中使用了hibernate, 需要加在xjar的agent才能正常运行,在4.0.2中禁用了-javaagent参数,请问我如何再加载xjar-agent-hibernate,谢谢
xjar-maven-plugin-4.0.2.jar ,xjar-4.0.2.jar ,loadkit-v1.0.1.jar 三个jar 都上传到公司私服,没有指定jitpack.io 仓库,不能下载xjar,loadkit,如果通过 dependency 方式依赖,可以下载,但启动报错,Caused by: java.lang.ClassNotFoundException: io.xjar.filter.XMixEntryFilter, 是我上传plugin 到私服的方式不对吗?
在idea中
如果maven的配置文件**仓库地址http://repo2.maven.org/maven2/打包时没有问题
如果maven的配置文件**仓库地址是自己创建的私服(nexus)就不行,代理的阿里云的私服。
POM中这段代码我也是加了的
jitpack.io
https://jitpack.io
估计是我nexus哪里配置的不对。这个问题不知道你有没有遇到过
本想加你QQ的,但是需要验证,加不上,如果方便的话,回复一下验证的内容
1、xjar:2.1.1;jdk:11;spring boot:2.1.2.RELEASE;
2、maven完成打包;
3、运行 java -jar ./xxx.xjar;
4、输入密码,提示错误
通过maven构建,传入密码参数时,提示Unknown lifecycle phase ".password=io.xjar",跟maven版本有关?
使用plugin后无法打包,以下为plugin配置
`
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.github.core-lib</groupId>
<artifactId>xjar-maven-plugin</artifactId>
<version>4.0.2</version>
<executions>
<execution>
<goals>
<goal>build</goal>
</goals>
<phase>package</phase>
<configuration>
<includes>
<include></include>
</includes>
<excludes>
<exclude>resources/**/**</exclude>
</excludes>
<targetJar>encrypted-${project.artifactId}</targetJar>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
`
包下载不下来。。
尝试加密了一个eureka项目,很简单的项目。运行可以正常运行,但是访问eureka主页就报错Skipped only 0 bytes out of 136561 required。
这是什么原因呢?加密了不该加密的东西吗?
目的就是使用 maven 编译代码时,使得 JAR 包的MD5值一样,官网的解决办法已经可以实现 JAR 包 MD5值相同(摘自maven官网: https://zlika.github.io/reproducible-build-maven-plugin/),加入 XJAR 后,生成的 XJAR 文件每次的MD5值都会改变,查阅代码后发现每次加密都会附上当前时间戳,请问我这样理解是否正确,在 XJarEncryptor.class 执行加密时会引用当前时间戳
// 加密方法
public void encrypt(XKey key, InputStream in, OutputStream out) throws IOException {
JarArchiveInputStream zis = null;
JarArchiveOutputStream zos = null;
LinkedHashSet indexes = new LinkedHashSet();
try {
zis = new JarArchiveInputStream(in);
zos = new JarArchiveOutputStream(out);
zos.setLevel(this.level);
XUnclosedInputStream nis = new XUnclosedInputStream(zis);
XUnclosedOutputStream nos = new XUnclosedOutputStream(zos);
Manifest manifest = null;
JarArchiveEntry entry;
JarArchiveEntry jarArchiveEntry;
while((entry = zis.getNextJarEntry()) != null) {
if (!entry.getName().startsWith(XJAR_SRC_DIR) && !entry.getName().endsWith("XJAR-INF/") && !entry.getName().endsWith("XJAR-INF/INDEXES.IDX")) {
if (entry.isDirectory()) {
jarArchiveEntry = new JarArchiveEntry(entry.getName());
jarArchiveEntry.setTime(entry.getTime());
zos.putArchiveEntry(jarArchiveEntry);
} else if (entry.getName().equals("META-INF/MANIFEST.MF")) {
manifest = new Manifest(nis);
Attributes attributes = manifest.getMainAttributes();
String mainClass = attributes.getValue("Main-Class");
if (mainClass != null) {
attributes.putValue("Jar-Main-Class", mainClass);
attributes.putValue("Main-Class", "io.xjar.jar.XJarLauncher");
}
JarArchiveEntry jarArchiveEntry = new JarArchiveEntry(entry.getName());
jarArchiveEntry.setTime(entry.getTime());
zos.putArchiveEntry(jarArchiveEntry);
manifest.write(nos);
} else {
jarArchiveEntry = new JarArchiveEntry(entry.getName());
jarArchiveEntry.setTime(entry.getTime());
zos.putArchiveEntry(jarArchiveEntry);
