nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Test improvements (#14)

Browse Source 
* removed pvk keys tests
* new 11_sign_nest test
* improved verify_signature()
* new tests of timestamping with the add command
This commit is contained in:
olszomal 2019-07-20 12:54:46 +02:00 committed by Michał Trojnara
parent 62e8ffd0c9
commit 00290bc363
35 changed files with 352 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
tests/certs/makecerts.sh
View File

@ -1,14 +1,7 @@
#!/bin/sh
ddays=1461
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
test_result() {
if [ $1 == 0 ]
if [ "$1" == 0 ]
then
printf "Succeeded\n" >> "makecerts.log"
else
@ -16,23 +9,32 @@ if [ $1 == 0 ]
fi
}
ddays=1461
password=passme
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
mkdir "tmp/"
# OpenSSL settings
CONF="${script_path}/openssltest.cnf"
TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
if test -n "$1"; then
OPENSSL="$2/bin/openssl"
LD_LIBRARY_PATH="$2/lib"
OPENSSL="$1/bin/openssl"
LD_LIBRARY_PATH="$1/lib"
else
OPENSSL=openssl
fi
mkdir "demoCA/"
mkdir "demoCA/" 2>> "makecerts.log" 1>&2
touch "demoCA/index.txt"
touch "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
date > "makecerts.log"
$OPENSSL version 2>> "makecerts.log" 1>&2
echo "$password" > "password.txt"
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "makecerts.log"
@ -49,47 +51,44 @@ $OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/cross.key -out tm
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:passme 1>&2 2>> "makecerts.log"
$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password 1>&2 2>> "makecerts.log"
test_result $?
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
$OPENSSL rsa -in demoCA/private.key -passin pass:passme -out tmp/key.pem 1>&2 2>> "makecerts.log"
$OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem 1>&2 2>> "makecerts.log"
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:passme -out demoCA/cert.csr \
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/cert.csr -out demoCA/cert.cer 1>&2 2>> "makecerts.log"
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem 1>&2 2>> "makecerts.log"
test_result $?
printf "\nConverting the key to DER format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:passme 2>> "makecerts.log" 1>&2
$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password 2>> "makecerts.log" 1>&2
test_result $?
printf "\nConverting the key to PVK format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform PVK -pvk-strong -out tmp/key.pvk -passout pass:passme 2>> "makecerts.log" 1>&2
printf "\nConverting the certificate to DER format\n" >> "makecerts.log"
$OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der
test_result $?
echo "passme" > "password.txt"
printf "\nConverting the certificate to SPC format\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc 2>> "makecerts.log" 1>&2
test_result $?
printf "\nConverting the certificate to DER format\n" >> "makecerts.log"
openssl x509 -in tmp/cert.pem -outform DER -out tmp/cert.der
test_result $?
printf "\nConverting the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:passme 2>> "makecerts.log" 1>&2
$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password 2>> "makecerts.log" 1>&2
test_result $?
# copy new files
if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/cert.pem ] && \
[ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && [ -s tmp/cert.der ] && \
[ -s tmp/key.pvk ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
[ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && \
[ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
then
cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated"
@ -103,3 +102,6 @@ if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/cert.pem ] &&
# remove the working directory
rm -rf "demoCA/"
rm -rf "tmp/"
# restore settings
LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH

6
tests/recipes/01_sign_pem
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe"'
verify_signature "$?" "011" "exe" "sha256sum"
verify_signature "$?" "011" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -29,7 +29,7 @@ if [ -s "test.ex_" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"'
verify_text "$?" "012" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
verify_signature "$?" "012" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -45,7 +45,7 @@ if [ -s "sample.msi" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"'
verify_signature "$?" "013" "msi" "sha256sum"
verify_signature "$?" "013" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/02_sign_pass
View File

@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_021.exe"'
verify_signature "$?" "021" "exe" "sha256sum"
verify_signature "$?" "021" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"'
verify_text "$?" "022" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
verify_signature "$?" "022" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"'
verify_signature "$?" "023" "msi" "sha256sum"
verify_signature "$?" "023" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/03_sign_der
View File

@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.exe" -out "test_031.exe"'
verify_signature "$?" "031" "exe" "sha256sum"
verify_signature "$?" "031" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"'
verify_text "$?" "032" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
verify_signature "$?" "032" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"'
verify_signature "$?" "033" "msi" "sha256sum"
verify_signature "$?" "033" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

