ProGuard不会使用依赖项混淆JAR

2022-07-14 00:00:00 obfuscation java maven maven-3 proguard
我有一个项目,其中的pom.xml文件如下所示。当我发出命令mvn clean compile assembly:single install时,我希望Maven生成一个JAR,它包含

  • 所有依赖项和
  • 我的代码的模糊版本。

它不起作用-我的代码在"有依赖项的JAR"文件中没有混淆。

当我运行mvn clean compile install时,结果文件包含我的应用程序的模糊代码,但没有依赖项。

如何才能拥有包含所有依赖项和模糊代码的JAR文件?

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mycompany</groupId>
    <artifactId>myproduct</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>jar</packaging>
    <properties>
        <restlet-version>2.3.5</restlet-version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.spongepowered</groupId>
            <artifactId>spongeapi</artifactId>
            <version>3.0.0</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
        </dependency>
        <dependency>
            <groupId>org.easytesting</groupId>
            <artifactId>fest-assert-core</artifactId>
            <version>2.0M8</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
            <version>1.10.19</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.restlet.jse</groupId>
            <artifactId>org.restlet</artifactId>
            <version>${restlet-version}</version>
        </dependency>
        <dependency>
            <groupId>org.restlet.jse</groupId>
            <artifactId>org.restlet.ext.jackson</artifactId>
            <version>${restlet-version}</version>
        </dependency>
        <dependency>
            <groupId>com.googlecode.json-simple</groupId>
            <artifactId>json-simple</artifactId>
            <version>1.1.1</version>
        </dependency>
    </dependencies>
    <build>
        <resources>
            <resource>
                <directory>${project.basedir}/src/main/resources</directory>
                <filtering>true</filtering>
            </resource>
        </resources>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.3</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>templating-maven-plugin</artifactId>
                <version>1.0-alpha-3</version>
                <executions>
                    <execution>
                        <id>filter-src</id>
                        <goals>
                            <goal>filter-sources</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-assembly-plugin</artifactId>
                <configuration>
                    <descriptorRefs>
                        <descriptorRef>jar-with-dependencies</descriptorRef>
                    </descriptorRefs>
                </configuration>
            </plugin>
            <plugin>
                <groupId>com.github.wvengen</groupId>
                <artifactId>proguard-maven-plugin</artifactId>
                <version>2.0.8</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals><goal>proguard</goal></goals>
                    </execution>
                </executions>
                <configuration>
                    <proguardVersion>5.2</proguardVersion>
                    <options>
                        <option>-allowaccessmodification</option>
                        <option>-dontoptimize</option>
                        <option>-dontshrink</option>
                        <option>-dontnote</option>
                        <option>-keepattributes Signature</option>
                        <option>-keep class com.mycompany.MyPlugin { *; }</option>
                    </options>
                    <libs>
                        <lib>${java.home}/lib/rt.jar</lib>
                    </libs>
                    <dependencies>
                        <dependency>
                            <groupId>net.sf.proguard</groupId>
                            <artifactId>proguard-base</artifactId>
                            <version>5.2</version>
                            <scope>runtime</scope>
                        </dependency>
                    </dependencies>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

更新1(17.01.2016 19:54 MSK):如下所示更改了ProGuard配置,但mvn clean compile assembly:single仍生成包含未混淆类文件的JAR。

<plugin>
    <groupId>com.github.wvengen</groupId>
    <artifactId>proguard-maven-plugin</artifactId>
    <version>2.0.8</version>
    <executions>
        <execution>
            <phase>package</phase>
            <goals><goal>proguard</goal></goals>
        </execution>
    </executions>
    <configuration>
        <proguardVersion>5.2</proguardVersion>
        <options>
            <option>-allowaccessmodification</option>
            <option>-dontoptimize</option>
            <option>-dontshrink</option>
            <option>-dontnote</option>
            <option>-keepattributes Signature</option>
            <option>-keep class com.mycompany.MyPlugin { *; }</option>
        </options>
        <injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
        <libs>
            <lib>${java.home}/lib/rt.jar</lib>
        </libs>
        <dependencies>
            <dependency>
                <groupId>net.sf.proguard</groupId>
                <artifactId>proguard-base</artifactId>
                <version>5.2</version>
                <scope>runtime</scope>
            </dependency>
        </dependencies>
    </configuration>
</plugin>

更新2(17.01.2016 20:29 MSK):mvn clean compile assembly:single install失败。可以看到最后一条消息here。


解决方案

proguard-maven-plugin将混淆项目的主要项目,而不是maven-assembly-plugin生成的次要项目jar-with-dependencies

您需要通过指定injar属性将插件配置为对jar-with-dependencies进行模糊处理:

