From cabd8cf5dbc7dedd3152c008560e7f362c93b65a Mon Sep 17 00:00:00 2001
From: Jakub Chrzanowski <jakub.chrzanowski@jetbrains.com>
Date: Tue, 13 Feb 2024 12:32:48 +0100
Subject: [PATCH] IntelliJ Platform Gradle Plugin: `verifyPluginSignature` task

---
 ...s_intellij_platform_gradle_plugin_tasks.md | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/topics/appendix/tools/intellij_platform_gradle_plugin/tools_intellij_platform_gradle_plugin_tasks.md b/topics/appendix/tools/intellij_platform_gradle_plugin/tools_intellij_platform_gradle_plugin_tasks.md
index 879072aae..7f50159ec 100644
--- a/topics/appendix/tools/intellij_platform_gradle_plugin/tools_intellij_platform_gradle_plugin_tasks.md
+++ b/topics/appendix/tools/intellij_platform_gradle_plugin/tools_intellij_platform_gradle_plugin_tasks.md
@@ -37,6 +37,7 @@ flowchart TB
         signPlugin
         testIde
         verifyPluginProjectConfiguration
+        verifyPluginSignature
 
         jarSearchableOptions & prepareSandbox --> buildPlugin
         patchPluginXml --> buildSearchableOptions
@@ -46,6 +47,7 @@ flowchart TB
         buildPlugin --> signPlugin
         patchPluginXml --> verifyPluginProjectConfiguration
         verifyPluginProjectConfiguration ----> test & compileKotlin
+        verifyPluginSignature --> signPlugin
     end
 
     initializeIntelliJPlatformPlugin ---> ALL
@@ -77,6 +79,7 @@ flowchart TB
     click signPlugin "#signPlugin"
     click testIde "#testIde"
     click verifyPluginProjectConfiguration "#verifyPluginProjectConfiguration"
+    click verifyPluginSignature "#verifyPluginSignature"
 
     style classpathIndexCleanup stroke-dasharray: 5 5
     style instrumentCode stroke-dasharray: 5 5
@@ -1386,6 +1389,65 @@ Default value
 ## verifyPluginSignature
 {#verifyPluginSignature}
 
+<tldr>
+
+**Depends on**: [`signPlugin`](#signPlugin)
+
+**Extends**: [`JavaExec`][gradle-javaexec-task], [`SandboxAware`](tools_intellij_platform_gradle_plugin_task_awares.md#SigningAware)
+
+**Sources**: [`PrepareSandboxTask`](%gh-ijpgp%/src/main/kotlin/org/jetbrains/intellij/platform/gradle/tasks/VerifyPluginSignatureTask.kt)
+
+</tldr>
+
+Validates the signature of the plugin archive file using the [Marketplace ZIP Signer](https://github.com/JetBrains/marketplace-zip-signer) library.
+
+See also:
+- [](plugin_signing.md)
+- [Marketplace ZIP Signer](https://github.com/JetBrains/marketplace-zip-signer)
+
+
+### inputArchiveFile
+{#verifyPluginSignature-inputArchiveFile}
+
+Input, unsigned ZIP archive file.
+Refers to `in` CLI option.
+
+{style="narrow"}
+Type
+: `RegularFileProperty`
+
+Default value
+: [`signPlugin.signedArchiveFile`](#signPlugin-signedArchiveFile)
+
+
+### certificateChain
+{#verifyPluginSignature-certificateChain}
+
+A string containing X509 certificates.
+The first certificate from the chain will be used as a certificate authority (CA).
+Refers to `cert` CLI option.
+
+Takes precedence over the [`certificateChainFile`](#verifyPluginSignature-certificateChainFile) property.
+
+{style="narrow"}
+Type
+: `Property<String>`
+
+
+### certificateChainFile
+{#verifyPluginSignature-certificateChainFile}
+
+Path to the file containing X509 certificates.
+The first certificate from the chain will be used as a certificate authority (CA).
+Refers to `cert-file` CLI option.
+
+{style="narrow"}
+Type
+: `RegularFileProperty`
+
+Default value
+: [`signPlugin.certificateChainFile`](#signPlugin-certificateChainFile) or [`signPlugin.certificateChain`](#signPlugin-certificateChain) written to a temporary file
+
 
 ## verifyPluginStructure
 {#verifyPluginStructure}