Overview

The TrueLicense Maven Plugin generates source files from Apache Velocity template files or obfuscates constant string values in class files.

Features

Using the TrueLicense Maven Plugin you can…

  • Generate source files from Apache Velocity template files:
    • Use Velocity Tools to power-up template file processing.
    • Access any property in the Maven POM from template files.
  • Obfuscate constant string values in order to complement general byte code obfuscation:
    • Use the java.obfuscatedString() function in template files when generating Java source files.
    • Use the scala.obfuscatedString() function in template files when generating Scala source files.
    • Use the @Obfuscate annotation in source files when transforming the byte code of class files.

Warning

None of these goals replaces the need for general byte code obfuscation: In order to achieve a reasonable level of security for your intellectual property you should obfuscate the byte code of your software product with a tool like ProGuard.

Generating Source Files

The goals generate-main-sources and generate-test-sources generate source files by merging a set of Apache Velocity template files with all properties in the Maven POM.

For example, to generate main source files, add the TrueLicense Maven Plugin to your POM like this:

<project [...]>
    [...]
    <build>
        [...]
        <plugins>
            [...]
            <plugin>
                <groupId>net.java.truelicense</groupId>
                <artifactId>truelicense-maven-plugin</artifactId>
                <version>2.6.5</version>
                <executions>
                    <execution>
                        <goals>
                            <!-- The default life cycle phase of this goal
                                 is generate-sources. -->
                            <goal>generate-main-sources</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

The default configuration merges each file in the folder src/main/java with the extension vtl with all properties of the Maven POM and saves the resulting file to target/generated-sources/java without the extension. Please refer to the documentation of the respective goal for configuration options.

Using The *.obfuscatedString() Functions

When generating source files, you can use the functions java.obfuscatedString() and scala.obfuscatedString() in template files. These functions expect a string parameter. For example, if you define a property named password in your POM, then you can use the following template file for obfuscating it in the Java source code:

import net.java.truelicense.obfuscate.ObfuscatedString;

class Test {

    void encrypt() throws Exception {
        final ObfuscatedString password = $java.obfuscatedString($password);
        final char[] chars = password.toCharArray();
        try {
            encrypt(chars);
        } finally {
            java.util.Arrays.fill(chars, (char) 0);
        }
    }

    void encrypt(char[] chars) throws Exception {
        [...]
    }
}

Obfuscating Constant String Values

The goals obfuscate-main-classes and obfuscate-test-classes obfuscate constant string values in class files.

For example, to obfuscate constant string values in main class files, add the TrueLicense Maven Plugin to your POM like this:

<project [...]>
    [...]
    <build>
        [...]
        <plugins>
            [...]
            <plugin>
                <groupId>net.java.truelicense</groupId>
                <artifactId>truelicense-maven-plugin</artifactId>
                <version>2.6.5</version>
                <executions>
                    <execution>
                        <goals>
                            <!-- The default life cycle phase of this goal
                                 is process-classes. -->
                            <goal>obfuscate-main-classes</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

The default configuration replaces each constant string value annotated by net.java.truelicense.obfuscate.Obfuscate with a call to a synthetic method which evaluates an obfuscated Java byte code expression to compute the original constant string value again. Please refer to the documentation of the respective goal for configuration options.

Using The @Obfuscate Annotation

When using the default scope, you need to annotate fields with constant string values with @Obfuscate like this:

import net.java.truelicense.obfuscate.Obfuscate;

class Test {

    // Obfuscate the constant string value of this field:
    @Obfuscate
    final String message = "Hello" + ' ' + "world!";

    // This will result in an error:
    @Obfuscate
    String error1 = "Missing final modifier!";

    // This will result in an error, too:
    @Obfuscate
    final int error2 = 1; // not a String!

    // Last, but not least:
    @Obfuscate
    final String error3 = Test.class.getName(); // not a compile time constant!
}