20
tests/recipes/04_sign_pvk_spc → tests/recipes/04_sign_spc
View File

@ -1,55 +1,55 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate file in the SPC format
# and the private key file in the PVK format.
# and the private key file in the PEM format.
. $(dirname $0)/../test_library
# PE file
test_name="041. Signing a PE file a SPC certificate file and a PVK key file"
test_name="041. Signing a PE file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_041.exe"'
verify_signature "$?" "041" "exe" "sha256sum"
verify_signature "$?" "041" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="042. Signing a CAB file a SPC certificate file and a PVK key file"
test_name="042. Signing a CAB file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"'
verify_text "$?" "042" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
verify_signature "$?" "042" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="043. Signing a MSI file a SPC certificate file and a PVK key file"
test_name="043. Signing a MSI file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_043.msi"'
verify_signature "$?" "043" "msi" "sha256sum"
verify_signature "$?" "043" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/05_sign_pkcs12
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
-in "test.exe" -out "test_051.exe"'
verify_signature "$?" "051" "exe" "sha256sum"
verify_signature "$?" "051" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -30,7 +30,7 @@ if [ -s "test.ex_" ]
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"'
verify_text "$?" "052" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
verify_signature "$?" "052" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -47,7 +47,7 @@ if [ -s "sample.msi" ]
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"'
verify_signature "$?" "053" "msi" "sha256sum"
verify_signature "$?" "053" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/07_sign_timestamp
View File

@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "071" "exe" "UNUSED_PATTERN"
verify_signature "$?" "071" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2'
verify_text "$?" "072" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "072" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "sample.msi" -out "test_073.msi"'
verify_signature "$?" "073" "msi" "UNUSED_PATTERN"
verify_signature "$?" "073" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/08_sign_rfc3161
View File

@ -18,7 +18,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.exe" -out "test_081.exe"'
verify_signature "$?" "081" "exe" "UNUSED_PATTERN"
verify_signature "$?" "081" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -35,7 +35,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_082.ex_"'
verify_text "$?" "082" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "082" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -52,7 +52,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "sample.msi" -out "test_083.msi"'
verify_signature "$?" "083" "msi" "UNUSED_PATTERN"
verify_signature "$?" "083" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/09_sign_page_hashes
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 -ph \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe"'
verify_signature "$?" "091" "exe" "UNUSED_PATTERN"
verify_signature "$?" "091" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/10_sign_blob
View File

@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2'
verify_text "$?" "101" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
verify_signature "$?" "101" "exe" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2'
verify_text "$?" "102" "ex_" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "102" "ex_" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2'
verify_text "$?" "103" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
verify_signature "$?" "103" "msi" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

70
tests/recipes/11_sign_nest Normal file
View File

@ -0,0 +1,70 @@
#!/bin/sh
# Signing a PE/CAB/MSI file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
# PE file
test_name="111. Signing a PE file with the nest flag"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111_signed.exe"
../../osslsigncode sign -h sha512 \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_111_signed.exe" -out "test_111.exe"'
verify_signature "$?" "111" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Error: Cannot sign cab files with flag bits set!
# cfhead_Flags 0x1e is set here:
# https://github.com/mtrojnar/osslsigncode/blob/0bea1ac8f6d61ed42dd154305a4d5b8c27478ad0/osslsigncode.c#L2936
test_name="112. Signing a CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"'
verify_signature "$?" "112" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Signing a MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113_signed.msi"
../../osslsigncode sign -h sha512 \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_113_signed.msi" -out "test_113.msi"'
verify_signature "$?" "113" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

18
tests/recipes/11_sign_readpass_pem → tests/recipes/12_sign_readpass_pem
View File

@ -4,7 +4,7 @@
. $(dirname $0)/../test_library
# PE file
test_name="111. Signing a PE file with a PEM key file with a password read from password.txt file"
test_name="121. Signing a PE file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
@ -13,15 +13,15 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111.exe"'
verify_signature "$?" "111" "exe" "UNUSED_PATTERN"
-in "test.exe" -out "test_121.exe"'
verify_signature "$?" "121" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="112. Signing a CAB file with a PEM key file with a password read from password.txt file"
test_name="122. Signing a CAB file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
@ -30,15 +30,15 @@ if [ -s "test.ex_" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112.ex_"'
verify_text "$?" "112" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
-in "test.ex_" -out "test_122.ex_"'
verify_signature "$?" "122" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Signing a MSI file with a PEM key file with a password read from password.txt file"
test_name="123. Signing a MSI file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
@ -47,8 +47,8 @@ if [ -s "sample.msi" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113.msi"'
verify_signature "$?" "113" "msi" "UNUSED_PATTERN"
-in "sample.msi" -out "test_123.msi"'
verify_signature "$?" "123" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

