What is adjss Utility?
- The new adjss utility is a program that is used to configure the JAR signing mode and any required parameters for JAR signing.
- It replaces the previous adkey utility that was used to generate a keystore file with code signing private key and certificate(s
- It sets up the additional parameters required to sign using jarsigner and the keystore file.
- It does not create any keystore files.
- If a keystore file is required, it is created using Java’s standard keytool command.
- The adjss utility can register the name of a keystore file and additional parameters required to sign using jarsigner and the keystore file.
- This utility is available after applying these patches only
Using adjss, three modes can be configured:
KEYSTORE – Uses private key in keystore file to sign JARs.
NONE – Does not sign any JARs.
CUSTOM – Calls customjarsign.sh to sign JARs.
Only KEYSTORE mode require additional parameters. CUSTOM mode require you to create a custom JAR signing script with a fixed name placed at a fixed location. NONE requires nothing, as it simply turns off AD signing and leaves signing to the user.
The online help for adjss looks like this:
$ adjss -help
Show this brief syntax help
adjss -mode KEYSTORE -keystore $PWD/$KS -alias $AL -sigfile CUST
Set mode to KEYSTORE and store parameters (after validating them)
Keystore passwords prompted for and stored in DB (which require APPS password)
adjss -mode CUSTOM
Set mode to CUSTOM and verify customjarsign.sh is installed.
adjss -mode NONE
Set mode to NONE.
adjss -migrate
Use existing, working adkeystore.dat + adsign.txt to create new style KEYSTORE mode in adsignmode.txt and adsignparameters.txt
keystore password remains unchanged in the database
adjss -list
List the current mode and any parameters.
adjss -verify
List the current mode and any parameters, using
For KEYSTORE mode parameters are verified (keystore file, alias in keystore, passwords).
For CUSTOM mode customjarsign.sh is verified for existence and executability.
adjss -sign /full/path/to/test.jar
Sign the passed JAR file using the configured mode and show successfully signed JAR, using:
For KEYSTORE mode the JAR is signed using jarsigner and the configured keystore parameters
jarsigner -keystore <keystore> -sigfile <sigfile> /full/path/to/test.jar <alias> + passwords
For CUSTOM mode the JAR file is added to a jarlist.txt file and the signing is attempted as customjarsign.sh $PATH_TO/jarlist.txt
How it works
Hope you like this article on adjss Utility in Oracle EBS
Related Articles
Signing JAR Files for Oracle E-Business Suite (Prior to August 2024) (Doc ID 3015098.1)
Signing JAR Files for Oracle E-Business Suite Release 12 (Doc ID 1591073.1)
How to Create a Minimally Viable Private CA for Jar Signing using OpenSSL
EBS Jar signing with HSM Based Certificate
How to verify the Digital Signature of a Signed jar File
keytool command