Support jsign without google credentials

[bschwert]

In JSigner.java the googleAccessToken is required always, even if no google credentials are provided. This leads to RuntimeException in #googleAccessToken().

The certificate chain is optional for JSign, if it's stored in the PKCS11 module.

I've changed the code to

KeyStoreBuilder keyStoreBuilder = new KeyStoreBuilder()
               .storetype(configuration().getStoreType())
               .keystore(configuration().getKeystore());
if (kmsCredentials!=null) {
       keyStoreBuilder.storepass(googleAccessToken());
}
try {
       if (configuration().getCertificateChain() != null) {
               keyStoreBuilder.certfile(configuration().getCertificateChain().toFile());
       }
} catch(IllegalArgumentException e){
       // Ignore missing certficate chain;could be stored in keystore
}
KeyStore keystore =keyStoreBuilder.build();

[netomi]

this makes perfect sense. In our use-case we were using jsign exclusively with Google KMS as signing providers, but it makes sense to make this configurable.

[netomi]

may I ask you for which use-case your are using the window signer and how do you run / deploy it?

Our current deployment script is heavily tailored for our use-case, but we can make that more general if there is a need.

[bschwert]

I sign the customized executable and the installer. Both by the maven-plugin or directly via rest requests in gradle builds.