added support for environment variable JDEPLOY_DEVELOPER_CA_ID which …

…can be the alias for a root certificate that is used in signed bundles to verify package signatures. The difference between this and the signing certificate, is that the root certificate does not need to have the accompanying private key on the deployment machine - it is used solely to allow the app bundle to validate the signature of packages. The root certificate will typically have a very long lifespan (e.g. 10 years), whereas the signing certificate will have a shorter expiry.
shannah · Aug 6, 2024 · be75f2d · be75f2d
1 parent fea59ba
commit be75f2d
Showing 1 changed file with 26 additions and 3 deletions.
diff --git a/shared/src/main/java/ca/weblite/jdeploy/factories/JDeployKeyProviderFactory.java b/shared/src/main/java/ca/weblite/jdeploy/factories/JDeployKeyProviderFactory.java
@@ -13,6 +13,8 @@ public static interface KeyConfig {
 
         String getDeveloperId();
 
+        String getCertificateAuthorityId();
+
         char[] getKeystorePassword();
     }
 
@@ -40,6 +42,15 @@ public String getDeveloperId() {
             return null;
         }
 
+        @Override
+        public String getCertificateAuthorityId() {
+            String envKeyStoreAlias = System.getenv("JDEPLOY_DEVELOPER_CA_ID");
+            if (envKeyStoreAlias != null) {
+                return envKeyStoreAlias;
+            }
+            return null;
+        }
+
         @Override
         public char[] getKeystorePassword() {
             String envKeyStorePassword = System.getenv("JDEPLOY_KEYSTORE_PASSWORD");
@@ -66,17 +77,29 @@ public KeyProvider createKeyProvider(KeyConfig config) {
                             config.getKeystorePath(),
                             config.getKeystorePassword(),
                             config.getDeveloperId(),
-                            config.getDeveloperId()
+                            config.getDeveloperId(),
+                            config.getCertificateAuthorityId()
                     )
             );
         }
 
         if (Platform.getSystemPlatform().isMac() && config.getDeveloperId() != null) {
-            provider.registerKeyProvider(new MacKeyStoreKeyProvider(config.getDeveloperId(), null));
+            provider.registerKeyProvider(
+                    new MacKeyStoreKeyProvider(
+                            config.getDeveloperId(),
+                            null,
+                            config.getCertificateAuthorityId()
+                    )
+            );
         }
 
         if (Platform.getSystemPlatform().isWindows() && config.getDeveloperId() != null) {
-            provider.registerKeyProvider(new WindowsKeyStoreKeyProvider(config.getDeveloperId(), null));
+            provider.registerKeyProvider(
+                    new WindowsKeyStoreKeyProvider(
+                            config.getDeveloperId(),
+                            null, config.getCertificateAuthorityId()
+                    )
+            );
         }
 
         return provider;