Integrating Code Signing using Scripts

Integrating Code Signing using Scripts provides a step-by-step guide to automating the code signing process through scripts. This resource helps streamline the integration of code signing into your development pipeline, ensuring secure and efficient signing of your software artifacts to meet security and compliance requirements.

AppViewX PKCS#11 Provider Integration with Maven Scripts

Maven is a build automation and project management tool mainly used for Java projects. It uses an XML file (pom.xml) to manage project dependencies, build configurations, and project lifecycles, enabling standardized builds and efficient dependency management.

Prerequisites

  1. Run the AppViewX SIGN+ Installer to set up the prerequisites for using the AppViewX PKCS#11 Provider with Maven Scripts.
  2. Ensure Maven is pre-installed.

Sign

Sample Command Generated in README

Note: The commands generated by the SIGN+_Installer are not standalone and can only be used in existing Maven/Gradle/Ant Projects for signing.
<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-jar-plugin</artifactId>
      <version>3.2.2</version>
      <configuration>
        <archive>
          <manifest>
            <addClasspath>true</addClasspath>
            <mainClass>your.main.class</mainClass>
          </manifest>
        </archive>
      </configuration>
    </plugin>
    <plugin>
      <groupId>org.codehaus.mojo</groupId>
      <artifactId>exec-maven-plugin</artifactId>
      <version>3.0.0</version>
      <executions>
        <execution>
          <id>sign-jar</id>
          <phase>package</phase>
          <goals>
            <goal>exec</goal>
          </goals>
          <configuration>
            <executable>jarsigner</executable>
            <workingDirectory>${project.build.directory}</workingDirectory>
            <arguments>
              <argument>-verbose</argument>
              <argument>-keystore</argument>
              <argument>NONE</argument>
              <argument>-storetype</argument>
              <argument>PKCS11</argument>
              <argument>-certs</argument>
              <argument>-providerclass</argument>
              <argument>sun.security.pkcs11.SunPKCS11</argument>
              <argument>-providerArg</argument>
              <argument>/home/admin/AppViewX Sign+/AVXPKCS11V1.cfg</argument>
              <argument>-storepass</argument>
              <argument>12345678</argument>
              <argument>${project.build.finalName}.jar</argument>
              <argument>-signedjar</argument>
              <argument>signedJar.jar</argument>
              <argument>-tsa</argument>
              <argument>http://timestamp.digicert.com</argument>
              <argument>-sigalg</argument>
              <argument>SHA256withRSA</argument>
              <argument>AppViewX Inc Prod's AppViewX Intermediate CA</argument>
            </arguments>
          </configuration>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

Sample Output

  1. Copy the generated README command and paste it into the pom.xml file of the relevant project.
  2. Execute the mvn package command in the command line or through the Maven Command Window in IntelliJ to build and sign the generated JAR file.
  3. Check the output window or terminal to verify the status of the build/sign process.

AppViewX PKCS#11 Provider Integration with Gradle Scripts

Gradle is a versatile and robust build automation tool that merges the strengths of Ant and Maven. It utilizes a Groovy-based DSL (Domain-Specific Language) for build configuration and dependency management, supporting incremental builds, advanced dependency handling, and multi-project builds.

Prerequisites

  1. Run the AppViewX SIGN+ Installer to set up the prerequisites for using the AppViewX PKCS#11 Provider with Maven Scripts.
  2. Ensure Gradle or any supported IDE pre-installed.

Sign

Sample Command Generated in README

Note: The commands generated by the SIGN+_Installer are not standalone and can only be used in existing Maven/Gradle/Ant Projects for signing.
task sign(type: Exec, dependsOn: 'jar', description: 'JAR signing using AppViewX PKCS#11 Provider', group: 'Build') {
    def storePassword = "12345678"
    def keyStore = "NONE"
    def storeType = "PKCS11"
    def providerClass = "sun.security.pkcs11.SunPKCS11"
    def providerArg = "/home/admin/AppViewX Sign+/AVXPKCS11V1.cfg"
    def alias = "AppViewX Inc Prod's AppViewX Intermediate CA"
    def tsaURL = "http://timestamp.digicert.com"
    def sigAlg = "SHA256withRSA"
    def signedjarfile = "<output_file_path>"
    def unsignedjarfile = "<input_file_path>"
    commandLine "jarsigner", "-keystore", keyStore, "-storepass", storePassword, "-storetype", storeType,  "-providerClass", providerClass, "-providerArg", providerArg, unsignedjarfile, "-signedjar", signedjarfile, "-tsa", tsaURL, "-sigalg", sigAlg, alias
}

Sample Output

  1. Copy the generated README command and paste it into the build.gradle file of the relevant project.
    Note: Replace the <input_file_path> and <output_file_path> in the build.gradle file.
  2. Run the sign task from the Gradle menu to execute the script.
  3. Check the output window or terminal to verify the status of the build/sign process.

AppViewX PKCS#11 Provider Integration with Ant Scripts

Ant is a Java-based build tool that utilizes XML configuration files (build.xml) to define build processes. It is more script-oriented and less prescriptive than Maven and Gradle, offering a flexible approach to automating build tasks without enforcing a specific project structure or dependency management system.

Prerequisites

  1. Run the AppViewX SIGN+ Installer to set up the prerequisites for using the AppViewX PKCS#11 Provider with Maven Scripts.
  2. Ensure Ant and Eclipse IDE are pre-installed.

Sign

Sample Command Generated in README

Note: The commands generated by the SIGN+_Installer are not standalone and can only be used in existing Maven/Gradle/Ant Projects for signing.
<target name="sign" description="JAR signing using AppViewX PKCS#11 Provider">
  <exec executable="jarsigner">
    <arg line="-verbose -keystore NONE -storetype PKCS11 -certs -providerclass sun.security.pkcs11.SunPKCS11 -providerArg &quot;/home/admin/AppViewX Sign+/AVXPKCS11V1.cfg&quot; -storepass 12345678 input_file_path -signedjar output_file_path -tsa &quot;http://timestamp.digicert.com&quot; -sigalg &quot;SHA256withRSA&quot; &quot;AppViewX Inc Prod's AppViewX Intermediate CA&quot;" />
  </exec>
</target>

Sample Output

  1. Copy the generated README command and paste it into the build.xml file of the relevant project.
  2. Modify the input_file_path and output_file_path according to your requirements.
  3. Run the sign task from the Ant window to build and sign the file.
  4. Check the output window or terminal to verify the status of the build/sign process.