Properly handle the certfile parameter with the Google Cloud store type (Fixes #91)

ebourg · ebourg · commit 51bb816ba2b0 · 2021-06-30T12:17:27.000+02:00
diff --git a/jsign-core/src/main/java/net/jsign/SignerHelper.java b/jsign-core/src/main/java/net/jsign/SignerHelper.java
@@ -361,7 +361,7 @@ private AuthenticodeSigner build() throws SignerException {
             if (chain == null) {
                 throw new SignerException("No certificate found under the alias '" + alias + "' in the keystore " + (provider != null ? provider.getName() : keystore) + " (available aliases: " + String.join(", ", aliases) + ")");
             }
-            if (certfile != null) {
+            if (certfile != null && !"GOOGLECLOUD".equals(storetype)) {
                 if (chain.length != 1) {
                     throw new SignerException("certfile " + parameterName + " can only be specified if the certificate from the keystore contains only one entry");
                 }
diff --git a/jsign-core/src/test/java/net/jsign/SignerHelperTest.java b/jsign-core/src/test/java/net/jsign/SignerHelperTest.java
@@ -28,6 +28,7 @@
 
 import net.jsign.jca.Azure;
 import net.jsign.jca.DigiCertONE;
+import net.jsign.jca.GoogleCloud;
 import net.jsign.pe.PEFile;
 
 import static org.junit.Assert.*;
@@ -100,6 +101,36 @@ public void testAzureKeyVault() throws Exception {
         assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
     }
 
+    @Test
+    public void testGoogleCloud() throws Exception {
+        File sourceFile = new File("target/test-classes/wineyes.exe");
+        File targetFile = new File("target/test-classes/wineyes-signed-with-signing-service.exe");
+
+        FileUtils.copyFile(sourceFile, targetFile);
+
+        SignerHelper helper = new SignerHelper(new StdOutConsole(1), "option")
+                .storetype("GOOGLECLOUD")
+                .keystore("projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring")
+                .storepass(GoogleCloud.getAccessToken())
+                .alias("test")
+                .certfile("src/test/resources/keystores/jsign-test-certificate-full-chain-reversed.pem")
+                .alg("SHA-256");
+
+        helper.sign(targetFile);
+
+        PEFile peFile = new PEFile(targetFile);
+        List<CMSSignedData> signatures = peFile.getSignatures();
+        assertNotNull(signatures);
+        assertEquals(1, signatures.size());
+
+        CMSSignedData signedData = signatures.get(0);
+        assertNotNull(signedData);
+
+        // Check the signature algorithm
+        SignerInformation si = signedData.getSignerInfos().getSigners().iterator().next();
+        assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
+    }
+
     @Test
     public void testDigiCertONE() throws Exception {
         String apikey = DigiCertONE.getApiKey();

Original file line number	Diff line number	Diff line change
`@@ -361,7 +361,7 @@ private AuthenticodeSigner build() throws SignerException {`
`361`	`361`	`if (chain == null) {`
`362`	`362`	`throw new SignerException("No certificate found under the alias '" + alias + "' in the keystore " + (provider != null ? provider.getName() : keystore) + " (available aliases: " + String.join(", ", aliases) + ")");`
`363`	`363`	`}`
`364`		`- if (certfile != null) {`
	`364`	`+ if (certfile != null && !"GOOGLECLOUD".equals(storetype)) {`
`365`	`365`	`if (chain.length != 1) {`
`366`	`366`	`throw new SignerException("certfile " + parameterName + " can only be specified if the certificate from the keystore contains only one entry");`
`367`	`367`	`}`