Oracle Cheatsheet: Code Signing for Oracle 10g Forms Server

Code Signing Certificate

1. Build the keystore for Signing
The keystore is used for signing jar files. It can be installed on any computer, it is not necessary to put it on the Forms server.

1.1 Generate CSR

"C:\Program Files\Java\jdk1.8.0_152\bin\keytool" -genkey -alias codesigncert -keyalg RSA -keysize 2048 -keystore E:\codesigning\codesignstore -storepass QbnaJN3sfj3MNU -dname "CN=xxx,O=xxx,L=Toronto,ST=Ontario,C=CA"

1.2 Export CSR

"C:\Program Files\Java\jdk1.8.0_152\bin\keytool" -certreq -v -alias codesigncert -file E:\codesigning\\xxx_codesigning.csr -keystore E:\codesigning\codesignstore -storepass QbnaJN3sfj3MNU

1.3 Install the certificate from godaddy

"C:\Program Files\Java\jdk1.8.0_152\bin\keytool" -importcert -file F:\Oracle\Middleware\fr_inst\config\c1d2569cebbe31da-SHA2.pem -keystore F:\Oracle\Middleware\fr_inst\config\codesignstore -keystorepassword Welcome1 -alias codesigncert

At this point the code signing certificate is properly installed on our keystore and it is ready to sign our own jar files.

2. Signing jar files
In F:\Oracle\Middleware\FR_home\forms\java directory, that is where all the jar files reside. Most of them are provided by oracle and we DO NOT NEED to sign them. They are already signed by Oracle.

We have two custom jar files, my_icons.jar and jacob.jar. These are the only two files that need to be signed.

2.1 Clean up the jar file
Open the jar file using 7-zip. Remove these files in the META-INF sub-directory.

META-INF/*.SF META-INF/*.DSA META-INF/*.RSA META-INF/*.MF

2.2 Add permission to jar files
Create a text file add.txt like this, make sure you have a CR at the end of the file.

Codebase: * 
Permissions: all-permissions
Application-Name: OracleForms

And we run the following to add the permission to the jar files.

"C:\Program Files\Java\jdk1.8.0_152\bin\jar" ufm F:\Oracle\Middleware\FR_home\forms\java\my_icons.jar F:\Oracle\Middleware\FR_home\forms\java\add.txt
"C:\Program Files\Java\jdk1.8.0_152\bin\jar" ufm F:\Oracle\Middleware\FR_home\forms\java\jacob.jar F:\Oracle\Middleware\FR_home\forms\java\add.txt

2.3 Sign the jar files

"C:\Program Files\Java\jdk1.8.0_152\bin\jarsigner" -verbose -keystore F:\Oracle\Middleware\fr_inst\config\codesignstore -storepass Welcome1 -tsa http://tsa.starfieldtech.com/ F:\Oracle\Middleware\FR_home\forms\java\jacob.jar codesigncert
"C:\Program Files\Java\jdk1.8.0_152\bin\jarsigner" -verbose -keystore F:\Oracle\Middleware\fr_inst\config\codesignstore -storepass Welcome1 -tsa http://tsa.starfieldtech.com/ F:\Oracle\Middleware\FR_home\forms\java\my_icons.jar codesigncert

2.4 Verify the jar files (optional)

"C:\Program Files\Java\jdk1.8.0_152\bin\jarsigner" -verify -verbose -certs F:\Oracle\Middleware\FR_home\forms\java\jacob.jar
"C:\Program Files\Java\jdk1.8.0_152\bin\keytool" -printcert -jarfile F:\Oracle\Middleware\FR_home\forms\java\jacob.jar

At this stage, the jar files are properly signed. We can use these jar files on any 10g Forms server. It is not tied to the domain or URL.

The signed jar files are good for life.

Oracle Cheatsheet

Monday, February 13, 2017

Code Signing for Oracle 10g Forms Server

No comments:

Post a Comment