nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

New tests for osslsigncode (#11)

Browse Source
This commit is contained in:
olszomal 2019-07-13 11:41:03 +02:00 committed by Michał Trojnara
parent 4c44cfdd76
commit 3645ba7357
41 changed files with 1951 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -40,3 +40,7 @@ stamp-h1
*~ *~
*.gz *.gz
*.bz2 *.bz2
**/*.log
!myapp.exe
*.pem

6
tests/certs/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
*.der
*.pem
*.pvk
*.p12
*.spc
*.txt

105
tests/certs/makecerts.sh Executable file
View File

@ -0,0 +1,105 @@
#!/bin/sh
ddays=1461
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
test_result() {
if [ $1 == 0 ]
then
printf "Succeeded\n" >> "makecerts.log"
else
printf "Failed\n" >> "makecerts.log"
fi
}
mkdir "tmp/"
# OpenSSL settings
CONF="${script_path}/openssltest.cnf"
if test -n "$1"; then
OPENSSL="$2/bin/openssl"
LD_LIBRARY_PATH="$2/lib"
else
OPENSSL=openssl
fi
mkdir "demoCA/"
touch "demoCA/index.txt"
touch "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
date > "makecerts.log"
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "makecerts.log"
$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/cross.key 1>&2 2>> "makecerts.log"
$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:passme 1>&2 2>> "makecerts.log"
test_result $?
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
$OPENSSL rsa -in demoCA/private.key -passin pass:passme -out tmp/key.pem 1>&2 2>> "makecerts.log"
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:passme -out demoCA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/cert.csr -out demoCA/cert.cer 1>&2 2>> "makecerts.log"
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem 1>&2 2>> "makecerts.log"
printf "\nConverting the key to DER format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:passme 2>> "makecerts.log" 1>&2
test_result $?
printf "\nConverting the key to PVK format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform PVK -pvk-strong -out tmp/key.pvk -passout pass:passme 2>> "makecerts.log" 1>&2
test_result $?
echo "passme" > "password.txt"
printf "\nConverting the certificate to SPC format\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc 2>> "makecerts.log" 1>&2
test_result $?
printf "\nConverting the certificate to DER format\n" >> "makecerts.log"
openssl x509 -in tmp/cert.pem -outform DER -out tmp/cert.der
test_result $?
printf "\nConverting the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:passme 2>> "makecerts.log" 1>&2
test_result $?
# copy new files
if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/cert.pem ] && \
[ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && [ -s tmp/cert.der ] && \
[ -s tmp/key.pvk ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
then
cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated"
printf "%s\n" "./makecerts.sh finished"
rm -f "makecerts.log"
else
printf "%s\n" "./makecerts.sh failed"
printf "%s\n" "error logs ${result_path}/makecerts.log"
fi
# remove the working directory
rm -rf "demoCA/"
rm -rf "tmp/"

59
tests/certs/openssltest.cnf Normal file
View File

@ -0,0 +1,59 @@
# OpenSSL root CA configuration file
[ ca ]
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
crl_extensions = crl_ext
default_md = sha256
preserve = no
policy = policy_match
x509_extensions = usr_cert
private_key = $dir/demoCA/CA.key
certificate = $dir/tmp/CACert.pem
[ req ]
encrypt_key = no
default_bits = 2048
default_md = sha256
string_mask = utf8only
x509_extensions = ca_extensions
distinguished_name = req_distinguished_name
[ crl_ext ]
authorityKeyIdentifier = keyid:always
[ usr_cert ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ ca_extensions ]
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ policy_match ]
countryName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address

6
tests/myapp.c Normal file
View File

@ -0,0 +1,6 @@
#include <stdio.h>
void main(void)
{
printf("Hello world!\n");
}

54
tests/recipes/01_sign_pem Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate and private key files in the PEM format.
. $(dirname $0)/../test_library
# PE file
test_name="011. Signing a PE file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe"'
verify_signature "$?" "011" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="012. Signing a CAB file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"'
verify_text "$?" "012" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="013. Signing a MSI file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"'
verify_signature "$?" "013" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