59
tests/recipes/12_sign_readpass_pvk
View File

@ -1,59 +0,0 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with a PVK key file with a password together with a PEM certificate.
. $(dirname $0)/../test_library
printf "The readpass option does'n work correctly with PVK key file - press enter\n" 1>&3
# PE file
test_name="121. Signing a PE file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "test.exe" -out "test_121.exe"'
verify_signature "$?" "121" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="122. Signing a CAB file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "test.ex_" -out "test_122.ex_"'
verify_text "$?" "122" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="123. Signing a MSI file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "sample.msi" -out "test_123.msi"'
verify_signature "$?" "123" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

6
tests/recipes/13_sign_readpass_pkcs12
View File

@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe"'
verify_signature "$?" "131" "exe" "UNUSED_PATTERN"
verify_signature "$?" "131" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"'
verify_text "$?" "132" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "132" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"'
verify_signature "$?" "133" "msi" "UNUSED_PATTERN"
verify_signature "$?" "133" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/14_sign_descryption
View File

@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe"'
verify_text "$?" "141" "exe" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "141" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"'
verify_text "$?" "142" "ex_" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "142" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"'
verify_text "$?" "143" "msi" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "143" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/15_sign_url
View File

@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe"'
verify_text "$?" "151" "exe" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "151" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"'
verify_text "$?" "152" "ex_" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "152" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"'
verify_text "$?" "153" "msi" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "153" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/16_sign_comm
View File

@ -17,7 +17,7 @@ if [ -s "test.exe" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe"'
verify_text "$?" "161" "exe" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "161" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -34,7 +34,7 @@ if [ -s "test.ex_" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"'
verify_text "$?" "162" "ex_" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "162" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -51,7 +51,7 @@ if [ -s "sample.msi" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"'
verify_text "$?" "163" "msi" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "163" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

6
tests/recipes/17_sign_crosscertfile
View File

@ -16,7 +16,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe"'
verify_signature "$?" "171" "exe" "UNUSED_PATTERN"
verify_signature "$?" "171" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -33,7 +33,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"'
verify_text "$?" "172" "ex_" "crosscert" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "172" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -50,7 +50,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"'
verify_signature "$?" "173" "msi" "UNUSED_PATTERN"
verify_signature "$?" "173" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/21_sign_hash_md5
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h md5 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe"'
verify_signature "$?" "211" "exe" "UNUSED_PATTERN"
verify_signature "$?" "211" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "MD5"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/22_sign_hash_sha1
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha1 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe"'
verify_signature "$?" "221" "exe" "UNUSED_PATTERN"
verify_signature "$?" "221" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA1"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/23_sign_hash_sha2
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha2 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe"'
verify_signature "$?" "231" "exe" "UNUSED_PATTERN"
verify_signature "$?" "231" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA2"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/24_sign_hash_sha384
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha384 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe"'
verify_signature "$?" "241" "exe" "UNUSED_PATTERN"
verify_signature "$?" "241" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA384"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/25_sign_hash_sha512
View File

@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha512 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe"'
verify_signature "$?" "251" "exe" "UNUSED_PATTERN"
verify_signature "$?" "251" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

4
tests/recipes/31_extract_signature
View File

@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-in "test.exe" -out "test_311.exe" && \
../../osslsigncode extract-signature -pem \
-in "test_311.exe" -out "sign_pe.pem"'
verify_signature "$?" "311" "exe" "sha256sum"
verify_signature "$?" "311" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -36,7 +36,7 @@ if [ -s "sample.msi" ]
-in "sample.msi" -out "test_312.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_312.msi" -out "sign_msi.pem"'
verify_signature "$?" "312" "msi" "sha256sum"
verify_signature "$?" "312" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

4
tests/recipes/32_attach_signature
View File

@ -12,7 +12,7 @@ if [ -s "test.exe" ]
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_pe.pem" \
-in "test.exe" -out "test_321.exe"'
verify_signature "$?" "321" "exe" "sha256sum"
verify_signature "$?" "321" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -30,7 +30,7 @@ if [ -s "sample.msi" ]
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-in "sample.msi" -out "test_322.msi"'
verify_signature "$?" "322" "msi" "sha256sum"
verify_signature "$?" "322" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

