#!/usr/bin/perl
##############################################################################
#                                                                            #
#  WHO:    John L. Moreland                                                  #
#                                                                            #
#  WHAT:   sign                                                              #
#                                                                            #
#  WHY:    Creates self-signed object signing certificate (if it doesn't     #
#          already exist) exports it to a file, then uses the certificate    #
#          to sign a series of JAR files specfied on the command line.       #
#          The signed JAR files are then trusted when used with Java         #
#          WebStart.                                                         #
#                                                                            #
#  WHERE:  San Diego Supercomputer Center (SDSC)                             #
#                                                                            #
#  WHEN:   Mon Jan 31 14:48:27 PST 2005                                      #
#                                                                            #
#  HOW:    PERL                                                              #
#                                                                            #
# A number of resources were helpful in putting this script together:        #
# http://java.sun.com/docs/books/tutorial/security1.2/toolsign/signer.html   #
# http://java.sun.com/docs/books/tutorial/security1.2/toolsign/receiver.html #
# http://www.dallaway.com/acad/webstart/                                     #
# http://www.ldodds.com/blog/archives/000089.html                            #
#                                                                            #
##############################################################################

# Prompt for a password that we'll use for both the key store file
# as well as for the object signing key.

print "Enter Object Signing Password: ";
chomp( $password = <STDIN> );

# Configure the parameters that we'll pass to the command line tools.

$keyAlias = "SignKeyAlias";
$certExportFile = "$keyAlias.cer";
$validDays = 365;
$keyPass = $password;

$keyStoreFile = "$keyAlias.jks";  # Java Key Store file format
$keyStorePass = $password;


# Create the key store file if it doesn't exist already, generate a new
# certificate, add the certificate key to the key store file, then export
# the certificate key to a stand-alone/portable file.

if ( ! -f $keyStoreFile )
{
	print "Generating $keyStoreFile key store file with $keyAlias key...\n";

	# Generate a new certificate key in the specified key store file.
	system( "keytool -genkey -alias $keyAlias -validity $validDays -keypass $keyPass -keystore $keyStoreFile -storepass $keyStorePass" );
	print "\n";

	print "Exporting $certExportFile certificate...\n";
	system( "keytool -export -keystore $keyStoreFile -storepass $keyStorePass -alias $keyAlias -file $certExportFile" );
	print "\n";
}

# Sign the set of JAR files specified on the command line.

foreach $arg ( @ARGV )
{
	if ( (-f $arg) && ($arg =~ /\.jar$/) )
	{
		$inJar = $arg;
		if ( $inJar =~ /_signed.jar$/ )
		{
			print "Skipping $inJar since it is already signed.\n";
			next;
		}

		$outJar = $inJar;
		$outJar =~ s/\.jar$/_signed.jar/;
		if ( -f $outJar )
		{
			print "Skipping $inJar since $outJar already exists.\n";
			next;
		}

		print "Signing $inJar...\n";
		system( "jarsigner -keystore $keyStoreFile -storepass $keyStorePass -keypass $keyPass -signedjar $outJar $inJar $keyAlias" );
	}
	else
	{
		print "Skipping $arg since it is not a JAR file.\n";
	}
}