From 00290bc363e41919361ae091a0681855a326c25b Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Sat, 20 Jul 2019 12:54:46 +0200
Subject: [PATCH] Test improvements (#14)
* removed pvk keys tests
* new 11_sign_nest test
* improved verify_signature()
* new tests of timestamping with the add command
---
tests/certs/makecerts.sh | 54 +++---
tests/recipes/01_sign_pem | 6 +-
tests/recipes/02_sign_pass | 6 +-
tests/recipes/03_sign_der | 6 +-
.../recipes/{04_sign_pvk_spc => 04_sign_spc} | 20 +-
tests/recipes/05_sign_pkcs12 | 6 +-
tests/recipes/07_sign_timestamp | 6 +-
tests/recipes/08_sign_rfc3161 | 6 +-
tests/recipes/09_sign_page_hashes | 2 +-
tests/recipes/10_sign_blob | 6 +-
tests/recipes/11_sign_nest | 70 +++++++
...sign_readpass_pem => 12_sign_readpass_pem} | 18 +-
tests/recipes/12_sign_readpass_pvk | 59 ------
tests/recipes/13_sign_readpass_pkcs12 | 6 +-
tests/recipes/14_sign_descryption | 6 +-
tests/recipes/15_sign_url | 6 +-
tests/recipes/16_sign_comm | 6 +-
tests/recipes/17_sign_crosscertfile | 6 +-
tests/recipes/21_sign_hash_md5 | 2 +-
tests/recipes/22_sign_hash_sha1 | 2 +-
tests/recipes/23_sign_hash_sha2 | 2 +-
tests/recipes/24_sign_hash_sha384 | 2 +-
tests/recipes/25_sign_hash_sha512 | 2 +-
tests/recipes/31_extract_signature | 4 +-
tests/recipes/32_attach_signature | 4 +-
tests/recipes/34_add_signature | 4 +-
tests/recipes/36_add_signature_blob | 4 +-
tests/recipes/37_add_signature_timestamp | 49 +++++
tests/recipes/38_add_signature_rfc3161 | 49 +++++
...7_verify_leaf_hash => 40_verify_leaf_hash} | 16 +-
tests/recipes/41_sign_add_msi_dse | 2 +-
tests/recipes/51_sign_jp_low | 2 +-
tests/recipes/52_sign_jp_medium | 2 +-
tests/recipes/53_sign_jp_high | 2 +-
tests/test_library | 173 ++++++++----------
35 files changed, 352 insertions(+), 264 deletions(-)
rename tests/recipes/{04_sign_pvk_spc => 04_sign_spc} (67%)
create mode 100644 tests/recipes/11_sign_nest
rename tests/recipes/{11_sign_readpass_pem => 12_sign_readpass_pem} (69%)
delete mode 100644 tests/recipes/12_sign_readpass_pvk
create mode 100644 tests/recipes/37_add_signature_timestamp
create mode 100644 tests/recipes/38_add_signature_rfc3161
rename tests/recipes/{37_verify_leaf_hash => 40_verify_leaf_hash} (76%)
diff --git a/tests/certs/makecerts.sh b/tests/certs/makecerts.sh
index 5ac3311..1f12408 100755
--- a/tests/certs/makecerts.sh
+++ b/tests/certs/makecerts.sh
@@ -1,14 +1,7 @@
#!/bin/sh
-ddays=1461
-
-result_path=$(pwd)
-cd $(dirname "$0")
-script_path=$(pwd)
-cd "${result_path}"
-
test_result() {
-if [ $1 == 0 ]
+if [ "$1" == 0 ]
then
printf "Succeeded\n" >> "makecerts.log"
else
@@ -16,23 +9,32 @@ if [ $1 == 0 ]
fi
}
+ddays=1461
+password=passme
+
+result_path=$(pwd)
+cd $(dirname "$0")
+script_path=$(pwd)
+cd "${result_path}"
mkdir "tmp/"
# OpenSSL settings
CONF="${script_path}/openssltest.cnf"
-
+TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
if test -n "$1"; then
- OPENSSL="$2/bin/openssl"
- LD_LIBRARY_PATH="$2/lib"
+ OPENSSL="$1/bin/openssl"
+ LD_LIBRARY_PATH="$1/lib"
else
OPENSSL=openssl
fi
-mkdir "demoCA/"
+mkdir "demoCA/" 2>> "makecerts.log" 1>&2
touch "demoCA/index.txt"
touch "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
date > "makecerts.log"
+$OPENSSL version 2>> "makecerts.log" 1>&2
+echo "$password" > "password.txt"
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "makecerts.log"
@@ -49,47 +51,44 @@ $OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/cross.key -out tm
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
-$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:passme 1>&2 2>> "makecerts.log"
+$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password 1>&2 2>> "makecerts.log"
test_result $?