4
tests/recipes/34_add_signature
View File

@ -16,7 +16,7 @@ if [ -s "test.exe" ]
-in "test.exe" -out "test_341_signed.exe" && \
../../osslsigncode add \
-in "test_341_signed.exe" -out "test_341.exe"'
verify_signature "$?" "341" "exe" "sha256sum"
verify_signature "$?" "341" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -38,7 +38,7 @@ if [ -s "sample.msi" ]
-in "sample.msi" -out "test_342_signed.msi" && \
../../osslsigncode add \
-in "test_342_signed.msi" -out "test_342.msi"'
verify_signature "$?" "342" "msi" "sha256sum"
verify_signature "$?" "342" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

4
tests/recipes/36_add_signature_blob
View File

@ -17,7 +17,7 @@ if [ -s "test.exe" ]
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_361_signed.exe" -out "test_361.exe"'
verify_text "$?" "361" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
verify_signature "$?" "361" "exe" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -40,7 +40,7 @@ if [ -s "sample.msi" ]
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.msi" -out "test_362.msi"'
verify_text "$?" "362" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
verify_signature "$?" "362" "msi" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

49
tests/recipes/37_add_signature_timestamp Normal file
View File

@ -0,0 +1,49 @@
#!/bin/sh
# Moving the authenticode signing with Authenticode timestamping to the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="371. Moving the authenticode signing with Authenticode timestamping to the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
cat "test.exe" > "test_371.exe"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_371_signed.exe" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-in "test_371_signed.exe" -out "test_371.exe"'
verify_signature "$?" "371" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="372. Moving the authenticode signing with Authenticode timestamping to the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
cat "sample.msi" > "test_372.msi"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_372_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-in "test_372_signed.msi" -out "test_372.msi"'
verify_signature "$?" "372" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

49
tests/recipes/38_add_signature_rfc3161 Normal file
View File

@ -0,0 +1,49 @@
#!/bin/sh
# Moving the authenticode signing with RFC 3161 timestamping to the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="381. Moving the authenticode signing with RFC 3161 timestamping to the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
cat "test.exe" > "test_381.exe"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_381_signed.exe" && \
../../osslsigncode add \
-ts http://time.certum.pl/ \
-in "test_381_signed.exe" -out "test_381.exe"'
verify_signature "$?" "381" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="382. Moving the authenticode signing with RFC 3161 timestamping to the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
cat "sample.msi" > "test_382.msi"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_382_signed.msi" && \
../../osslsigncode add \
-ts http://time.certum.pl/ \
-in "test_382_signed.msi" -out "test_382.msi"'
verify_signature "$?" "382" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

16
tests/recipes/37_verify_leaf_hash → tests/recipes/40_verify_leaf_hash
View File

@ -5,7 +5,7 @@
script_path=$(pwd)
# PE file
test_name="371. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
test_name="401. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
@ -13,12 +13,12 @@ if [ -s "test.exe" ]
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_371.exe"'
../../osslsigncode verify -in "test_371.exe" \
-in "test.exe" -out "test_401.exe"'
../../osslsigncode verify -in "test_401.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
rm -f "test_371.exe"
rm -f "test_401.exe"
fi
else
printf "Test skipped\n"
@ -28,7 +28,7 @@ if [ -s "test.exe" ]
# Command is not supported for non-PE
# MSI file
test_name="372. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
test_name="402. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
@ -36,12 +36,12 @@ if [ -s "sample.msi" ]
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_372.exe"'
../../osslsigncode verify -in "test_372.exe" \
-in "test.exe" -out "test_402.exe"'
../../osslsigncode verify -in "test_402.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
rm -f "test_372.exe"
rm -f "test_402.exe"
fi
else
printf "Test skipped\n"

2
tests/recipes/41_sign_add_msi_dse
View File

@ -25,7 +25,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"'
verify_text "$?" "411" "msi" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "411" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/51_sign_jp_low
View File

@ -18,7 +18,7 @@ if [ -s "test.ex_" ]
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_511.ex_"'
verify_text "$?" "511" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "511" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/52_sign_jp_medium
View File

@ -19,7 +19,7 @@ if [ -s "test.ex_" ]
-jp medium \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_521.ex_"'
verify_text "$?" "521" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "521" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/53_sign_jp_high
View File

