Merge pull request #316 from ashitsalesforce/master

change in dlbuilder.sh and pom.xml to support PKCS11

dlbuilder.sh

@@ -1,12 +1,24 @@
 #!/bin/sh -f
+# script parameters
 # $1 - password for the java key store containing code-signing cert
-# $2 - file name of the java key store.
-# $3 - URL of the TSA (Timestamp Authority)
+# $2 - PKCS11 config file (see example below)
+# $3 - signature algorithm such as RSA1024, RSA2048, ECCP256, ECCP384
+# $4 - URL of the TSA (Timestamp Authority)
+# $5 - location of the .pem file containing intermediate certs in the cert chain
+# $6 - keystore alias
+
+# Example PKCS11 config file 
+#
+#    name = OpenSC-PKCS11
+#    description = SunPKCS11 via OpenSC
+#    library = /usr/local//Cellar/opensc/0.22.0/lib/pkcs11/opensc-pkcs11.so
+#    slotListIndex = 0
+#
 
 usage() {
   echo "Usage: "
   echo "$0 -u"
-  echo "$0 <Keystore Password> <Keystore File> <TSA URL>" >&2
+  echo "$0 <keystore password> <PKCS11 config file> <signature algorithm, e.g. RSA1024, RSA2048, ECCP256, ECCP384> <TSA URL> <certchain file> <keystore alias>"
   echo "$0 -n macos_x86_64 | macos_arm_64 | windows_x86_64 | linux_x86_64"
   exit 1
 }
@@ -15,33 +27,65 @@ run_mvn() {
 # $1 - code-signing params
 # $2 - target OS name
 # $3 - true - zip, false - do not zip
+# $4 - keystore password
+# $5 - PKCS11 config file
+# $6 - signature algorithm
+# $7 - TSA URL
+# $8 - certchain pem file
+# $9 - keystore alias
 
+  osSuffix=""
   if [ "$2" = macos_x86_64 ]
   then
-    from=target/mac/dataloader_mac.zip
-    to=./dataloader_mac.zip
+    osSuffix="mac"
+    zipdir="target/${osSuffix}"
+    from="${zipdir}/dataloader_${osSuffix}.zip"
+    to=./dataloader_${osSuffix}.zip
   elif [ "$2" = macos_arm_64 ] 
   then
-    from=target/mac/dataloader_mac.zip
-    to=./dataloader_mac_arm64.zip
+    osSuffix="mac"
+    zipdir="target/${osSuffix}"
+    from="${zipdir}/dataloader_${osSuffix}.zip"
+    to=./dataloader_${osSuffix}_arm64.zip
   elif [ "$2" = windows_x86_64 ] 
   then
-    from=target/win/dataloader_win.zip
-    to=./dataloader_win.zip
+    osSuffix="win"
+    zipdir="target/${osSuffix}"
+    from=target/win/dataloader_${osSuffix}.zip
+    to=./dataloader_${osSuffix}.zip
   elif [ "$2" = linux_x86_64 ] 
   then
-    from=target/linux/dataloader_linux.zip
-    to=./dataloader_linux.zip
+    osSuffix="linux"
+    zipdir="target/${osSuffix}"
+    from=target/win/dataloader_${osSuffix}.zip
+    to=./dataloader_${osSuffix}.zip
   else
     usage
   fi
 
+  # build uber jar
+#  mvn clean package -DskipTests -DtargetOS=$2 
+
+  jarfile=`find ./target -name dataloader-*-uber.jar -not -path "./target/win/*" -not -path "./target/mac/*" -not -path "./target/linux/*" -print -quit` 
+  # sign uber jar if -u flag not set
+  if [ $1 = false ]; then
+    jarsigner -storepass "$4" -verbose -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "$5" -keystore NONE -storetype PKCS11 -sigalg "$6" -tsa "$7" -certchain "$8" ${jarfile} "$9"
+  fi
+
+  # zip if requested, make sure to not rebuild uber file to preserve the signed copy
   zipOption=""
   if [ $3 = true ]
   then
-    zipOption="-Pzip"
+    zipOption="-Duberjar.skip -Pzip"
+    mvn package -DskipTests -DtargetOS=$2 -Duberjar.skip -Pzip
   fi
-  mvn clean package -DskipTests $1 -DtargetOS=$2 ${zipOption}
+
+  # sign zip if -u flag not set
+  if [ $1 = false ]; then
+    jarsigner -storepass "$4" -verbose -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "$5" -keystore NONE -storetype PKCS11 -sigalg "$6" -tsa "$7" -certchain "$8" target/${osSuffix}/dataloader_${osSuffix}.zip "$9"
+  fi
+
+  # copy zip if zip is requested
   if [ $3 = true ]
   then
     cp ${from} ${to}
@@ -70,7 +114,7 @@ do
     esac
 done
 
-if [ ${unsignedArtifacts} = false  -a  "$#" -ne 3 ]; then
+if [ ${unsignedArtifacts} = false  -a  "$#" -ne 6 ]; then
   usage
 fi
 