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
-$OPENSSL rsa -in demoCA/private.key -passin pass:passme -out tmp/key.pem 1>&2 2>> "makecerts.log"
+$OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem 1>&2 2>> "makecerts.log"
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
-$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:passme -out demoCA/cert.csr \
+$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/cert.csr -out demoCA/cert.cer 1>&2 2>> "makecerts.log"
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem 1>&2 2>> "makecerts.log"
+test_result $?
printf "\nConverting the key to DER format\n" >> "makecerts.log"
-$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:passme 2>> "makecerts.log" 1>&2
+$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password 2>> "makecerts.log" 1>&2
test_result $?
-printf "\nConverting the key to PVK format\n" >> "makecerts.log"
-$OPENSSL rsa -in tmp/key.pem -outform PVK -pvk-strong -out tmp/key.pvk -passout pass:passme 2>> "makecerts.log" 1>&2
+
+printf "\nConverting the certificate to DER format\n" >> "makecerts.log"
+$OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der
test_result $?
-echo "passme" > "password.txt"
printf "\nConverting the certificate to SPC format\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc 2>> "makecerts.log" 1>&2
test_result $?
-printf "\nConverting the certificate to DER format\n" >> "makecerts.log"
-openssl x509 -in tmp/cert.pem -outform DER -out tmp/cert.der
-test_result $?
-
printf "\nConverting the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
-$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:passme 2>> "makecerts.log" 1>&2
+$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password 2>> "makecerts.log" 1>&2
test_result $?
# copy new files
if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/cert.pem ] && \
- [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && [ -s tmp/cert.der ] && \
- [ -s tmp/key.pvk ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
+ [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && \
+ [ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
then
cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated"
@@ -103,3 +102,6 @@ if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/cert.pem ] &&
# remove the working directory
rm -rf "demoCA/"
rm -rf "tmp/"
+
+# restore settings
+LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
diff --git a/tests/recipes/01_sign_pem b/tests/recipes/01_sign_pem
index e444184..10ad51b 100644
--- a/tests/recipes/01_sign_pem
+++ b/tests/recipes/01_sign_pem
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe"'
- verify_signature "$?" "011" "exe" "sha256sum"
+ verify_signature "$?" "011" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -29,7 +29,7 @@ if [ -s "test.ex_" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"'
- verify_text "$?" "012" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
+ verify_signature "$?" "012" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -45,7 +45,7 @@ if [ -s "sample.msi" ]
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"'
- verify_signature "$?" "013" "msi" "sha256sum"
+ verify_signature "$?" "013" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/02_sign_pass b/tests/recipes/02_sign_pass
index a4c6f20..491437c 100644
--- a/tests/recipes/02_sign_pass
+++ b/tests/recipes/02_sign_pass
@@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_021.exe"'
- verify_signature "$?" "021" "exe" "sha256sum"
+ verify_signature "$?" "021" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"'
- verify_text "$?" "022" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
+ verify_signature "$?" "022" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"'
- verify_signature "$?" "023" "msi" "sha256sum"
+ verify_signature "$?" "023" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/03_sign_der b/tests/recipes/03_sign_der
index 2fa0d42..faf9eb4 100644
--- a/tests/recipes/03_sign_der
+++ b/tests/recipes/03_sign_der
@@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.exe" -out "test_031.exe"'
- verify_signature "$?" "031" "exe" "sha256sum"
+ verify_signature "$?" "031" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"'
- verify_text "$?" "032" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
+ verify_signature "$?" "032" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"'
- verify_signature "$?" "033" "msi" "sha256sum"
+ verify_signature "$?" "033" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/04_sign_pvk_spc b/tests/recipes/04_sign_spc
similarity index 67%
rename from tests/recipes/04_sign_pvk_spc
rename to tests/recipes/04_sign_spc
index 3147a5d..a51352e 100644
--- a/tests/recipes/04_sign_pvk_spc
+++ b/tests/recipes/04_sign_spc
@@ -1,55 +1,55 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate file in the SPC format
-# and the private key file in the PVK format.
+# and the private key file in the PEM format.