57
tests/recipes/02_sign_pass Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the encrypted private key file in the PEM format.
. $(dirname $0)/../test_library
# PE file
test_name="021. Signing a PE file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_021.exe"'
verify_signature "$?" "021" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="022. Signing a CAB file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"'
verify_text "$?" "022" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="023. Signing a MSI file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"'
verify_signature "$?" "023" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/03_sign_der Normal file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the encrypted private key file in the DER format.
# Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library
# PE file
test_name="031. Signing a PE file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.exe" -out "test_031.exe"'
verify_signature "$?" "031" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="032. Signing a CAB file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"'
verify_text "$?" "032" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="033. Signing a MSI file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"'
verify_signature "$?" "033" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/04_sign_pvk_spc Normal file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate file in the SPC format
# and the private key file in the PVK format.
. $(dirname $0)/../test_library
# PE file
test_name="041. Signing a PE file a SPC certificate file and a PVK key file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.exe" -out "test_041.exe"'
verify_signature "$?" "041" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="042. Signing a CAB file a SPC certificate file and a PVK key file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"'
verify_text "$?" "042" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="043. Signing a MSI file a SPC certificate file and a PVK key file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "sample.msi" -out "test_043.msi"'
verify_signature "$?" "043" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

56
tests/recipes/05_sign_pkcs12 Normal file
View File

@ -0,0 +1,56 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container.
. $(dirname $0)/../test_library
# PE file
test_name="051. Signing a PE file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
-in "test.exe" -out "test_051.exe"'
verify_signature "$?" "051" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="052. Signing a CAB file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"'
verify_text "$?" "052" "ex_" "osslsigncode" "ASCII" "sha256sum" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="053. Signing a MSI file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"'
verify_signature "$?" "053" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

60
tests/recipes/06_test_sha256sum Normal file
View File

@ -0,0 +1,60 @@
#!/bin/sh
# Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library
res=0
skip=0
test_name="061. Checking SHA256 message digests for 01x-05x tests"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
if [ $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
then
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_0[1-5]*[1-3]*.exe
fi
rm -f "sha256sum_exe.log"
else
skip=$($skip+1)
fi
if [ -s "test.ex_" ]
then
if [ $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_0[1-5]*[1-3]*.ex_
fi
rm -f "sha256sum_ex_.log"
else
skip=$($skip+1)
fi
if [ -s "sample.msi" ]
then
if [ $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_0[1-5]*[1-3]*.msi
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if [ $skip -lt 3 ]
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

57
tests/recipes/07_sign_timestamp Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with Authenticode timestamping
. $(dirname $0)/../test_library
# PE file
test_name="071. Signing a PE file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "071" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="072. Signing a CAB file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2'
verify_text "$?" "072" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="073. Signing a MSI file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "sample.msi" -out "test_073.msi"'
verify_signature "$?" "073" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

61
tests/recipes/08_sign_rfc3161 Normal file
View File

@ -0,0 +1,61 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by
# a single binary bit, since it was notarized and time-stamped.
. $(dirname $0)/../test_library
# PE file
test_name="081. Signing a PE file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.exe" -out "test_081.exe"'
verify_signature "$?" "081" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="082. Signing a CAB file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_082.ex_"'
verify_text "$?" "082" "ex_" "Unizeto" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="083. Signing a MSI file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "sample.msi" -out "test_083.msi"'
verify_signature "$?" "083" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

28
tests/recipes/09_sign_page_hashes Normal file
View File

@ -0,0 +1,28 @@
#!/bin/sh
# Generating page hashes for a PE file
. $(dirname $0)/../test_library
# PE file
test_name="091. Generating page hashes for a PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 -ph \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe"'
verify_signature "$?" "091" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

57
tests/recipes/10_sign_blob Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library
# PE file
test_name="101. Signing a PE file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2'
verify_text "$?" "101" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="102. Signing a CAB file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2'
verify_text "$?" "102" "ex_" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="103. Signing a MSI file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2'
verify_text "$?" "103" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

57
tests/recipes/11_sign_readpass_pem Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with a PEM key file with a password together with a PEM certificate.
. $(dirname $0)/../test_library
# PE file
test_name="111. Signing a PE file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111.exe"'
verify_signature "$?" "111" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="112. Signing a CAB file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112.ex_"'
verify_text "$?" "112" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Signing a MSI file with a PEM key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113.msi"'
verify_signature "$?" "113" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/12_sign_readpass_pvk Normal file
View File

