From 8d9ffde36f960685c986f115b9d628a205324eb8 Mon Sep 17 00:00:00 2001
From: Dmytro Khomenko <dmitriy.khomenko@checkmarx.com>
Date: Tue, 12 Nov 2024 16:13:18 +0100
Subject: [PATCH] Updating the code signing certificate for CI (AST-74473)

---
 .github/scripts/signing_win.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/scripts/signing_win.sh b/.github/scripts/signing_win.sh
index 230e67f0c..38bdf89d1 100755
--- a/.github/scripts/signing_win.sh
+++ b/.github/scripts/signing_win.sh
@@ -21,6 +21,10 @@ REMOTE_PATH="/tmp"
 # HSM credentials
 HSM_CREDS=$SIGNING_HSM_CREDS
 
+# Certificate properties
+CERT_LABEL="CNGRSAPriv-cx-signing-2024"
+CERT_LOCATION="/home/ubuntu/checkmarx_2024.crt"
+
 # Check if OS is windows
 if [ "$OS_TYPE" != "windows" ]; then
   echo "The artifact is not a windows binary file, exiting."
@@ -53,7 +57,7 @@ if [ $? -ne 0 ]; then
 fi
 
 # Sign
-ssh -n -i "$SSH_KEY_PATH" -o StrictHostKeyChecking=no "$REMOTE_USER@$REMOTE_HOST" "osslsigncode sign -certs /home/ubuntu/checkmarx.crt  -key 'pkcs11:object=CNGRSAPriv-cx-signing' -pass $HSM_CREDS -pkcs11module /opt/cloudhsm/lib/libcloudhsm_pkcs11.so -t http://timestamp.digicert.com -in '$REMOTE_PATH/$FILENAME' -out '$REMOTE_PATH/$FILENAME_SIGNED'"
+ssh -n -i "$SSH_KEY_PATH" -o StrictHostKeyChecking=no "$REMOTE_USER@$REMOTE_HOST" "osslsigncode sign -certs $CERT_LOCATION -key 'pkcs11:object=$CERT_LABEL' -pass $HSM_CREDS -pkcs11module /opt/cloudhsm/lib/libcloudhsm_pkcs11.so -t http://timestamp.digicert.com -in '$REMOTE_PATH/$FILENAME' -out '$REMOTE_PATH/$FILENAME_SIGNED'"
 # Check remote command status
 if [ $? -ne 0 ]; then
     echo "Failed to sign file $FILENAME"