boolean filtered = this.filtrate(entry);
if (filtered) {
indexes.add(entry.getName());
}
XEncryptor encryptor = filtered ? this.xEncryptor : this.xNopEncryptor;
OutputStream eos = ((XEncryptor)encryptor).encrypt(key, nos);
Throwable var15 = null;
try {
XKit.transfer(nis, eos);
} catch (Throwable var31) {
var15 = var31;
throw var31;
} finally {
if (eos != null) {
if (var15 != null) {
try {
eos.close();
} catch (Throwable var30) {
var15.addSuppressed(var30);
}
} else {
eos.close();
}
}
}
}
zos.closeArchiveEntry();
}
}
if (!indexes.isEmpty()) {
jarArchiveEntry = new JarArchiveEntry("XJAR-INF/");
jarArchiveEntry.setTime(System.currentTimeMillis()); // 当前时间戳
zos.putArchiveEntry(jarArchiveEntry);
zos.closeArchiveEntry();
JarArchiveEntry xjarInfIdx = new JarArchiveEntry("XJAR-INF/INDEXES.IDX");
xjarInfIdx.setTime(System.currentTimeMillis()); // 当前时间戳
zos.putArchiveEntry(xjarInfIdx);
Iterator var39 = indexes.iterator();
while(var39.hasNext()) {
String index = (String)var39.next();
zos.write(index.getBytes());
zos.write(CRLF.getBytes());
}
zos.closeArchiveEntry();
}
String mainClass = manifest != null && manifest.getMainAttributes() != null ? manifest.getMainAttributes().getValue("Main-Class") : null;
if (mainClass != null) {
XInjector.inject(zos);
}
zos.finish();
} finally {
XKit.close(zis);
XKit.close(zos);
}
}
请问我这样理解是否正确,因此每次加密出来的 XJAR 文件 MD5值都不相同,还请大佬给些思绪哈,感谢感谢!!!
no problem
xjar java -jar -Xbootclasspath/a:
一般通过这个命令指定配置文件路径。打包后就报错不能运行了。
运行mvn package时报错:org.apache.maven.plugin.InvalidPluginDescriptorException: Invalid plugin descriptor for com.github.core-lib:xjar-maven-plugin:1.0.8,插件配置如下:
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.github.core-lib</groupId>
<artifactId>xjar-maven-plugin</artifactId>
<version>1.0.8</version>
<executions>
<execution>
<goals>
<goal>build</goal>
</goals>
<phase>package</phase>
<configuration>
<password>io.xjar</password>
</configuration>
</execution>
</executions>
</plugin>
我就是升级了Springboot到3.2.1版本后 IDE上运行都没问题,打包也没问题,然后当把.xjar运行的时候就有问题。说是86行的错:
这个问题怎么解决? 谢谢!
版本:4.0.2
太麻烦了,需要go环境编译启动器,只好降低版本。
版本:2.1.1
打包正常,运行没有提示输入密码,
cn.com.xxx.xxx.xxAppRun Springboot启动类
报错信息:
Exception in thread "main" java.lang.ClassNotFoundException: cn.com.xxx.xxx.xxAppRun
at io.xjar.boot.XBootClassLoader.findClass(XBootClassLoader.java:83)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:151)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:46)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:109)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at io.xjar.boot.XJarLauncher.launch(XJarLauncher.java:26)
at io.xjar.boot.XJarLauncher.main(XJarLauncher.java:22)
Caused by: java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:128)
at javax.crypto.CipherInputStream.read(CipherInputStream.java:246)
at javax.crypto.CipherInputStream.read(CipherInputStream.java:222)
at io.xjar.XKit.transfer(XKit.java:112)
at io.xjar.boot.XBootClassLoader.findClass(XBootClassLoader.java:77)
... 10 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2047)
at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:125)
... 14 more
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.