#!/bin/bash ## -- FILE ------------------------------------------------------------------ ## name : bordercastle-sign.sh ## project : BoarderZone: BorderCastle ## created : Leon Poyyayil - 2013-07-15 ## language : Linux shell script ## environment: GNU bash ## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland ## license : Bouncy Castle License. see LICENSE ## -------------------------------------------------------------------------- SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") ) pushd $MAIN_DIR > /dev/null . bordercastle.conf check_env() { VAR_NAME=$1 VAR_VALUE=$2 IS_FILE=$3 if [[ -z "$VAR_NAME" ]]; then echo "undefined env var: $VAR_NAME" exit -1 fi if [[ -z "$VAR_VALUE" ]]; then echo "empty env var: $VAR_NAME" exit -1 fi if [[ "$IS_FILE" == "true" ]]; then if [[ ! -f "$VAR_VALUE" ]]; then echo "missing file: $VAR_NAME: $VAR_VALUE" exit -1 fi fi } load_config() { CFG=$1 if [[ ! -f "$CFG" ]]; then echo "missing signing config: $CFG" exit -1 fi . "$CFG" check_env JARSIGNER_STORE_FILE "$JARSIGNER_STORE_FILE" true check_env JARSIGNER_STORE_PASS "$JARSIGNER_STORE_PASS" false check_env JARSIGNER_KEY_NAME "$JARSIGNER_KEY_NAME" false check_env JARSIGNER_KEY_PASS "$JARSIGNER_KEY_PASS" false check_env JARSIGNER_TSA_URL "$JARSIGNER_TSA_URL" false } sign_jar() { JAR_BASE=$1 OUT_BASE=$2 if [[ "$OUT_BASE" == "" ]]; then OUT_BASE=$JAR_BASE fi RAW_JAR=${JAR_BASE}.jar SIGNED=signed/${OUT_BASE}.jar echo "- $RAW_JAR => $SIGNED" BASE_OPTS= BASE_OPTS="$BASE_OPTS -keystore $JARSIGNER_STORE_FILE" BASE_OPTS="$BASE_OPTS -storepass:env JARSIGNER_STORE_PASS" SIGN_OPTS="$BASE_OPTS" SIGN_OPTS="$SIGN_OPTS -keypass:env JARSIGNER_KEY_PASS" SIGN_OPTS="$SIGN_OPTS -tsa $JARSIGNER_TSA_URL" SIGN_OPTS="$SIGN_OPTS -strict" SIGN_OPTS="$SIGN_OPTS -sigfile BOCASIGN" SIGN_OPTS="$SIGN_OPTS -digestalg SHA-384" jarsigner $SIGN_OPTS -signedjar "$SIGNED" "$RAW_JAR" "$JARSIGNER_KEY_NAME" RET_VAL=$? if [[ "$RET_VAL" != "0" ]]; then echo "failed to sign: jarsigner returned $RET_VAL" exit $RET_VAL fi VERIFY_OPTS="$BASE_OPTS" #VERIFY_OPTS="$VERIFY_OPTS -verbose" jarsigner $VERIFY_OPTS -verify "$SIGNED" RET_VAL=$? if [[ "$RET_VAL" != "0" ]]; then echo "failed to verify: jarsigner returned $RET_VAL" exit $RET_VAL fi } load_config private/sign.conf pushd $DIST_DIR > /dev/null mkdir -p signed sign_jar boca-light-$BC_VER sign_jar boca-mail-$BC_VER sign_jar boca-pg-$BC_VER sign_jar boca-pkix-$BC_VER sign_jar boca-prov-$BC_VER sign_jar boca-tls-$BC_VER sign_jar boca-util-$BC_VER sign_jar bordercastle-jce-obfuscated-packed bordercastle-jce-$BC_VER sign_jar bordercastle-tls-obfuscated-packed bordercastle-tls-$BC_VER popd > /dev/null popd > /dev/null ## -- EOF -------------------------------------------------------------------