指定要处理的应用程序的输入JAR名称(或WAR、EAR、ZIP)。

<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,POM中插件的执行顺序也有一个问题:我们需要确保maven-assembly-pluginproguard-maven-plugin之前执行。因此,最好为绑定到package阶段的maven-assembly-plugin定义显式执行,而不是使用assembly:single从命令行手动调用它。这将是配置:

<plugin>
    <artifactId>maven-assembly-plugin</artifactId>
    <executions>
        <execution>
            <id>assembly</id>
            <goals>
                <goal>single</goal>
            </goals>
            <phase>package</phase>
            <configuration>
                <descriptorRefs>
                    <descriptorRef>jar-with-dependencies</descriptorRef>
                </descriptorRefs>
            </configuration>
        </execution>
    </executions>
</plugin>

然后,您只需确保proguard-maven-plugin插件配置在您的POM中之后。

完成此操作后,使用mvn clean install调用Maven将导致带有依赖项的混淆JAR。


为了测试您的实际POM,我添加了两个存储库:

  • https://repo.spongepowered.org/maven解析spongeapi依赖项。
  • http://maven.restlet.com解析org.restlet.jse依赖项。
对于这两个依赖项,ProGuard会生成警告,因为org.restlet.ext.jackson依赖项使用了不在构建路径上的com.sun.msv.*类。由于我认为您的代码当前正在运行,这意味着不需要包含这些类,并且可以忽略这些警告。因此,我添加了-dontwarn选项,以便ProGuard在出现警告时不会出错。

我能够使用依赖项成功混淆JAR的最终POM如下:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.mycompany</groupId>
    <artifactId>myproduct</artifactId>
    <version>1.0-SNAPSHOT</version>
    <repositories>
       <repository>
           <id>spongepowered</id>
           <url>https://repo.spongepowered.org/maven</url>
       </repository>
       <repository>
           <id>restlet</id>
           <url>http://maven.restlet.com</url>
       </repository>
    </repositories>
    <properties>
        <restlet-version>2.3.5</restlet-version>
    </properties>
    <build>
       <resources>
            <resource>
                <directory>${project.basedir}/src/main/resources</directory>
                <filtering>true</filtering>
            </resource>
        </resources>
        <plugins>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.3</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>templating-maven-plugin</artifactId>
                <version>1.0-alpha-3</version>
                <executions>
                    <execution>
                        <id>filter-src</id>
                        <goals>
                            <goal>filter-sources</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-assembly-plugin</artifactId>
                <executions>
                    <execution>
                        <id>assembly</id>
                        <goals>
                            <goal>single</goal>
                        </goals>
                        <phase>package</phase>
                        <configuration>
                            <descriptorRefs>
                                <descriptorRef>jar-with-dependencies</descriptorRef>
                            </descriptorRefs>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>com.github.wvengen</groupId>
                <artifactId>proguard-maven-plugin</artifactId>
                <version>2.0.8</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals><goal>proguard</goal></goals>
                        <configuration>
                            <injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
                            <proguardVersion>5.2</proguardVersion>
                            <options>
                                <option>-allowaccessmodification</option>
                                <option>-dontoptimize</option>
                                <option>-dontshrink</option>
                                <option>-dontnote</option>
                                <option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
                                <option>-keepattributes Signature</option>
                                <option>-keep class com.mycompany.MyPlugin { *; }</option>
                            </options>
                            <libs>
                                <lib>${java.home}/lib/rt.jar</lib>
                            </libs>
                            <dependencies>
                                <dependency>
                                    <groupId>net.sf.proguard</groupId>
                                    <artifactId>proguard-base</artifactId>
                                    <version>5.2</version>
                                    <scope>runtime</scope>
                                </dependency>
                            </dependencies>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <dependencies>
       <dependency>
            <groupId>org.spongepowered</groupId>
            <artifactId>spongeapi</artifactId>
            <version>3.0.0</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
        </dependency>
        <dependency>
            <groupId>org.easytesting</groupId>
            <artifactId>fest-assert-core</artifactId>
            <version>2.0M8</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-core</artifactId>
            <version>1.10.19</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.restlet.jse</groupId>
            <artifactId>org.restlet</artifactId>
            <version>${restlet-version}</version>
        </dependency>
        <dependency>
            <groupId>org.restlet.jse</groupId>
            <artifactId>org.restlet.ext.jackson</artifactId>
            <version>${restlet-version}</version>
        </dependency>
        <dependency>
            <groupId>com.googlecode.json-simple</groupId>
            <artifactId>json-simple</artifactId>
            <version>1.1.1</version>
        </dependency>
    </dependencies>
</project>

相关文章