@ -0,0 +1,59 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with a PVK key file with a password together with a PEM certificate.
. $(dirname $0)/../test_library
printf "The readpass option does'n work correctly with PVK key file - press enter\n" 1>&3
# PE file
test_name="121. Signing a PE file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "test.exe" -out "test_121.exe"'
verify_signature "$?" "121" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="122. Signing a CAB file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "test.ex_" -out "test_122.ex_"'
verify_text "$?" "122" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="123. Signing a MSI file with a PVK key file with a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pvk" \
-in "sample.msi" -out "test_123.msi"'
verify_signature "$?" "123" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/13_sign_readpass_pkcs12 Normal file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file.
. $(dirname $0)/../test_library
# PE file
test_name="131. Signing a PE file with a PKCS#12 container and a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe"'
verify_signature "$?" "131" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="132. Signing a CAB file with a PKCS#12 container and a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"'
verify_text "$?" "132" "ex_" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="133. Signing a MSI file with a PKCS#12 container and a password read from password.txt file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"'
verify_signature "$?" "133" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

57
tests/recipes/14_sign_descryption Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with a descryption
. $(dirname $0)/../test_library
# PE file
test_name="141. Signing a PE file with a descryption"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe"'
verify_text "$?" "141" "exe" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="142. Signing a CAB file with a descryption"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"'
verify_text "$?" "142" "ex_" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="143. Signing a MSI file with a descryption"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"'
verify_text "$?" "143" "msi" "DESCRYPTION_TEXT" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/15_sign_url Normal file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library
# PE file
test_name="151. Signing a PE file with specified URL"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe"'
verify_text "$?" "151" "exe" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="152. Signing a CAB file with specified URL"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"'
verify_text "$?" "152" "ex_" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="153. Signing a MSI file with specified URL"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"'
verify_text "$?" "153" "msi" "https://www.osslsigncode.com/" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

60
tests/recipes/16_sign_comm Normal file
View File

@ -0,0 +1,60 @@
#!/bin/sh
# Signing a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library
# PE file
test_name="161. Signing a PE file with the common purpose set"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe"'
verify_text "$?" "161" "exe" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="162. Signing a CAB file with the common purpose set"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"'
verify_text "$?" "162" "ex_" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="163. Signing a MSI file with the common purpose set"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"'
verify_text "$?" "163" "msi" "300c060a2b060104018237020116" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/17_sign_crosscertfile Normal file
View File

@ -0,0 +1,59 @@
#!/bin/sh
# Adding an additional certificate to the signature block of the PE/CAB/MSI file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library
# PE file
test_name="171. Adding an additional certificate to the signature block of the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe"'
verify_signature "$?" "171" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="172. Adding an additional certificate to the signature block of the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"'
verify_text "$?" "172" "ex_" "crosscert" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="173. Adding an additional certificate to the signature block of the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"'
verify_signature "$?" "173" "msi" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

26
tests/recipes/21_sign_hash_md5 Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Signing a PE file with md5 set of cryptographic hash functions.
. $(dirname $0)/../test_library
# PE file
test_name="211. Signing a PE file with md5 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h md5 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe"'
verify_signature "$?" "211" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

26
tests/recipes/22_sign_hash_sha1 Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Signing a PE file with sha1 set of cryptographic hash functions.
. $(dirname $0)/../test_library
# PE file
test_name="221. Signing a PE file with sha1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha1 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe"'
verify_signature "$?" "221" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

26
tests/recipes/23_sign_hash_sha2 Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Signing a PE file with sha2 set of cryptographic hash functions.
. $(dirname $0)/../test_library
# PE file
test_name="231. Signing a PE file with sha2 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha2 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe"'
verify_signature "$?" "231" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

26
tests/recipes/24_sign_hash_sha384 Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Signing a PE file with sha384 set of cryptographic hash functions.
. $(dirname $0)/../test_library
# PE file
test_name="241. Signing a PE file with sha384 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha384 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe"'
verify_signature "$?" "241" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

26
tests/recipes/25_sign_hash_sha512 Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Signing a PE file with sha512 set of cryptographic hash functions.
. $(dirname $0)/../test_library
# PE file
test_name="251. Signing a PE file with sha512 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha512 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe"'
verify_signature "$?" "251" "exe" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

