Skip to main content

Build your plugin

Building your plugin involves writing Java code to drive custom automation operations on your systems, then compiling and packaging it in the required Zip format for upload into DigiCert​​®​​ Trust Lifecycle Manager.

DigiCert provides an example GitHub repository to help you build custom plugins. This page describes the project components and build steps.

Before you begin

Maven build system

The example plugin repository is a Java project based on the Maven build system. The system where you build the plugin must have:

  • Java 17 or later

  • Maven version 3.6 or later

Java IDE

To view and work on the example plugin repository, DigiCert recommends using an integrated development environment (IDE). The IDE helps resolve dependencies and ensures the project development environment is configured corrrectly.

The instructions on this page focus on the Eclipse IDE. To learn more, refer to the official Eclipse website.

DigiCert sensor

All plugins require at least one DigiCert sensor installed on your network. The sensor acts as the execution environment for the plugin and enables secure communications between Trust Lifecycle Manager and the target systems for managed automation.

If you don't already have a sensor, you can still build and upload the plugin. However, you must have an active sensor in place before you can create an instance (connector) of the plugin in Trust Lifecycle Manager. To learn more, see Deploy and manage sensors.

Overview of the build process

The process of building a custom plugin consists of these steps:

  1. Clone the GitHub repository for the example automation plugin.

    The repository URL is https://github.com/digicert/tlm-plugin-example-automation. Contact your DigiCert account representative for questions about how to access this repository.

  2. Import the project into the Eclipse IDE.

    1. Launch Eclipse and select the option to Import projects.

    2. In the Import modal, go to Maven > Existing Maven Projects and select Next.

    3. Browse to the root folder where you cloned the example plugin repository and select it.

    4. After selecting the folder, you should see /pom.xml listed in the Projects window. Select Finish to proceed with the import.

  3. Verify the project files in the Eclipse IDE.

    In Eclipse, you should see all the same files from the GitHub repository, plus additional listings for the Java Runtime Environment (JRE) and Maven dependencies. Check the top-level README.md file for more details about the plugin project files, dependencies, and build process.

  4. Update the project to add your own custom code and settings.

    See the Project files and Source files sections below for key components to focus on.

  5. Build the Maven project to generate the final Zip file.

    To compile and package everything, run the build script (build.sh) in the top-level project directory. For details, see the Build the plugin Zip file section.

Project files

The following files contain important settings, dependencies, and information for the plugin project. These files are found in the top-level directory of the example automation plugin.

Project file

Description

Required updates

README.md

The project README file includes important information about the project dependencies, file structure, build process, and more. For best results, review it carefully before making any updates.

pom.xml

Contains all the information Maven needs to build the project, including core dependencies, plugins, and build configurations.

The build-plugin-fat-jar execution block defines the main Java class to execute during runtime. Default value is com.example.automation.MyAutomationPluginRunner.

  • If your custom code includes additional dependencies, you must include them here.

  • If your plugin defines a different main class than the default, update the mainClass value in the build-plugin-fat-jar execution block.

build.sh

Shell script to build the project by generating the Maven assets and creating the final Zip file for upload into Trust Lifecycle Manager. The script also generates an SHA-256 checksum to ensure the integrity of the Zip file.

Before running this script, make sure the settings.xml file includes the required credentials as described below.

configuration.json

Default JSON file for configuring the plugin in Trust Lifecycle Manager. To enable the plugin, you must upload the JSON configuration file along with the final Zip file.

Update this file to match the required parameters for your plugin. For details, see Create the plugin configuration.

settings.xml

Defines required settings for running the Maven build command, including access to an additional GitHub repository with core plugin SDK files and dependencies.

If you will run the build script as part of GitHub actions, the required credentials get populated automatically. Otherwise, you must supply the credentials as described on the right.

To run the build script locally, use one of the following methods to provide the required GitHub credentials:

  • Add the credentials to the username and password fields in the settings.xml file.

  • Define the following environment variables with the credentials to use: GITHUB_ACTOR or GITHUB_USER (username) and GITHUB_TOKEN (password).

zip.xml

Defines the list of files to include in the final Zip file for the plugin.

Source files

The example automation plugin provides the following Java source files under src/main/java. To create your custom plugin, modify or extend the applicable class and method definitions in these files.

Source file

Description

Customizations

MyAutomationPlugin.java

Defines the overall certificate lifecycle automation workflow. It extends the AbstractAutomationWorkflow class and defines steps common to all automation worflows in Trust Lifecycle Manager, including:

  • testConnection: Verify connectivity to the target system.

  • generateCsr: Generate a certificate signing request (CSR) for issuing a new certificate from Trust Lifecycle Manager.

  • installCertificate: Install a certificate on the target system.

  • validateCertificate: Validate that a certificate was installed successfully on the target system.

  • refreshConfiguration: Refresh information about the target system stored in Trust Lifecycle Manager, including IP:port endpoints, operating system version, and filesystem partitions.

To customize the work done in any of the automation steps, add your custom code to the methods annotated with @Override.

MyAutomationPluginRunner.java

Acts as the entry point for the plugin, invoking the plugin object defined in MyAutomationPlugin.java, along with the required SDK context object for sharing information across different methods and storing results at different execution points.

If you update this class, make sure the fully qualified class name matches the one in the pom.xml file.

MyPluginConfiguration.java

Defines the configuration parameters needed to connect to and operate the target systems for the plugin. For example, the default version of this file defines settings typical for managing a load balancer appliance, including the username, password, and management IP and port.

All parameters you define here must have matching fields in the config_settings section of the JSON configuration file for the plugin. This ensure that users provide values for these parameters when creating an instance (connector) of the plugin in Trust Lifecycle Manager. To learn more, see Create the plugin configuration.

MyRefreshRequest.java

Lombok-annotated class defines the model for a refreshConfiguration request from Trust Lifecycle Manager.

Update this class to customize what Trust Lifecycle Manager sends when a user selects the Refresh configuration action for an instance (connector) of the plugin in Trust Lifecycle Manager. Make sure any updates you make align with the refreshConfiguration method annotated with @Override in MyAutomationPlugin.java.

MyRefreshResponse.java

Lombok-annotated class defines the response model for a refreshConfiguration request from Trust Lifecycle Manager.

Update this class to customize what the plugin sends back to Trust Lifecycle Manager when a user selects the Refresh configuration action for plugin connector. Make sure any updates you make align with the refreshConfiguration method annotated with @Override in MyAutomationPlugin.java.

Build the plugin Zip file

After customizing the plugin project and source files, you can build the plugin Zip file on the development system as follows:

  1. Change into the top-level project directory.

  2. Enter sh build.sh to run the build script.

  3. The script prints status messages to the console as it executes. At the end, it generates and prints the SHA-256 checksum for the Zip file, confirming a successful build.

  4. Find the final Zip file for the plugin in the plugin-dist subdirectory. The Zip file contains the plugin JAR file and metadata JSON file required by Trust Lifecycle Manager.

What's next

To add the plugin in Trust Lifecycle Manager, you must upload both the plugin Zip file and corresponding JSON configuration file.

For details about the required format of the JSON configuration file, see Create the plugin configuration.

In this section: