Properly handle the certfile parameter with the Google Cloud store ty…

…pe (Fixes #91)
ebourg · Jun 30, 2021 · 51bb816 · 51bb816
1 parent 8fa88ac
commit 51bb816
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/jsign-core/src/main/java/net/jsign/SignerHelper.java b/jsign-core/src/main/java/net/jsign/SignerHelper.java
@@ -361,7 +361,7 @@ private AuthenticodeSigner build() throws SignerException {
             if (chain == null) {
                 throw new SignerException("No certificate found under the alias '" + alias + "' in the keystore " + (provider != null ? provider.getName() : keystore) + " (available aliases: " + String.join(", ", aliases) + ")");
             }
-            if (certfile != null) {
+            if (certfile != null && !"GOOGLECLOUD".equals(storetype)) {
                 if (chain.length != 1) {
                     throw new SignerException("certfile " + parameterName + " can only be specified if the certificate from the keystore contains only one entry");
                 }

diff --git a/jsign-core/src/test/java/net/jsign/SignerHelperTest.java b/jsign-core/src/test/java/net/jsign/SignerHelperTest.java
@@ -28,6 +28,7 @@
 
 import net.jsign.jca.Azure;
 import net.jsign.jca.DigiCertONE;
+import net.jsign.jca.GoogleCloud;
 import net.jsign.pe.PEFile;
 
 import static org.junit.Assert.*;
@@ -100,6 +101,36 @@ public void testAzureKeyVault() throws Exception {
         assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
     }
 
+    @Test
+    public void testGoogleCloud() throws Exception {
+        File sourceFile = new File("target/test-classes/wineyes.exe");
+        File targetFile = new File("target/test-classes/wineyes-signed-with-signing-service.exe");
+
+        FileUtils.copyFile(sourceFile, targetFile);
+
+        SignerHelper helper = new SignerHelper(new StdOutConsole(1), "option")
+                .storetype("GOOGLECLOUD")
+                .keystore("projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring")
+                .storepass(GoogleCloud.getAccessToken())
+                .alias("test")
+                .certfile("src/test/resources/keystores/jsign-test-certificate-full-chain-reversed.pem")
+                .alg("SHA-256");
+
+        helper.sign(targetFile);
+
+        PEFile peFile = new PEFile(targetFile);
+        List<CMSSignedData> signatures = peFile.getSignatures();
+        assertNotNull(signatures);
+        assertEquals(1, signatures.size());
+
+        CMSSignedData signedData = signatures.get(0);
+        assertNotNull(signedData);
+
+        // Check the signature algorithm
+        SignerInformation si = signedData.getSignerInfos().getSigners().iterator().next();
+        assertEquals("Digest algorithm", NISTObjectIdentifiers.id_sha256, si.getDigestAlgorithmID().getAlgorithm());
+    }
+
     @Test
     public void testDigiCertONE() throws Exception {
         String apikey = DigiCertONE.getApiKey();