gbe_fork/cert/sign_helper.bat

@echo off

setlocal

set /a exit=0

set "file=%~1"
if not defined file (
  set /a exit=1
  goto :end_script
)

pushd "%~dp0"
set "OPENSSL_CONF=%cd%\openssl.cnf"

set "pvt_file=%cd%\prvt.pem"
set "cer_file=%cd%\cert.pem"
set "pfx_file=%cd%\cfx.pfx"

set "openssl_exe=%cd%\openssl.exe"
set "signtool_exe=%cd%\signtool.exe"

popd

call "%openssl_exe%" req -newkey rsa:2048 -nodes -keyout "%pvt_file%" -x509 -days 5525 -out "%cer_file%" ^
  -subj "/O=GSE/CN=GSE" ^
  -addext "extendedKeyUsage=codeSigning" ^
  -addext "basicConstraints=critical,CA:true" ^
  -addext "subjectAltName=email:GSE,DNS:GSE,DNS:GSE" ^
  -addext "keyUsage=digitalSignature,keyEncipherment" ^
  -addext "authorityKeyIdentifier=keyid,issuer:always" ^
  -addext "crlDistributionPoints=URI:GSE" ^
  -addext "subjectKeyIdentifier=hash" ^
  -addext "issuerAltName=issuer:copy" ^
  -addext "nsComment=GSE" ^
  -extensions v3_req
set /a exit+=%errorlevel%
if %exit% neq 0 (
  goto :end_script
)

call "%openssl_exe%" pkcs12 -export -out "%pfx_file%" -inkey "%pvt_file%" -in "%cer_file%" -passout pass:
set /a exit+=%errorlevel%
if %exit% neq 0 (
  goto :end_script
)

del /f /q "%cer_file%"
del /f /q "%pvt_file%"

call "%signtool_exe%" sign /d "GSE" /fd sha256 /f "%pfx_file%" /p "" "%~1"
set /a exit+=%errorlevel%
if %exit% neq 0 (
  goto :end_script
)

del /f /q "%pfx_file%"

:end_script
endlocal
exit /b %exit%
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`@echo off`

			`setlocal`

			`set /a exit=0`

			`set "file=%~1"`
			`if not defined file (`
			`set /a exit=1`
			`goto :end_script`
			`)`

			`pushd "%~dp0"`
			`set "OPENSSL_CONF=%cd%\openssl.cnf"`

			`set "pvt_file=%cd%\prvt.pem"`
			`set "cer_file=%cd%\cert.pem"`
			`set "pfx_file=%cd%\cfx.pfx"`

			`set "openssl_exe=%cd%\openssl.exe"`
			`set "signtool_exe=%cd%\signtool.exe"`

			`popd`

			`call "%openssl_exe%" req -newkey rsa:2048 -nodes -keyout "%pvt_file%" -x509 -days 5525 -out "%cer_file%" ^`
use abbreviated name for signing 2024-03-09 00:30:44 +08:00			`-subj "/O=GSE/CN=GSE" ^`
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`-addext "extendedKeyUsage=codeSigning" ^`
			`-addext "basicConstraints=critical,CA:true" ^`
use abbreviated name for signing 2024-03-09 00:30:44 +08:00			`-addext "subjectAltName=email:GSE,DNS:GSE,DNS:GSE" ^`
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`-addext "keyUsage=digitalSignature,keyEncipherment" ^`
			`-addext "authorityKeyIdentifier=keyid,issuer:always" ^`
use abbreviated name for signing 2024-03-09 00:30:44 +08:00			`-addext "crlDistributionPoints=URI:GSE" ^`
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`-addext "subjectKeyIdentifier=hash" ^`
			`-addext "issuerAltName=issuer:copy" ^`
use abbreviated name for signing 2024-03-09 00:30:44 +08:00			`-addext "nsComment=GSE" ^`
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`-extensions v3_req`
			`set /a exit+=%errorlevel%`
			`if %exit% neq 0 (`
			`goto :end_script`
			`)`

			`call "%openssl_exe%" pkcs12 -export -out "%pfx_file%" -inkey "%pvt_file%" -in "%cer_file%" -passout pass:`
			`set /a exit+=%errorlevel%`
			`if %exit% neq 0 (`
			`goto :end_script`
			`)`

			`del /f /q "%cer_file%"`
			`del /f /q "%pvt_file%"`

use abbreviated name for signing 2024-03-09 00:30:44 +08:00			`call "%signtool_exe%" sign /d "GSE" /fd sha256 /f "%pfx_file%" /p "" "%~1"`
added all cert files + licenses 2024-01-01 01:23:12 +08:00			`set /a exit+=%errorlevel%`
			`if %exit% neq 0 (`
			`goto :end_script`
			`)`

			`del /f /q "%pfx_file%"`

			`:end_script`
			`endlocal`
			`exit /b %exit%`