. $(dirname $0)/../test_library
# PE file
-test_name="041. Signing a PE file a SPC certificate file and a PVK key file"
+test_name="041. Signing a PE file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
- -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
+ -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_041.exe"'
- verify_signature "$?" "041" "exe" "sha256sum"
+ verify_signature "$?" "041" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
-test_name="042. Signing a CAB file a SPC certificate file and a PVK key file"
+test_name="042. Signing a CAB file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
- -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
+ -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"'
- verify_text "$?" "042" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
+ verify_signature "$?" "042" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
-test_name="043. Signing a MSI file a SPC certificate file and a PVK key file"
+test_name="043. Signing a MSI file a SPC certificate file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
- -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
+ -certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_043.msi"'
- verify_signature "$?" "043" "msi" "sha256sum"
+ verify_signature "$?" "043" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/05_sign_pkcs12 b/tests/recipes/05_sign_pkcs12
index bb99a85..ab6d965 100644
--- a/tests/recipes/05_sign_pkcs12
+++ b/tests/recipes/05_sign_pkcs12
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
-in "test.exe" -out "test_051.exe"'
- verify_signature "$?" "051" "exe" "sha256sum"
+ verify_signature "$?" "051" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -30,7 +30,7 @@ if [ -s "test.ex_" ]
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"'
- verify_text "$?" "052" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
+ verify_signature "$?" "052" "ex_" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -47,7 +47,7 @@ if [ -s "sample.msi" ]
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"'
- verify_signature "$?" "053" "msi" "sha256sum"
+ verify_signature "$?" "053" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/07_sign_timestamp b/tests/recipes/07_sign_timestamp
index ed215bd..0e923da 100644
--- a/tests/recipes/07_sign_timestamp
+++ b/tests/recipes/07_sign_timestamp
@@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2'
- verify_signature "$?" "071" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "071" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2'
- verify_text "$?" "072" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "072" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "sample.msi" -out "test_073.msi"'
- verify_signature "$?" "073" "msi" "UNUSED_PATTERN"
+ verify_signature "$?" "073" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/08_sign_rfc3161 b/tests/recipes/08_sign_rfc3161
index 0ec53ee..44a891b 100644
--- a/tests/recipes/08_sign_rfc3161
+++ b/tests/recipes/08_sign_rfc3161
@@ -18,7 +18,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.exe" -out "test_081.exe"'
- verify_signature "$?" "081" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "081" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -35,7 +35,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_082.ex_"'
- verify_text "$?" "082" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "082" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -52,7 +52,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "sample.msi" -out "test_083.msi"'
- verify_signature "$?" "083" "msi" "UNUSED_PATTERN"
+ verify_signature "$?" "083" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/09_sign_page_hashes b/tests/recipes/09_sign_page_hashes
index ab6d722..d2619f8 100644
--- a/tests/recipes/09_sign_page_hashes
+++ b/tests/recipes/09_sign_page_hashes
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 -ph \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe"'
- verify_signature "$?" "091" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "091" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/10_sign_blob b/tests/recipes/10_sign_blob
index 69e22b7..8111bf0 100644
--- a/tests/recipes/10_sign_blob
+++ b/tests/recipes/10_sign_blob
@@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2'
- verify_text "$?" "101" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
+ verify_signature "$?" "101" "exe" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2'
- verify_text "$?" "102" "ex_" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "102" "ex_" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2'
- verify_text "$?" "103" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
+ verify_signature "$?" "103" "msi" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/11_sign_nest b/tests/recipes/11_sign_nest
new file mode 100644
index 0000000..00bc521
--- /dev/null
+++ b/tests/recipes/11_sign_nest
@@ -0,0 +1,70 @@
+#!/bin/sh
+# Signing a PE/CAB/MSI file twice with the "nest" flag in the second time
+# in order to add the new signature instead of replacing the first one.
+
+. $(dirname $0)/../test_library
+
+# PE file
+test_name="111. Signing a PE file with the nest flag"
+printf "\n%s\n" "$test_name"
+if [ -s "test.exe" ]
+ then
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test.exe" -out "test_111_signed.exe"
+ ../../osslsigncode sign -h sha512 \
+ -nest \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test_111_signed.exe" -out "test_111.exe"'
+ verify_signature "$?" "111" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+# CAB file
+# Error: Cannot sign cab files with flag bits set!
