Announcement

Collapse
No announcement yet.

Custom Extension and Jar Signing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom Extension and Jar Signing

    Hello Mirth community! I'm having a bit of trouble with signjar. I will be upfront that I'm not super familiar with the process of using it for code signing (besides reading a couple docs online) but here we are. I'll give as much instruction to my process, and hopefully I can get this resolved.

    I'm working on a custom extension, a variant of a source connector. Let's call it 'File Reader Alt'

    I checked out the '3.7.1' tag from GitHub to make my changes, as this is the latest version of Mirth. I went with the approach of adding my code on top of the Mirth code base and modified the ant build scripts to build and package my new plugin. This was not from any particular guideline I found on the forums, just from my own attempt to get the thing to build.

    I built the project with Ant 1.10 and the Oracle JDK 8 (rv. 202) on Ubuntu 19.04.
    It produced an folder within the mirth-connect/server/setup directory that had all of my jar files. I zipped this up (that I did find on the forums!), and now have a file-reader-alt-3.7.1.zip

    That this point, I went to my Administrator client connected to my Mirth 3.7.1 server. The server is running on Ubuntu 18.04, under openJDK 11 (the default jre) and backed by postgresql 10. I imported the zip folder in the 'Extensions' screen, and then restarted the server and Admin client as instructed. When I attempted to launch the Admin client after the restart, I got the following error:
    Code:
    com.mirth.connect.client.launcher.q: java.lang.Exception: Error verifying entry "META-INF/MANIFEST.MF" in JAR file file-reader-alt-client.jar
    java.util.concurrent.ExecutionException: com.mirth.connect.client.launcher.q: java.lang.Exception: Error verifying entry "META-INF/MANIFEST.MF" in JAR file file-reader-alt-client.jar
    	at java.util.concurrent.FutureTask.report(Unknown Source)
    	at java.util.concurrent.FutureTask.get(Unknown Source)
    	at com.mirth.connect.client.launcher.f.a(SourceFile:406)
    	at com.mirth.connect.client.launcher.f.a(SourceFile:372)
    	at com.mirth.connect.client.launcher.MirthClientLauncher.run(SourceFile:1122)
    	at java.lang.Thread.run(Unknown Source)
    Caused by: com.mirth.connect.client.launcher.q: java.lang.Exception: Error verifying entry "META-INF/MANIFEST.MF" in JAR file file-reader-alt-client.jar
    	at com.mirth.connect.client.launcher.r.a(SourceFile:240)
    	at com.mirth.connect.client.launcher.r.a(SourceFile:178)
    	at com.mirth.connect.client.launcher.f.a(SourceFile:540)
    	at java.util.concurrent.FutureTask.run(Unknown Source)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    	... 1 more
    Caused by: java.lang.Exception: Error verifying entry "META-INF/MANIFEST.MF" in JAR file file-reader-alt-client.jar
    	at com.mirth.connect.client.launcher.r.a(SourceFile:227)
    	... 6 more
    Caused by: java.lang.Exception: Certificate CN=mirth-connect does not have required code signing extension.
    	at com.mirth.connect.client.launcher.r.a(SourceFile:400)
    	at com.mirth.connect.client.launcher.r.a(SourceFile:294)
    	at com.mirth.connect.client.launcher.r.a(SourceFile:219)
    	... 6 more
    Definitely not the most exciting thing to see. I started googling and digging into the forums, but I didn't see much that seemed relevant to this specific issue.
    I started a process of opening up the jar files and looking at the manifest files. It was clear that what I had built and signed was very different from the server. This keyed me onto thinking 'hey, I should look at the keystore on the server versus what came from the checked out code'. This showed me that the two keystores were different. I attempted to re-sign my jarfiles with the keystore from the server. That resulted in the same error. I then attempted to replace what was used during the build with the keystore from the server, but that resulted in the same error as well.

    And here we are. Sorry for the book, but I figured describing everything would be more helpful than a sentence saying 'help me!'. My question then is, what is the process for properly signing and deploying a custom extension onto a Mirth server? I tried looking through the community wiki (the only thing I found about extensions) and even found a post on the forums where someone ran into a MANIFEST file issue (http://www.mirthcorp.com/community/f...d.php?t=217108), but nothing seemed to match up.

    Thank you very much for any help you can provide

  • #2
    The certificate used to sign your extensions must be a code signing cert and be properly signed by a CA.
    Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

    Nicholas Rupley
    Work: 949-237-6069
    Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


    - How do I foo?
    - You just bar.

    Comment


    • #3
      I was able to look into code signing certs and understand what I was missing. Thank you very much for the clarification!

      Comment

      Working...
      X