@ -19,7 +19,7 @@ if [ -s "test.ex_" ]
-jp high \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_531.ex_"'
verify_text "$?" "531" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
verify_signature "$?" "531" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

173
tests/test_library
View File

@ -11,7 +11,7 @@ test_result() {
local result=0
if [ $1 -eq 0 ]
if [ "$1" -eq 0 ]
then
printf "%s\n" "Test succeeded"
else
@ -19,63 +19,7 @@ test_result() {
printf "%-100s\t%s\n" "$2" "failed" 1>&3
result=1
fi
return $result
}
verify_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 sha256sum requirement
local result=0
if [ "$1" -eq 0 ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
result=$?
if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
then
cat "verify.log" >> "results.log"
elif [ "$4" = "sha256sum" ]
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
if [ -s "test_$2_signed.$3" ]
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
fi
else
rm -f "test_$2.$3" "test_$2_signed.$3"
fi
else
result=1
fi
return $result
}
verify_no_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 sha256sum requirement
local result=0
if [ "$1" -eq 0 ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
if grep -q -e "No signature found" -e "MSI file has no signature" "verify.log"
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
else
result=1
cat "verify.log" >> "results.log"
printf "Faild: the signature was found\n"
fi
else
result=1
fi
return $result
return "$result"
}
modify_blob() {
@ -95,23 +39,24 @@ modify_blob() {
if [ "$result" -ne 0 ] || \
[ $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 ]
then
result=1
result=$?
cat "verify.log" >> "results.log"
printf "Faild: verify error or non-unique message digests were found\n"
else
rm -f "test_$1_modifed.$2"
fi
return $result
return "$result"
}
verify_text() {
verify_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 searched text
# $5 ASCII od HEX format
# $6 sha256sum requirement
# $7 modify requirement
# $4 modify requirement
# $5 sha256sum requirement
# $6 ASCII or HEX "$7 text" format
# $7 obligatory text1 searched in a binary file or verify.log
# $8 optional text2 searched in verify.log
local result=0
@ -122,47 +67,79 @@ verify_text() {
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
result=$?
fi
if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
then
result=1
cat "verify.log" >> "results.log"
else
if [ "$5" = "ASCII" ]
if [ "$6" = "ASCII" ]
then
searched_text=$(echo -n "$4" | xxd -p)
searched_text=$(echo -n "$7" | xxd -p)
else
searched_text=$4
searched_text=$7
fi
if ! xxd -p -c 1000 "test_$2.$3" | grep $searched_text 2>> /dev/null 1>&2
if ! grep -q "$7" "verify.log" && \
! xxd -p -c 1000 "test_$2.$3" | grep "$searched_text" 2>> /dev/null 1>&2
then
result=1
printf "Faild: $7 not found\n"
elif [ "$4" = "MODIFY" ]
then
result=1
printf "Faild: $4 not found\n"
elif [ "$7" = "MODIFY" ]
then
modify_blob $2 $3
result=$?
fi
if [ "$result" -eq 0 ]
then
if [ "$6" = "sha256sum" ]
if [ "$3" != "ex_" ]
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
if [ -s "test_$2_signed.$3" ]
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
fi
modify_blob "$2" "$3"
result=$?
else
rm -f "test_$2.$3" "test_$2_signed.$3"
printf "MODIFY is not supported for CAB files\n"
fi
fi
if [ "$result" -eq 0 ] && [ "$2" = "401" ]
then
printf "Faild: unhashed file metadata was found\n"
result=1
fi
fi
fi
if [ "$result" -eq 0 ] && [ "$8" != "UNUSED_PATTERN" ] && ! grep -q "$8" "verify.log"
then
result=1
printf "Faild: $8 not found\n"
fi
if [ "$result" -eq 0 ] && [ "$2" = "401" ]
then
printf "Faild: unhashed file metadata was found\n"
result=1
fi
if [ "$result" -eq 0 ]
then
if [ "$5" = "sha256sum" ]
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
if [ -s "test_$2_signed.$3" ]
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
fi
else
rm -f "test_$2.$3" "test_$2_signed.$3"
fi
else
cat "verify.log" >> "results.log"
fi
else
result=1
fi
return $result
return "$result"
}
verify_no_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 sha256sum requirement
local result=0
if [ "$1" -eq 0 ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
if grep -q -e "No signature found" -e "MSI file has no signature" "verify.log"
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
else
result=1
cat "verify.log" >> "results.log"
printf "Faild: verify error or the signature was found\n"
fi
else
result=1
fi
return "$result"
}