+# cfhead_Flags 0x1e is set here:
+# https://github.com/mtrojnar/osslsigncode/blob/0bea1ac8f6d61ed42dd154305a4d5b8c27478ad0/osslsigncode.c#L2936
+test_name="112. Signing a CAB file with the nest flag"
+printf "\n%s\n" "$test_name"
+if [ -s "test.ex_" ]
+ then
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test.ex_" -out "test_112_signed.ex_"
+ ../../osslsigncode sign -h sha512 \
+ -nest \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test_112_signed.ex_" -out "test_112.ex_"'
+ verify_signature "$?" "112" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+# MSI file
+test_name="113. Signing a MSI file with the nest flag"
+printf "\n%s\n" "$test_name"
+if [ -s "sample.msi" ]
+ then
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "sample.msi" -out "test_113_signed.msi"
+ ../../osslsigncode sign -h sha512 \
+ -nest \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test_113_signed.msi" -out "test_113.msi"'
+ verify_signature "$?" "113" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "SHA256" "SHA512"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+exit 0
diff --git a/tests/recipes/11_sign_readpass_pem b/tests/recipes/12_sign_readpass_pem
similarity index 69%
rename from tests/recipes/11_sign_readpass_pem
rename to tests/recipes/12_sign_readpass_pem
index 693b08a..c8761cc 100644
--- a/tests/recipes/11_sign_readpass_pem
+++ b/tests/recipes/12_sign_readpass_pem
@@ -4,7 +4,7 @@
. $(dirname $0)/../test_library
# PE file
-test_name="111. Signing a PE file with a PEM key file with a password read from password.txt file"
+test_name="121. Signing a PE file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
@@ -13,15 +13,15 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
- -in "test.exe" -out "test_111.exe"'
- verify_signature "$?" "111" "exe" "UNUSED_PATTERN"
+ -in "test.exe" -out "test_121.exe"'
+ verify_signature "$?" "121" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
-test_name="112. Signing a CAB file with a PEM key file with a password read from password.txt file"
+test_name="122. Signing a CAB file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
@@ -30,15 +30,15 @@ if [ -s "test.ex_" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
- -in "test.ex_" -out "test_112.ex_"'
- verify_text "$?" "112" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ -in "test.ex_" -out "test_122.ex_"'
+ verify_signature "$?" "122" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
-test_name="113. Signing a MSI file with a PEM key file with a password read from password.txt file"
+test_name="123. Signing a MSI file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
@@ -47,8 +47,8 @@ if [ -s "sample.msi" ]
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
- -in "sample.msi" -out "test_113.msi"'
- verify_signature "$?" "113" "msi" "UNUSED_PATTERN"
+ -in "sample.msi" -out "test_123.msi"'
+ verify_signature "$?" "123" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/12_sign_readpass_pvk b/tests/recipes/12_sign_readpass_pvk
deleted file mode 100644
index 71c773a..0000000
--- a/tests/recipes/12_sign_readpass_pvk
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/bin/sh
-# Signing a PE/CAB/MSI file with a PVK key file with a password together with a PEM certificate.
-
-. $(dirname $0)/../test_library
-
-printf "The readpass option does'n work correctly with PVK key file - press enter\n" 1>&3
-
-# PE file
-test_name="121. Signing a PE file with a PVK key file with a password read from password.txt file"
-printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
- then
- faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
- script_path=$(pwd)
- ../../osslsigncode sign -h sha256 \
- -readpass "${script_path}/../certs/password.txt" \
- -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
- -in "test.exe" -out "test_121.exe"'
- verify_signature "$?" "121" "exe" "UNUSED_PATTERN"
- test_result "$?" "$test_name"
- else
- printf "Test skipped\n"
- fi
-
-# CAB file
-test_name="122. Signing a CAB file with a PVK key file with a password read from password.txt file"
-printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
- then
- faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
- script_path=$(pwd)
- ../../osslsigncode sign -h sha256 \
- -readpass "${script_path}/../certs/password.txt" \
- -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
- -in "test.ex_" -out "test_122.ex_"'
- verify_text "$?" "122" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
- test_result "$?" "$test_name"
- else
- printf "Test skipped\n"
- fi
-
-# MSI file
-test_name="123. Signing a MSI file with a PVK key file with a password read from password.txt file"
-printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
- then
- faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
- script_path=$(pwd)
- ../../osslsigncode sign -h sha256 \
- -readpass "${script_path}/../certs/password.txt" \
- -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
- -in "sample.msi" -out "test_123.msi"'
- verify_signature "$?" "123" "msi" "UNUSED_PATTERN"
- test_result "$?" "$test_name"
- else
- printf "Test skipped\n"
- fi
-
-exit 0
diff --git a/tests/recipes/13_sign_readpass_pkcs12 b/tests/recipes/13_sign_readpass_pkcs12
index df90111..d10959e 100644
--- a/tests/recipes/13_sign_readpass_pkcs12
+++ b/tests/recipes/13_sign_readpass_pkcs12
@@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe"'
