From 180b352102e7440f0ff3c98cef7a5b06bc1a8b99 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 2 Jun 2021 14:54:09 +0200 Subject: [PATCH] tests improvements --- tests/certs/ca-bundle.crt | 47 +++++++++++++++++++++++++++ tests/recipes/31_attach_signature_der | 1 + tests/recipes/32_attach_signature_pem | 1 + tests/recipes/33_attach_signed | 1 + tests/recipes/34_attach_nest | 1 + tests/sources/myapp.c | 2 +- tests/test_library | 5 ++- 7 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 tests/certs/ca-bundle.crt diff --git a/tests/certs/ca-bundle.crt b/tests/certs/ca-bundle.crt new file mode 100644 index 0000000..ec0758c --- /dev/null +++ b/tests/certs/ca-bundle.crt @@ -0,0 +1,47 @@ +# Certum Trusted Network CA +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +# DigiCert Assured ID Root CA +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- diff --git a/tests/recipes/31_attach_signature_der b/tests/recipes/31_attach_signature_der index 37a0477..afcad70 100644 --- a/tests/recipes/31_attach_signature_der +++ b/tests/recipes/31_attach_signature_der @@ -37,6 +37,7 @@ for file in ${script_path}/../logs/notsigned/*.* -sigin "sign_$format_nr.der" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "notsigned/$name" -out "test_$number.$ext" result=$? diff --git a/tests/recipes/32_attach_signature_pem b/tests/recipes/32_attach_signature_pem index 3f98628..7d34603 100644 --- a/tests/recipes/32_attach_signature_pem +++ b/tests/recipes/32_attach_signature_pem @@ -37,6 +37,7 @@ for file in ${script_path}/../logs/notsigned/*.* -sigin "sign_$format_nr.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "notsigned/$name" -out "test_$number.$ext" result=$? diff --git a/tests/recipes/33_attach_signed b/tests/recipes/33_attach_signed index c5f3c50..2e0147e 100644 --- a/tests/recipes/33_attach_signed +++ b/tests/recipes/33_attach_signed @@ -41,6 +41,7 @@ for file in ${script_path}/../logs/notsigned/*.* -sigin "sign_$format_nr.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "signed_$number.$ext" -out "test_$number.$ext" result=$? diff --git a/tests/recipes/34_attach_nest b/tests/recipes/34_attach_nest index 5725b44..87052cb 100644 --- a/tests/recipes/34_attach_nest +++ b/tests/recipes/34_attach_nest @@ -32,6 +32,7 @@ for file in ${script_path}/../logs/notsigned/*.* -nest \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "signed_$number.$ext" -out "test_$number.$ext" result=$? diff --git a/tests/sources/myapp.c b/tests/sources/myapp.c index 4df7814..e1f8148 100644 --- a/tests/sources/myapp.c +++ b/tests/sources/myapp.c @@ -2,5 +2,5 @@ void main(void) { - printf("Hello world!\n"); + printf("Hello world!"); } diff --git a/tests/test_library b/tests/test_library index b3b9b4b..7d98808 100755 --- a/tests/test_library +++ b/tests/test_library @@ -41,6 +41,7 @@ modify_blob() { ../../osslsigncode verify \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "changed_$1.$2" 2>> "verify.log" 1>&2 result=$? @@ -97,6 +98,7 @@ verify_signature() { ../../osslsigncode verify \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -in "test_tmp.tmp" 2>> "verify.log" 1>&2' result=$? rm -f "test_tmp.tmp" @@ -107,7 +109,7 @@ verify_signature() { result=$? fi - if test "$result" -eq 0 -a "$8" == "MODIFY" + if test "$result" -eq 0 -a "$8" = "MODIFY" then modify_blob "$2" "$3" "$7" result=$? @@ -154,6 +156,7 @@ verify_leaf_hash() { ../../osslsigncode verify \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ -in "test_tmp.tmp" 2>> "verify.log" 1>&2' result=$?