From 28d56d21eb7d6c40905a4c2afb9198e4c4c9a70b Mon Sep 17 00:00:00 2001
From: Benjamin Schwertfeger <schwertfeger@itemis.de>
Date: Mon, 20 Jan 2025 15:30:12 +0100
Subject: [PATCH 1/2] Support signing by jsign without google cloud

https://github.com/eclipse-cbi/org.eclipse.cbi/issues/594
---
 .../webservice/signing/windows/JSigner.java   | 25 +++++++++++++------
 .../signing/windows/JSignerProperties.java    |  5 ++++
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
index 2014835e..73bad399 100644
--- a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
+++ b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
@@ -57,13 +57,22 @@ public static Builder builder() {
 	@Override
 	public Path sign(Path file) {
 		try {
-			KeyStore keystore =
-					new KeyStoreBuilder()
-							.storetype(configuration().getStoreType())
-							.keystore(configuration().getKeystore())
-							.storepass(googleAccessToken())
-							.certfile(configuration().getCertificateChain().toFile())
-							.build();
+			KeyStoreBuilder keyStoreBuilder = new KeyStoreBuilder()
+					.storetype(configuration().getStoreType())
+					.keystore(configuration().getKeystore());
+			if (kmsCredentials!=null) {
+				keyStoreBuilder.storepass(googleAccessToken());
+			} else if (configuration().getStorePass() != null) {
+				keyStoreBuilder.storepass(configuration().getStorePass());
+			}
+			try {
+				if (configuration().getCertificateChain() != null) {
+					keyStoreBuilder.certfile(configuration().getCertificateChain().toFile());
+				}
+			} catch(IllegalArgumentException e){
+				// Ignore missing certficate chain;could be stored in keystore
+			}
+			KeyStore keystore =keyStoreBuilder.build();
 
 			AuthenticodeSigner signer =
 					new AuthenticodeSigner(keystore, configuration().getKeyAlias(), null)
@@ -105,7 +114,7 @@ private String googleAccessToken() {
 				throw new RuntimeException(ex);
 			}
 		} else {
-			throw new RuntimeException("Tried to retrieve a Google Cloud Access Token while no credentials have been provided");
+			return "NONE";
 		}
 	}
 
diff --git a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSignerProperties.java b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSignerProperties.java
index 53d9fcca..cb898a00 100644
--- a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSignerProperties.java
+++ b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSignerProperties.java
@@ -30,6 +30,7 @@ public class JSignerProperties {
 	private static final String JSIGN_DESCRIPTION = "windows.jsign.description";
 
 	private static final String JSIGN_STORETYPE = "windows.jsign.storetype";
+	private static final String JSIGN_STOREPASS = "windows.jsign.storepass";
 	private static final String JSIGN_KEYSTORE = "windows.jsign.keystore";
 	private static final String JSIGN_KEY_ALIAS = "windows.jsign.keyalias";
 	private static final String JSIGN_CERTCHAIN = "windows.jsign.certchain";
@@ -67,6 +68,10 @@ public String getStoreType() {
 		return propertiesReader.getString(JSIGN_STORETYPE);
 	}
 
+	public String getStorePass() {
+		return propertiesReader.getString(JSIGN_STOREPASS);
+	}
+
 	public String getKeystore() {
 		return propertiesReader.getString(JSIGN_KEYSTORE);
 	}

From 06fb4361b60985d0016613e623c7dfa609eda44d Mon Sep 17 00:00:00 2001
From: Benjamin Schwertfeger <schwertfeger@itemis.de>
Date: Mon, 20 Jan 2025 15:56:15 +0100
Subject: [PATCH 2/2] Re-set error for google cloud tokens

https://github.com/eclipse-cbi/org.eclipse.cbi/issues/594
---
 .../org/eclipse/cbi/webservice/signing/windows/JSigner.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
index 73bad399..2339b94b 100644
--- a/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
+++ b/webservice/signing/windows/src/main/java/org/eclipse/cbi/webservice/signing/windows/JSigner.java
@@ -114,7 +114,7 @@ private String googleAccessToken() {
 				throw new RuntimeException(ex);
 			}
 		} else {
-			return "NONE";
+			throw new RuntimeException("Tried to retrieve a Google Cloud Access Token while no credentials have been provided");
 		}
 	}