- verify_signature "$?" "131" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "131" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"'
- verify_text "$?" "132" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "132" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"'
- verify_signature "$?" "133" "msi" "UNUSED_PATTERN"
+ verify_signature "$?" "133" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/14_sign_descryption b/tests/recipes/14_sign_descryption
index 2f68e42..b44f2e2 100644
--- a/tests/recipes/14_sign_descryption
+++ b/tests/recipes/14_sign_descryption
@@ -14,7 +14,7 @@ if [ -s "test.exe" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe"'
- verify_text "$?" "141" "exe" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "141" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -31,7 +31,7 @@ if [ -s "test.ex_" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"'
- verify_text "$?" "142" "ex_" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "142" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -48,7 +48,7 @@ if [ -s "sample.msi" ]
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"'
- verify_text "$?" "143" "msi" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "143" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/15_sign_url b/tests/recipes/15_sign_url
index c1c3efd..56d200e 100644
--- a/tests/recipes/15_sign_url
+++ b/tests/recipes/15_sign_url
@@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe"'
- verify_text "$?" "151" "exe" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "151" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -32,7 +32,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"'
- verify_text "$?" "152" "ex_" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "152" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -49,7 +49,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"'
- verify_text "$?" "153" "msi" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "153" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/16_sign_comm b/tests/recipes/16_sign_comm
index 7113e95..9f55660 100644
--- a/tests/recipes/16_sign_comm
+++ b/tests/recipes/16_sign_comm
@@ -17,7 +17,7 @@ if [ -s "test.exe" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe"'
- verify_text "$?" "161" "exe" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "161" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -34,7 +34,7 @@ if [ -s "test.ex_" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"'
- verify_text "$?" "162" "ex_" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "162" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -51,7 +51,7 @@ if [ -s "sample.msi" ]
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"'
- verify_text "$?" "163" "msi" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "163" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/17_sign_crosscertfile b/tests/recipes/17_sign_crosscertfile
index 99c5afe..f455942 100644
--- a/tests/recipes/17_sign_crosscertfile
+++ b/tests/recipes/17_sign_crosscertfile
@@ -16,7 +16,7 @@ if [ -s "test.exe" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe"'
- verify_signature "$?" "171" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "171" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -33,7 +33,7 @@ if [ -s "test.ex_" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"'
- verify_text "$?" "172" "ex_" "crosscert" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "172" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -50,7 +50,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"'
- verify_signature "$?" "173" "msi" "UNUSED_PATTERN"
+ verify_signature "$?" "173" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "crosscert"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/21_sign_hash_md5 b/tests/recipes/21_sign_hash_md5
index 042c6e2..cc94fc0 100644
--- a/tests/recipes/21_sign_hash_md5
+++ b/tests/recipes/21_sign_hash_md5
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h md5 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe"'
- verify_signature "$?" "211" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "211" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "MD5"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/22_sign_hash_sha1 b/tests/recipes/22_sign_hash_sha1
index dd7c75f..b9123ff 100644
--- a/tests/recipes/22_sign_hash_sha1
+++ b/tests/recipes/22_sign_hash_sha1
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha1 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe"'
- verify_signature "$?" "221" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "221" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA1"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/23_sign_hash_sha2 b/tests/recipes/23_sign_hash_sha2
index 19ecfb1..8e5ac0b 100644
--- a/tests/recipes/23_sign_hash_sha2
+++ b/tests/recipes/23_sign_hash_sha2
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha2 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe"'
- verify_signature "$?" "231" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "231" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA2"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/24_sign_hash_sha384 b/tests/recipes/24_sign_hash_sha384
index dc521e5..582a8b9 100644
--- a/tests/recipes/24_sign_hash_sha384
+++ b/tests/recipes/24_sign_hash_sha384
