signer/ms_windows_sign-template from GEANT/CAT

signer/ms_windows_sign-template
Summary

Maintainability

Test Coverage

Issues
#!/bin/bash
#/*
# * *****************************************************************************
# * Contributions to this work were made on behalf of the GÉANT project, a 
# * project that has received funding from the European Union’s Framework 
# * Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
# * Horizon 2020 research and innovation programme under Grant Agreements No. 
# * 691567 (GN4-1) and No. 731122 (GN4-2).
# * On behalf of the aforementioned projects, GEANT Association is the sole owner
# * of the copyright in all material which was developed by a member of the GÉANT
# * project. GÉANT Vereniging (Association) is registered with the Chamber of 
# * Commerce in Amsterdam with registration number 40535155 and operates in the 
# * UK as a branch of GÉANT Vereniging.
# * 
# * Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. 
# * UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
# *
# * License: see the web/copyright.inc.php file in the file structure or
# *          <base_url>/copyright.php after deploying the software
# */

# see HOWTO in this directory to learn how to produce the files you need
# all certificates and key files should be in the directory pointed to by MY_PATH

# adapt path to osslsigncode
OSSL_PATH=/usr/local/bin/osslsigncode

# MY_PATH - Full path to the directory in which the certificates and keys are located
# Beware that this directory must be protected against the WEB download, otherwise your keys may be compromised. 
# The directory must be accessible by the Apache process
if [ "$MY_PATH" == "" ]; then MY_PATH="/home/scrutinizer/vault"; fi

# public key in the SPC format
if [ "$SPC" == "" ]; then SPC="xxx.spc"; fi

# matching private key, it cannot be password protected
if [ "$PRIVKEY" == "" ]; then PRIVKEY="xxx_key.der"; fi

# URL shown to the user requiring more information about your installer
URL="https://github.com/GEANT/CAT"
# product name
NAME="Configuration Assistant Tool"
# timestamp URL
# you should be using timestamping to make sure the signatures will still
# be valid even if the signing certificate has expired
# All you need to do is point to a timestamping provider
TIMESTAMP_URL=""

if [ -z "$TIMESTAMP_URL"] ; then
  $OSSL_PATH sign -certs "$MY_PATH/$SPC" -key "$MY_PATH/$PRIVKEY" -n "$NAME" -i "$URL" -in  $1 -out $2
else
  $OSSL_PATH sign -certs "$MY_PATH/$SPC" -key "$MY_PATH/$PRIVKEY" -n "$NAME" -i "$URL" -t "$TIMESTAMP_URL" -in  $1 -out $2
fi