[josm-dev] how to load signed jars needed by my plugin?

[Christoph Wagner]

Hello josm developers,

My name is Christoph Wagner and I am new to this mailing list.

I am writing my diploma thesis about signing osm data.

I decided to write a josm plugin that does that job. It is not public
yet, because at the moment there is no functionality :)
(And I don't have a svn account, yet)

While I am playing around with the source code and some libs I got a
problem while packaging the plugin jar file.

I use some external crypto libs from here:
http://www.bouncycastle.org/latest_releases.html

The standard way to include them in the plugin jar is to unpack them
for example with an unjar-ant-task and add them to the plugin-jar.
The problem is:
The jars from bouncycastle are signed jars. That means they have
digital signatures and they get checked during runtime.

First I tried to copy the signatures from the MANIFEST.MF out of the
signed jars to the new plugin jar MANIFEST.MF but that doesn't work
because the MANIFEST file itself is signed too.

I think the only way is to keep the bouncycastle jars as they are and
add them somehow to the classpath while starting josm. But how should
I do this? Is it compatible with the way josm loads plugins?

I read about a JarClassLoader that can load jar files out of other
jarfiles. So I could just copy the bouncycastle jar files to the
pluginjar and load them. But josm uses the standard URLClassLoader
that is not able to do this.
So the josm core code has to get modified and I don't know how exactly.

Another possibility is, that I create a new lib directory somwhere in
the default josm plugins directory and store the lib jars there and
add it to the classpath. But I don't know how this could be
automatized.

Are there any suggestions to solve this problem?

Thank you!
Christoph