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha384 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe"'
- verify_signature "$?" "241" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "241" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "SHA384"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/25_sign_hash_sha512 b/tests/recipes/25_sign_hash_sha512
index 862da3c..9a98b90 100644
--- a/tests/recipes/25_sign_hash_sha512
+++ b/tests/recipes/25_sign_hash_sha512
@@ -13,7 +13,7 @@ if [ -s "test.exe" ]
../../osslsigncode sign -h sha512 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe"'
- verify_signature "$?" "251" "exe" "UNUSED_PATTERN"
+ verify_signature "$?" "251" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/31_extract_signature b/tests/recipes/31_extract_signature
index 366d597..f7dbec4 100644
--- a/tests/recipes/31_extract_signature
+++ b/tests/recipes/31_extract_signature
@@ -15,7 +15,7 @@ if [ -s "test.exe" ]
-in "test.exe" -out "test_311.exe" && \
../../osslsigncode extract-signature -pem \
-in "test_311.exe" -out "sign_pe.pem"'
- verify_signature "$?" "311" "exe" "sha256sum"
+ verify_signature "$?" "311" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -36,7 +36,7 @@ if [ -s "sample.msi" ]
-in "sample.msi" -out "test_312.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_312.msi" -out "sign_msi.pem"'
- verify_signature "$?" "312" "msi" "sha256sum"
+ verify_signature "$?" "312" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/32_attach_signature b/tests/recipes/32_attach_signature
index 1ee0704..426de20 100644
--- a/tests/recipes/32_attach_signature
+++ b/tests/recipes/32_attach_signature
@@ -12,7 +12,7 @@ if [ -s "test.exe" ]
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_pe.pem" \
-in "test.exe" -out "test_321.exe"'
- verify_signature "$?" "321" "exe" "sha256sum"
+ verify_signature "$?" "321" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -30,7 +30,7 @@ if [ -s "sample.msi" ]
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-in "sample.msi" -out "test_322.msi"'
- verify_signature "$?" "322" "msi" "sha256sum"
+ verify_signature "$?" "322" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/34_add_signature b/tests/recipes/34_add_signature
index 9b25005..c1e1212 100644
--- a/tests/recipes/34_add_signature
+++ b/tests/recipes/34_add_signature
@@ -16,7 +16,7 @@ if [ -s "test.exe" ]
-in "test.exe" -out "test_341_signed.exe" && \
../../osslsigncode add \
-in "test_341_signed.exe" -out "test_341.exe"'
- verify_signature "$?" "341" "exe" "sha256sum"
+ verify_signature "$?" "341" "exe" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -38,7 +38,7 @@ if [ -s "sample.msi" ]
-in "sample.msi" -out "test_342_signed.msi" && \
../../osslsigncode add \
-in "test_342_signed.msi" -out "test_342.msi"'
- verify_signature "$?" "342" "msi" "sha256sum"
+ verify_signature "$?" "342" "msi" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/36_add_signature_blob b/tests/recipes/36_add_signature_blob
index 15bd96d..ca90dd0 100644
--- a/tests/recipes/36_add_signature_blob
+++ b/tests/recipes/36_add_signature_blob
@@ -17,7 +17,7 @@ if [ -s "test.exe" ]
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_361_signed.exe" -out "test_361.exe"'
- verify_text "$?" "361" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
+ verify_signature "$?" "361" "exe" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@@ -40,7 +40,7 @@ if [ -s "sample.msi" ]
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.msi" -out "test_362.msi"'
- verify_text "$?" "362" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
+ verify_signature "$?" "362" "msi" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/37_add_signature_timestamp b/tests/recipes/37_add_signature_timestamp
new file mode 100644
index 0000000..0a6f6c3
--- /dev/null
+++ b/tests/recipes/37_add_signature_timestamp
@@ -0,0 +1,49 @@
+#!/bin/sh
+# Moving the authenticode signing with Authenticode timestamping to the PE/MSI file.
+
+. $(dirname $0)/../test_library
+
+# PE file
+test_name="371. Moving the authenticode signing with Authenticode timestamping to the PE file"
+printf "\n%s\n" "$test_name"
+if [ -s "test.exe" ]
+ then
+ cat "test.exe" > "test_371.exe"
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test.exe" -out "test_371_signed.exe" && \
+ ../../osslsigncode add \
+ -t http://time.certum.pl/ \
+ -in "test_371_signed.exe" -out "test_371.exe"'
+ verify_signature "$?" "371" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+# CAB file
+# Command is not supported for non-PE
+
+# MSI file
+test_name="372. Moving the authenticode signing with Authenticode timestamping to the MSI file"
+printf "\n%s\n" "$test_name"
+if [ -s "sample.msi" ]
+ then
+ cat "sample.msi" > "test_372.msi"
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "sample.msi" -out "test_372_signed.msi" && \
+ ../../osslsigncode add \
+ -t http://time.certum.pl/ \
+ -in "test_372_signed.msi" -out "test_372.msi"'
+ verify_signature "$?" "372" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+exit 0
diff --git a/tests/recipes/38_add_signature_rfc3161 b/tests/recipes/38_add_signature_rfc3161
new file mode 100644
index 0000000..fc61353
--- /dev/null
+++ b/tests/recipes/38_add_signature_rfc3161
@@ -0,0 +1,49 @@
+#!/bin/sh
+# Moving the authenticode signing with RFC 3161 timestamping to the PE/MSI file.
