We ran into an issue signing the java jar files that are located in $JAVA_TOP. We used to simply get a code signing certificate and add it to an adkeystore file and then use ADADMIN to sign the code. That's the way it's worked forever.
The last time we tried we found out the industry is moving away from using code signing certificates, or what they call "software tokens" and has moved on to using HSM's for code signing. We don't know anything about HSM's or how they work.
I've read both of the following documents, but what I'm looking for is what other companies are doing? Using an HSM to sign Oracle's java code seems like massive overkill. Is there an easier way to accomplish this that allows us to continue using the adadmin tools to sign code?
Signing EBS Jar Files With HSM (Hardware Security Module) (Doc ID 2806640.1)
Enhanced Jar Signing for Oracle E-Business Suite (Doc ID 1591073.1)