@@ -80,10 +124,10 @@ if [ ${unsignedArtifacts} = false ]; then
 fi
 
 if [ ${doZip} = true ]; then
-  run_mvn "${signingOptions}" "macos_x86_64" ${doZip}
-  run_mvn "${signingOptions}" "windows_x86_64" ${doZip}
-#  run_mvn "${signingOptions}" "macos_arm_64" ${doZip}
-#  run_mvn "${signingOptions}" "linux_x86_64" ${doZip}
+  run_mvn "${unsignedArtifacts}" "macos_x86_64" ${doZip} "$1" "$2" "$3" "$4" "$5" "$6"
+  run_mvn "${unsignedArtifacts}" "windows_x86_64" ${doZip} "$1" "$2" "$3" "$4" "$5" "$6"
+#  run_mvn "${unsignedArtifacts}" "macos_arm_64" ${doZip} "$1" "$2" "$3" "$4" "$5" "$6"
+#  run_mvn "${unsignedArtifacts}" "linux_x86_64" ${doZip} "$1" "$2" "$3" "$4" "$5" "$6"
 else
-  run_mvn "${signingOptions}" "${targetOS}" ${doZip}
+  run_mvn "${unsignedArtifacts}" "${targetOS}" ${doZip} "$1" "$2" "$3" "$4" "$5" "$6"
 fi

pom.xml

@@ -221,75 +221,7 @@
 
       <!-- we might want to use the maven-shade-plugin in the future instead 
         of maven-assembly-plugin -->
-      <plugin>
-        <artifactId>maven-assembly-plugin</artifactId>
-        <configuration>
-          <archive>
-            <manifest>
-              <mainClass>com.salesforce.dataloader.process.DataLoaderRunner</mainClass>
-            </manifest>
-          </archive>
-          <descriptors>
-            <descriptor>src/main/assembly/uber.xml</descriptor>
-          </descriptors>
-        </configuration>
-        <executions>
-          <execution>
-            <id>make-uber-jar</id>
-            <phase>package</phase>
-            <goals>
-              <goal>single</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-      <plugin>
-        <artifactId>maven-shade-plugin</artifactId>
-        <version>3.2.4</version>
-        <executions>
-          <execution>
-            <phase>package</phase>
-            <goals>
-              <goal>shade</goal>
-            </goals>
-            <configuration>
-              <shadedArtifactAttached>true</shadedArtifactAttached>
-              <shadedClassifierName>shade</shadedClassifierName> <!-- Any name that makes sense -->
-              <filters>
-                <filter>
-                  <artifact>*:*</artifact>
-                  <excludes>
-                    <exclude>module-info.class</exclude>
-                    <exclude>META-INF/*.SF</exclude>
-                    <exclude>META-INF/*.MF</exclude>
-                    <exclude>META-INF/*.txt</exclude>
-                    <exclude>META-INF/LICENSE</exclude>
-                    <exclude>META-INF/NOTICE</exclude>
-                    <exclude>META-INF/DEPENDENCIES</exclude>
-                    <exclude>META-INF/*.DSA</exclude>
-                    <exclude>META-INF/*.RSA</exclude>
-                    <exclude>*.*</exclude>
-                  </excludes>
-                </filter>
-              </filters>
-              <transformers>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                  <mainClass>com.salesforce.dataloader.process.DataLoaderRunner</mainClass>
-                </transformer>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
-                  <resource>META-INF/spring.handlers</resource>
-                </transformer>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
-                  <resource>META-INF/spring.schemas</resource>
-                </transformer>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
-                  <resource>META-INF/spring.tooling</resource>
-                </transformer>
-              </transformers>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
+
 
       <plugin>
         <artifactId>maven-compiler-plugin</artifactId>
@@ -433,6 +365,86 @@
           <OSType>linux</OSType>
       </properties>
     </profile>
+
+    <profile>
+      <id>uberjar</id>
+      <activation>
+        <property><name>!uberjar.skip</name></property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-assembly-plugin</artifactId>
+            <configuration>
+              <archive>
+                <manifest>
+                  <mainClass>com.salesforce.dataloader.process.DataLoaderRunner</mainClass>
+                </manifest>
+              </archive>
+              <descriptors>
+                <descriptor>src/main/assembly/uber.xml</descriptor>
+              </descriptors>
+            </configuration>
+	        <executions>
+	          <execution>
+	            <id>make-uber-jar</id>
+	            <phase>package</phase>
+	            <goals>
+	              <goal>single</goal>
+	            </goals>
+	          </execution>
+	        </executions>
+	      </plugin>
+	      <plugin>
+	        <artifactId>maven-shade-plugin</artifactId>
+	        <version>3.2.4</version>
+	        <executions>
+	          <execution>
+	            <phase>package</phase>
+	            <goals>
+	              <goal>shade</goal>
+	            </goals>
+	            <configuration>
+	              <shadedArtifactAttached>true</shadedArtifactAttached>
+	              <shadedClassifierName>shade</shadedClassifierName> <!-- Any name that makes sense -->
+	              <filters>
+	                <filter>
+	                  <artifact>*:*</artifact>
+	                  <excludes>
+	                    <exclude>module-info.class</exclude>
+	                    <exclude>META-INF/*.SF</exclude>
+	                    <exclude>META-INF/*.MF</exclude>
+	                    <exclude>META-INF/*.txt</exclude>
+	                    <exclude>META-INF/LICENSE</exclude>
+	                    <exclude>META-INF/NOTICE</exclude>
+	                    <exclude>META-INF/DEPENDENCIES</exclude>
+	                    <exclude>META-INF/*.DSA</exclude>
+	                    <exclude>META-INF/*.RSA</exclude>
+	                    <exclude>*.*</exclude>
+	                  </excludes>
+	                </filter>
+	              </filters>
+	              <transformers>
+	                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+	                  <mainClass>com.salesforce.dataloader.process.DataLoaderRunner</mainClass>
+	                </transformer>
+	                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+	                  <resource>META-INF/spring.handlers</resource>
+	                </transformer>
+	                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+	                  <resource>META-INF/spring.schemas</resource>
+	                </transformer>
+	                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+	                  <resource>META-INF/spring.tooling</resource>
+	                </transformer>
+	              </transformers>
+	            </configuration>
+	          </execution>
+	        </executions>
+	      </plugin>
+        </plugins>
+      </build>
+    </profile>
 
     <profile>
       <id>zip</id>