+
+. $(dirname $0)/../test_library
+
+# PE file
+test_name="381. Moving the authenticode signing with RFC 3161 timestamping to the PE file"
+printf "\n%s\n" "$test_name"
+if [ -s "test.exe" ]
+ then
+ cat "test.exe" > "test_381.exe"
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "test.exe" -out "test_381_signed.exe" && \
+ ../../osslsigncode add \
+ -ts http://time.certum.pl/ \
+ -in "test_381_signed.exe" -out "test_381.exe"'
+ verify_signature "$?" "381" "exe" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+# CAB file
+# Command is not supported for non-PE
+
+# MSI file
+test_name="382. Moving the authenticode signing with RFC 3161 timestamping to the MSI file"
+printf "\n%s\n" "$test_name"
+if [ -s "sample.msi" ]
+ then
+ cat "sample.msi" > "test_382.msi"
+ faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+ script_path=$(pwd)
+ ../../osslsigncode sign -h sha256 \
+ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+ -in "sample.msi" -out "test_382_signed.msi" && \
+ ../../osslsigncode add \
+ -ts http://time.certum.pl/ \
+ -in "test_382_signed.msi" -out "test_382.msi"'
+ verify_signature "$?" "382" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "Unizeto"
+ test_result "$?" "$test_name"
+ else
+ printf "Test skipped\n"
+ fi
+
+exit 0
diff --git a/tests/recipes/37_verify_leaf_hash b/tests/recipes/40_verify_leaf_hash
similarity index 76%
rename from tests/recipes/37_verify_leaf_hash
rename to tests/recipes/40_verify_leaf_hash
index 5dd6c53..c323f7f 100644
--- a/tests/recipes/37_verify_leaf_hash
+++ b/tests/recipes/40_verify_leaf_hash
@@ -5,7 +5,7 @@
script_path=$(pwd)
# PE file
-test_name="371. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
+test_name="401. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
@@ -13,12 +13,12 @@ if [ -s "test.exe" ]
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
- -in "test.exe" -out "test_371.exe"'
- ../../osslsigncode verify -in "test_371.exe" \
+ -in "test.exe" -out "test_401.exe"'
+ ../../osslsigncode verify -in "test_401.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
- rm -f "test_371.exe"
+ rm -f "test_401.exe"
fi
else
printf "Test skipped\n"
@@ -28,7 +28,7 @@ if [ -s "test.exe" ]
# Command is not supported for non-PE
# MSI file
-test_name="372. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
+test_name="402. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
@@ -36,12 +36,12 @@ if [ -s "sample.msi" ]
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
- -in "test.exe" -out "test_372.exe"'
- ../../osslsigncode verify -in "test_372.exe" \
+ -in "test.exe" -out "test_402.exe"'
+ ../../osslsigncode verify -in "test_402.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
- rm -f "test_372.exe"
+ rm -f "test_402.exe"
fi
else
printf "Test skipped\n"
diff --git a/tests/recipes/41_sign_add_msi_dse b/tests/recipes/41_sign_add_msi_dse
index fbd42aa..a9733c7 100644
--- a/tests/recipes/41_sign_add_msi_dse
+++ b/tests/recipes/41_sign_add_msi_dse
@@ -25,7 +25,7 @@ if [ -s "sample.msi" ]
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"'
- verify_text "$?" "411" "msi" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "411" "msi" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/51_sign_jp_low b/tests/recipes/51_sign_jp_low
index 1da6f98..0869a52 100644
--- a/tests/recipes/51_sign_jp_low
+++ b/tests/recipes/51_sign_jp_low
@@ -18,7 +18,7 @@ if [ -s "test.ex_" ]
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_511.ex_"'
- verify_text "$?" "511" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "511" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/52_sign_jp_medium b/tests/recipes/52_sign_jp_medium
index 63483e9..8a5bd88 100644
--- a/tests/recipes/52_sign_jp_medium
+++ b/tests/recipes/52_sign_jp_medium
@@ -19,7 +19,7 @@ if [ -s "test.ex_" ]
-jp medium \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_521.ex_"'
- verify_text "$?" "521" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "521" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/recipes/53_sign_jp_high b/tests/recipes/53_sign_jp_high
index 9521eb4..0e6e284 100644
--- a/tests/recipes/53_sign_jp_high
+++ b/tests/recipes/53_sign_jp_high
@@ -19,7 +19,7 @@ if [ -s "test.ex_" ]
-jp high \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_531.ex_"'
- verify_text "$?" "531" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
+ verify_signature "$?" "531" "ex_" "UNUSED_PATTERN" "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
diff --git a/tests/test_library b/tests/test_library
index 067f302..c2f4b39 100755
--- a/tests/test_library
+++ b/tests/test_library
@@ -11,7 +11,7 @@ test_result() {
local result=0
- if [ $1 -eq 0 ]
+ if [ "$1" -eq 0 ]
then
printf "%s\n" "Test succeeded"
else
@@ -19,63 +19,7 @@ test_result() {
printf "%-100s\t%s\n" "$2" "failed" 1>&3
result=1
fi
- return $result
-}
-
-verify_signature() {
-# $1 sign exit code
-# $2 test number
-# $3 filename extension
-# $4 sha256sum requirement
-
- local result=0
-
- if [ "$1" -eq 0 ]
- then
- ../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
- result=$?
