[Announcement] New Code Signer tool

The end of your code signing nightmares? Pretty much!

With this new Open Source tool you can visualize in no time what jars need signing and run a signing process with your certificate.
The tool will give you extended information on the state of your jars and will verify them in real time:
[attachment=0]ui.png[/attachment]

You can find the Code Signer tool on ServoyForge: https://www.servoyforge.net/projects/code-signer
See the manual (also available inline) here: https://www.servoyforge.net/projects/code-signer/wiki

The tool is provided free of charge but donations will be appreciated to help maintain the project and create other useful tools, just click on the Project ‘Donate’ button if this tool is helpful to you.

ui.png929×674 72.3 KB

Thank you so much Patrick. This is AWESOME! !

Thanks Patrick for all the work You put into this !!

Regards,

This is really helpful! Thnkx!

Thats Really Great !!, thanks Patrick

Great!
Thank you very much.

Very helpfull!!

Thanks.

Useful, thanks.

How does this Code Signer tool relate to the SignTester tool also present on ServorForge (unrelated/replacement/added value)?

Hi Michel,

I think you can see it as a replacement. It does the same as the SignTester and more.

Yes, it is a replacement.
It gives you much more feedback in a simple and clear UI, showing you what needs to be signed, what is the state of the jars in your application_server folder, and gives you control over much more. Note that it can be launched in headless mode as well, but it’s analyzing what really need to be signed/re-signed depending on a few parameters in a properties file.
In the end though, the signing process on the jars is the same.

Okay, we’ll switch to this one in the near future then. Thanks.

Does the new Code Signer depend on the Sign tester or is it new code?
Are both to be maintained now?
Should one get dropped?
It is a little confusing - maybe the “original” could be marked as “no longer being supported” unless of course someone wants to volunteer.
(Sorry if this should go offline instead into the ServoyForge discussion)

This is a long awaited rewrite of the signTester… This was a feature request from the beginning, only I never took the time to do it until now.
It is an entire new project though. Only some of the code signing parts of the signTester code is used and has been optimized.
There’s no dependency on the signtester jar at all.

The signTester project can be considered deprecated and I will no longer maintain it, the command line parsing was a mess anyway, and I intended to rewrite that, only I did a UI instead, which I think is better for everyone… I will, as much as possible, maintain that new CodeSigner tool.
I’ll check-in the code to the ServoyForge repository soon, and anyone wishing to contribute will be welcome…

Launching CodeSigner (either by double clicking the jar or in terminal with command java -Xms256m -Xmx1g -jar CodeSigner.jar) on MacOS 10.9.1 using Java 1.7.0_51 will only show the first menu item, but no GUI. In terminal, after a few minutes this exception shows

Exception in thread "main" java.lang.NullPointerException
	at net.stuff.servoy.signing.JarNameFilter.hasJars(JarNameFilter.java:50)
	at net.stuff.servoy.signing.JarNameFilter.accept(JarNameFilter.java:27)
	at java.io.File.listFiles(File.java:1246)
	at net.stuff.servoy.signing.JarNameFilter.hasJars(JarNameFilter.java:49)
	at net.stuff.servoy.signing.JarNameFilter.accept(JarNameFilter.java:27)
	at java.io.File.listFiles(File.java:1246)
	at net.stuff.servoy.signing.JarNameFilter.hasJars(JarNameFilter.java:49)
	at net.stuff.servoy.signing.JarNameFilter.accept(JarNameFilter.java:27)
	at java.io.File.listFiles(File.java:1246)
	at net.stuff.servoy.signing.TreeFile.list(TreeFile.java:41)
	at net.stuff.servoy.signing.FileSystemModel.getChildCount(FileSystemModel.java:54)
	at javax.swing.tree.VariableHeightLayoutCache$TreeStateNode.expand(VariableHeightLayoutCache.java:1478)
	at javax.swing.tree.VariableHeightLayoutCache$TreeStateNode.expand(VariableHeightLayoutCache.java:1287)
	at javax.swing.tree.VariableHeightLayoutCache.rebuild(VariableHeightLayoutCache.java:742)
	at javax.swing.tree.VariableHeightLayoutCache.setModel(VariableHeightLayoutCache.java:108)
	at javax.swing.plaf.basic.BasicTreeUI.setModel(BasicTreeUI.java:411)
	at javax.swing.plaf.basic.BasicTreeUI$Handler.propertyChange(BasicTreeUI.java:3417)
	at javax.swing.plaf.basic.BasicTreeUI$PropertyChangeHandler.propertyChange(BasicTreeUI.java:2894)
	at com.apple.laf.AquaTreeUI$MacPropertyChangeHandler.propertyChange(AquaTreeUI.java:309)
	at java.beans.PropertyChangeSupport.fire(PropertyChangeSupport.java:335)
	at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:327)
	at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:263)
	at java.awt.Component.firePropertyChange(Component.java:8382)
	at javax.swing.JTree.setModel(JTree.java:879)
	at javax.swing.JTree.<init>(JTree.java:668)
	at net.stuff.servoy.CodeSignerFrame.<init>(CodeSignerFrame.java:613)
	at net.stuff.servoy.CodeSigner.main(CodeSigner.java:71)

The tool is looking for jars on your entire hard disk. I suppose it’s because it was launched from /
Try placing the jar in the /application_server/ folder, cd to that folder and launch the tool from there.

Thanks, problem solved.

I’ve released a v1.0.1 of the tool, with a packaged CodeSigner7.jar to be used with Java 7.

Thanks again Patrick.

I tested it and I get some warnings in the cmd box where i started the tool :

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a times
tamp, users may not be able to validate this jar after the signer certificate's
expiration date (2015-01-24) or after any future revocation date.

These warnings wher not issued in the previous version.

Regards,

Yep, that’s Java 7 being picky. I suppose they’ll soon add some more security restriction and I’ll see what I can do to workaround that, but for now, you can safely ignore the warnings.