I am trying to produce an Alfresco acp file in a wizard where the user selects the space he would like the acp to be created, and them our code would sign it using a certificate with jarsigner or bouncycastle library.
We are able to generate the acp of the selected space, but when we try to sign it using these both methods it fails.
If instead of using an acp file we try to sign a zip file where it contains all the documents of the space it works fine, but if we do it this way we are missing all the metadata of the documents which is present in the acp file.
Following the procedure to sign a zip file, you have all the documents in the space and you include a MANIFEST file that will be included once you generate the zip file. After applying the signature with jarsigner or bounctycastle, the zip contains the MANIFEST file, which now has a digital print for all the documents included in the zip file.
The problem is that if we try to reproduce this with the acp file, and we include a MANIFEST file in the space before we create the acp file, and then we try to sign this acp file with the certificate we get an error "unable to open jar".
What would be the best way to sign with a certificate all the content included in an acp file, so we could verify in a future that the content has not been modified?
btw: we are using Alfresco CE 4.2.f