Code Signing Integration with Native Tools

SignTool

To sign with SignTool:

stage('sign') {
  steps {
   // Using Certificate
   bat 'signtool.exe sign /f certificate.p12 /p <password> /tr <timestamp URL> /fd <digest algorithm> <file to be signed>'
    // Using CSP
    bat 'signtool.exe sign /csp "<CSP Provider Name>" /kc "<Key Container Name>" 
/f certificate.crt /fd <digest algorithm> /tr <timestamp URL> <file to be signed>'
}

The input parameters are the alias of the keypair used for signing, the name or alias of the certificate that needs to be used for signing, and the path to the file that needs to be signed.

Jarsigner

To sign with Jarsigner:

stage('sign') {
  steps {
    // For Windows
    bat 'jarsigner -keystore NONE -storetype Windows-My -signedjar <signed_file>.jar -sigalg SHA256withRSA -digestalg SHA256 <jarfile> <alias>'

    // For Linux
    sh 'jarsigner -keystore <path_to_keystore> -storepass <keystore_password> -signedjar <signed_file>.jar -sigalg SHA256withRSA -digestalg SHA256 <jarfile> <alias>'
}

The input parameters are the path where the signed jar needs to be output, the path to the keystore and its password, the path to the jar that needs to be signed, and the name or alias of the certificate that needs to be used for signing.