Skip to content

Commit

Permalink
Properly handle the certfile parameter with the Google Cloud store ty…
Browse files Browse the repository at this point in the history
…pe (Fixes #91)
  • Loading branch information
ebourg committed Jun 30, 2021
1 parent 7390883 commit c6795d2
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 1 deletion.
2 changes: 1 addition & 1 deletion jsign-core/src/main/java/net/jsign/SignerHelper.java
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ private AuthenticodeSigner build() throws SignerException {
if (chain == null) {
throw new SignerException("No certificate found under the alias '" + alias + "' in the keystore " + (provider != null ? provider.getName() : keystore) + " (available aliases: " + String.join(", ", aliases) + ")");
}
if (certfile != null) {
if (certfile != null && !"GOOGLECLOUD".equals(storetype)) {
if (chain.length != 1) {
throw new SignerException("certfile " + parameterName + " can only be specified if the certificate from the keystore contains only one entry");
}
Expand Down
31 changes: 31 additions & 0 deletions jsign-core/src/test/java/net/jsign/SignerHelperTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

import net.jsign.jca.Azure;
import net.jsign.jca.DigiCertONE;
import net.jsign.jca.GoogleCloud;
import net.jsign.pe.PEFile;

import static org.junit.Assert.*;
Expand Down Expand Up @@ -100,6 +101,36 @@ public void testAzureKeyVault() throws Exception {
assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
}

@Test
public void testGoogleCloud() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-signed-with-signing-service.exe");

FileUtils.copyFile(sourceFile, targetFile);

SignerHelper helper = new SignerHelper(new StdOutConsole(1), "option")
.storetype("GOOGLECLOUD")
.keystore("projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring")
.storepass(GoogleCloud.getAccessToken())
.alias("test")
.certfile("src/test/resources/keystores/jsign-test-certificate-full-chain-reversed.pem")
.alg("SHA-256");

helper.sign(targetFile);

PEFile peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());

CMSSignedData signedData = signatures.get(0);
assertNotNull(signedData);

// Check the signature algorithm
SignerInformation si = signedData.getSignerInfos().getSigners().iterator().next();
assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
}

@Test
public void testDigiCertONE() throws Exception {
String apikey = DigiCertONE.getApiKey();
Expand Down

0 comments on commit c6795d2

Please sign in to comment.