- if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
- then
- cat "verify.log" >> "results.log"
- elif [ "$4" = "sha256sum" ]
- then
- sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
- if [ -s "test_$2_signed.$3" ]
- then
- sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
- fi
- else
- rm -f "test_$2.$3" "test_$2_signed.$3"
- fi
- else
- result=1
- fi
- return $result
-}
-
-verify_no_signature() {
-# $1 sign exit code
-# $2 test number
-# $3 filename extension
-# $4 sha256sum requirement
-
- local result=0
-
- if [ "$1" -eq 0 ]
- then
- ../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
- if grep -q -e "No signature found" -e "MSI file has no signature" "verify.log"
- then
- sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
- else
- result=1
- cat "verify.log" >> "results.log"
- printf "Faild: the signature was found\n"
- fi
- else
- result=1
- fi
- return $result
+ return "$result"
}
modify_blob() {
@@ -95,23 +39,24 @@ modify_blob() {
if [ "$result" -ne 0 ] || \
[ $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 ]
then
- result=1
+ result=$?
cat "verify.log" >> "results.log"
printf "Faild: verify error or non-unique message digests were found\n"
else
rm -f "test_$1_modifed.$2"
fi
- return $result
+ return "$result"
}
-verify_text() {
+verify_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
-# $4 searched text
-# $5 ASCII od HEX format
-# $6 sha256sum requirement
-# $7 modify requirement
+# $4 modify requirement
+# $5 sha256sum requirement
+# $6 ASCII or HEX "$7 text" format
+# $7 obligatory text1 searched in a binary file or verify.log
+# $8 optional text2 searched in verify.log
local result=0
@@ -122,47 +67,79 @@ verify_text() {
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
result=$?
fi
- if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
- then
- result=1
- cat "verify.log" >> "results.log"
- else
- if [ "$5" = "ASCII" ]
+ if [ "$6" = "ASCII" ]
then
- searched_text=$(echo -n "$4" | xxd -p)
+ searched_text=$(echo -n "$7" | xxd -p)
else
- searched_text=$4
+ searched_text=$7
fi
- if ! xxd -p -c 1000 "test_$2.$3" | grep $searched_text 2>> /dev/null 1>&2
+ if ! grep -q "$7" "verify.log" && \
+ ! xxd -p -c 1000 "test_$2.$3" | grep "$searched_text" 2>> /dev/null 1>&2
+ then
+ result=1
+ printf "Faild: $7 not found\n"
+ elif [ "$4" = "MODIFY" ]
then
- result=1
- printf "Faild: $4 not found\n"
- elif [ "$7" = "MODIFY" ]
- then
- modify_blob $2 $3
- result=$?
- fi
- if [ "$result" -eq 0 ]
- then
- if [ "$6" = "sha256sum" ]
+ if [ "$3" != "ex_" ]
then
- sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
- if [ -s "test_$2_signed.$3" ]
- then
- sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
- fi
+ modify_blob "$2" "$3"
+ result=$?
else
- rm -f "test_$2.$3" "test_$2_signed.$3"
+ printf "MODIFY is not supported for CAB files\n"
fi
- fi
- if [ "$result" -eq 0 ] && [ "$2" = "401" ]
- then
- printf "Faild: unhashed file metadata was found\n"
- result=1
- fi
- fi
+ fi
+ if [ "$result" -eq 0 ] && [ "$8" != "UNUSED_PATTERN" ] && ! grep -q "$8" "verify.log"
+ then
+ result=1
+ printf "Faild: $8 not found\n"
+ fi
+ if [ "$result" -eq 0 ] && [ "$2" = "401" ]
+ then
+ printf "Faild: unhashed file metadata was found\n"
+ result=1
+ fi
+ if [ "$result" -eq 0 ]
+ then
+ if [ "$5" = "sha256sum" ]
+ then
+ sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
+ if [ -s "test_$2_signed.$3" ]
+ then
+ sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
+ fi
+ else
+ rm -f "test_$2.$3" "test_$2_signed.$3"
+ fi
+ else
+ cat "verify.log" >> "results.log"
+ fi
else
result=1
fi
- return $result
+ return "$result"
+}
+
+verify_no_signature() {
+# $1 sign exit code
+# $2 test number
+# $3 filename extension
+# $4 sha256sum requirement
+
+ local result=0
+
+ if [ "$1" -eq 0 ]
+ then
+ ../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
+ if grep -q -e "No signature found" -e "MSI file has no signature" "verify.log"
+ then
+ sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
+ else
+ result=1
+ cat "verify.log" >> "results.log"
+ printf "Faild: verify error or the signature was found\n"
+ fi
+ else
+ result=1
+ fi
+ return "$result"
}