104 lines
2.9 KiB
Bash
Executable file
104 lines
2.9 KiB
Bash
Executable file
#!/bin/bash
|
|
## -- FILE ------------------------------------------------------------------
|
|
## name : bordercastle-sign.sh
|
|
## project : BoarderZone: BorderCastle
|
|
## created : Leon Poyyayil - 2013-07-15
|
|
## language : Linux shell script
|
|
## environment: GNU bash
|
|
## copyright : (c) 1990-2025 by Leon Poyyayil (private), Switzerland
|
|
## license : Bouncy Castle License. see LICENSE
|
|
## --------------------------------------------------------------------------
|
|
|
|
SCRIPT_DIR="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
MAIN_DIR=$(readlink -f $( dirname "$SCRIPT_DIR") )
|
|
pushd $MAIN_DIR > /dev/null
|
|
. bordercastle.conf
|
|
|
|
check_env() {
|
|
VAR_NAME=$1
|
|
VAR_VALUE=$2
|
|
IS_FILE=$3
|
|
if [[ -z "$VAR_NAME" ]]; then
|
|
echo "undefined env var: $VAR_NAME"
|
|
exit -1
|
|
fi
|
|
if [[ -z "$VAR_VALUE" ]]; then
|
|
echo "empty env var: $VAR_NAME"
|
|
exit -1
|
|
fi
|
|
if [[ "$IS_FILE" == "true" ]]; then
|
|
if [[ ! -f "$VAR_VALUE" ]]; then
|
|
echo "missing file: $VAR_NAME: $VAR_VALUE"
|
|
exit -1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
load_config() {
|
|
CFG=$1
|
|
if [[ ! -f "$CFG" ]]; then
|
|
echo "missing signing config: $CFG"
|
|
exit -1
|
|
fi
|
|
. "$CFG"
|
|
check_env JARSIGNER_STORE_FILE "$JARSIGNER_STORE_FILE" true
|
|
check_env JARSIGNER_STORE_PASS "$JARSIGNER_STORE_PASS" false
|
|
check_env JARSIGNER_KEY_NAME "$JARSIGNER_KEY_NAME" false
|
|
check_env JARSIGNER_KEY_PASS "$JARSIGNER_KEY_PASS" false
|
|
check_env JARSIGNER_TSA_URL "$JARSIGNER_TSA_URL" false
|
|
}
|
|
|
|
sign_jar() {
|
|
JAR_BASE=$1
|
|
OUT_BASE=$2
|
|
if [[ "$OUT_BASE" == "" ]]; then
|
|
OUT_BASE=$JAR_BASE
|
|
fi
|
|
RAW_JAR=${JAR_BASE}.jar
|
|
SIGNED=signed/${OUT_BASE}.jar
|
|
echo "- $RAW_JAR => $SIGNED"
|
|
BASE_OPTS=
|
|
BASE_OPTS="$BASE_OPTS -keystore $JARSIGNER_STORE_FILE"
|
|
BASE_OPTS="$BASE_OPTS -storepass:env JARSIGNER_STORE_PASS"
|
|
SIGN_OPTS="$BASE_OPTS"
|
|
SIGN_OPTS="$SIGN_OPTS -keypass:env JARSIGNER_KEY_PASS"
|
|
SIGN_OPTS="$SIGN_OPTS -tsa $JARSIGNER_TSA_URL"
|
|
SIGN_OPTS="$SIGN_OPTS -strict"
|
|
SIGN_OPTS="$SIGN_OPTS -sigfile BOCASIGN"
|
|
SIGN_OPTS="$SIGN_OPTS -digestalg SHA-384"
|
|
jarsigner $SIGN_OPTS -signedjar "$SIGNED" "$RAW_JAR" "$JARSIGNER_KEY_NAME"
|
|
RET_VAL=$?
|
|
if [[ "$RET_VAL" != "0" ]]; then
|
|
echo "failed to sign: jarsigner returned $RET_VAL"
|
|
exit $RET_VAL
|
|
fi
|
|
VERIFY_OPTS="$BASE_OPTS"
|
|
#VERIFY_OPTS="$VERIFY_OPTS -verbose"
|
|
jarsigner $VERIFY_OPTS -verify "$SIGNED"
|
|
RET_VAL=$?
|
|
if [[ "$RET_VAL" != "0" ]]; then
|
|
echo "failed to verify: jarsigner returned $RET_VAL"
|
|
exit $RET_VAL
|
|
fi
|
|
}
|
|
|
|
load_config private/sign.conf
|
|
|
|
pushd $DIST_DIR > /dev/null
|
|
|
|
mkdir -p signed
|
|
|
|
sign_jar boca-light-$BC_VER
|
|
sign_jar boca-mail-$BC_VER
|
|
sign_jar boca-pg-$BC_VER
|
|
sign_jar boca-pkix-$BC_VER
|
|
sign_jar boca-prov-$BC_VER
|
|
sign_jar boca-tls-$BC_VER
|
|
sign_jar boca-util-$BC_VER
|
|
sign_jar bordercastle-jce-obfuscated-packed bordercastle-jce-$BC_VER
|
|
sign_jar bordercastle-tls-obfuscated-packed bordercastle-tls-$BC_VER
|
|
|
|
popd > /dev/null
|
|
|
|
popd > /dev/null
|
|
## -- EOF -------------------------------------------------------------------
|