imported scripts from intellicastle project and adapted to bordercastle

2025-10-25 08:02:34 +02:00 · 2025-10-25 08:02:34 +02:00 · dd07940e6a
commit dd07940e6a
parent 6178c58132
29 changed files with 1744 additions and 2 deletions
--- a/bin/bordercastle-sign.sh
+++ b/bin/bordercastle-sign.sh
@ -0,0 +1,104 @@
+#!/bin/bash
+## -- FILE ------------------------------------------------------------------
+## name       : bordercastle-sign.sh
+## project    : BoarderZone: BorderCastle
+## created    : Leon Poyyayil - 2013-07-15
+## language   : Linux shell script
+## environment: GNU bash
+## copyright  : (c) 1990-2025 by Leon Poyyayil (private), Switzerland
+## license    : Bouncy Castle License. see LICENSE
+## --------------------------------------------------------------------------
+
+SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") )
+pushd $MAIN_DIR > /dev/null
+. bordercastle.conf
+
+check_env() {
+  VAR_NAME=$1
+  VAR_VALUE=$2
+  IS_FILE=$3
+  if [[ -z "$VAR_NAME" ]]; then
+    echo "undefined env var: $VAR_NAME"
+    exit -1
+  fi
+  if [[ -z "$VAR_VALUE" ]]; then
+    echo "empty env var: $VAR_NAME"
+    exit -1
+  fi
+  if [[ "$IS_FILE" == "true" ]]; then
+    if [[ ! -f "$VAR_VALUE" ]]; then
+      echo "missing file: $VAR_NAME: $VAR_VALUE"
+      exit -1
+    fi
+  fi
+}
+
+load_config() {
+  CFG=$1
+  if [[ ! -f "$CFG" ]]; then
+    echo "missing signing config: $CFG"
+    exit -1
+  fi
+  . "$CFG"
+  check_env JARSIGNER_STORE_FILE "$JARSIGNER_STORE_FILE" true
+  check_env JARSIGNER_STORE_PASS "$JARSIGNER_STORE_PASS" false
+  check_env JARSIGNER_KEY_NAME "$JARSIGNER_KEY_NAME" false
+  check_env JARSIGNER_KEY_PASS "$JARSIGNER_KEY_PASS" false
+  check_env JARSIGNER_TSA_URL "$JARSIGNER_TSA_URL" false
+}
+
+sign_jar() {
+  JAR_BASE=$1
+  OUT_BASE=$2
+  if [[ "$OUT_BASE" == "" ]]; then
+    OUT_BASE=$JAR_BASE
+  fi
+  RAW_JAR=${JAR_BASE}.jar
+  SIGNED=signed/${OUT_BASE}.jar
+  echo "- $RAW_JAR => $SIGNED"
+  BASE_OPTS=
+  BASE_OPTS="$BASE_OPTS -keystore $JARSIGNER_STORE_FILE"
+  BASE_OPTS="$BASE_OPTS -storepass:env JARSIGNER_STORE_PASS"
+  SIGN_OPTS="$BASE_OPTS"
+  SIGN_OPTS="$SIGN_OPTS -keypass:env JARSIGNER_KEY_PASS"
+  SIGN_OPTS="$SIGN_OPTS -tsa $JARSIGNER_TSA_URL"
+  SIGN_OPTS="$SIGN_OPTS -strict"
+  SIGN_OPTS="$SIGN_OPTS -sigfile BOCASIGN"
+  SIGN_OPTS="$SIGN_OPTS -digestalg SHA-384"
+  jarsigner $SIGN_OPTS -signedjar "$SIGNED" "$RAW_JAR" "$JARSIGNER_KEY_NAME"
+  RET_VAL=$?
+  if [[ "$RET_VAL" != "0" ]]; then
+    echo "failed to sign: jarsigner returned $RET_VAL"
+    exit $RET_VAL
+  fi
+  VERIFY_OPTS="$BASE_OPTS"
+  #VERIFY_OPTS="$VERIFY_OPTS -verbose"
+  jarsigner $VERIFY_OPTS -verify "$SIGNED"
+  RET_VAL=$?
+  if [[ "$RET_VAL" != "0" ]]; then
+    echo "failed to verify: jarsigner returned $RET_VAL"
+    exit $RET_VAL
+  fi
+}
+
+load_config private/sign.conf
+
+pushd $DIST_DIR > /dev/null
+
+mkdir -p signed
+
+sign_jar boca-light-$BC_VER
+sign_jar boca-mail-$BC_VER
+sign_jar boca-pg-$BC_VER
+sign_jar boca-pkix-$BC_VER
+sign_jar boca-prov-$BC_VER
+sign_jar boca-tls-$BC_VER
+sign_jar boca-util-$BC_VER
+sign_jar bordercastle-jce-obfuscated-packed bordercastle-jce-$BC_VER
+sign_jar bordercastle-tls-obfuscated-packed bordercastle-tls-$BC_VER
+
+popd > /dev/null
+
+popd > /dev/null
+## -- EOF -------------------------------------------------------------------