45
tests/recipes/31_extract_signature Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
# Extracting the signature from the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="311. Extracting the signature from the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_311.exe" && \
../../osslsigncode extract-signature -pem \
-in "test_311.exe" -out "sign_pe.pem"'
verify_signature "$?" "311" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="312. Extracting the signature from the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_312.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_312.msi" -out "sign_msi.pem"'
verify_signature "$?" "312" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

39
tests/recipes/32_attach_signature Normal file
View File

@ -0,0 +1,39 @@
#!/bin/sh
# Attaching the signature to the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="321. Attaching the signature to the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_pe.pem" \
-in "test.exe" -out "test_321.exe"'
verify_signature "$?" "321" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="322. Attaching the signature to the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-in "sample.msi" -out "test_322.msi"'
verify_signature "$?" "322" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

45
tests/recipes/33_remove_signature Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
# Removing the signature from the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="331. Removing the signature from the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_331_signed.exe" && \
../../osslsigncode remove-signature \
-in "test_331_signed.exe" -out "test_331.exe"'
verify_no_signature "$?" "331" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="332. Removing the signature from the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_332_signed.msi" && \
../../osslsigncode remove-signature \
-in "test_332_signed.msi" -out "test_332.msi"'
verify_no_signature "$?" "332" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

47
tests/recipes/34_add_signature Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
# Moving the authenticode signing to the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="341. Moving the authenticode signing to the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
cp "test.exe" "test_341.exe"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_341_signed.exe" && \
../../osslsigncode add \
-in "test_341_signed.exe" -out "test_341.exe"'
verify_signature "$?" "341" "exe" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="342. Moving the authenticode signing to the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
cp "sample.msi" "test_342.msi"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_342_signed.msi" && \
../../osslsigncode add \
-in "test_342_signed.msi" -out "test_342.msi"'
verify_signature "$?" "342" "msi" "sha256sum"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

46
tests/recipes/35_varia_sha256sum Normal file
View File

@ -0,0 +1,46 @@
#!/bin/sh
# Checking SHA256 message digests for 31x-34x tests.
. $(dirname $0)/../test_library
res=0
res=0
skip=0
test_name="351. Checking SHA256 message digests for 31x-34x tests"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
if [ $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
then
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_3[1-4]*[1-2]*.exe
fi
rm -f "sha256sum_exe.log"
else
skip=$($skip+1)
fi
if [ -s "sample.msi" ]
then
if [ $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_3[1-4]*[1-2]*.msi
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if [ $skip -lt 2 ]
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

49
tests/recipes/36_add_signature_blob Normal file
View File

@ -0,0 +1,49 @@
#!/bin/sh
# Moving the authenticode signing with addUnauthenticatedBlob to the PE/MSI file.
. $(dirname $0)/../test_library
# PE file
test_name="361. Moving the authenticode signing with addUnauthenticatedBlob to the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
cat "test.exe" > "test_361.exe"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_361_signed.exe" && \
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_361_signed.exe" -out "test_361.exe"'
verify_text "$?" "361" "exe" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="362. Moving the authenticode signing with addUnauthenticatedBlob to the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
cat "sample.msi" > "test_362.msi"
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_362_signed.msi" && \
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.msi" -out "test_362.msi"'
verify_text "$?" "362" "msi" "BEGIN_BLOB" "ASCII" "UNUSED_PATTERN" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

50
tests/recipes/37_verify_leaf_hash Normal file
View File

@ -0,0 +1,50 @@
#!/bin/sh
# Comparing the leaf certificate hash against specified SHA256 message digest for the PE/MSI file
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="371. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_371.exe"'
../../osslsigncode verify -in "test_371.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
rm -f "test_371.exe"
fi
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE
# MSI file
test_name="372. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_372.exe"'
../../osslsigncode verify -in "test_372.exe" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
if test_result "$?" "$test_name"
then
rm -f "test_372.exe"
fi
else
printf "Test skipped\n"
fi
exit 0

34
tests/recipes/41_sign_add_msi_dse Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# Signing a MSI file with a PEM key file.
# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
# when signing MSI files. In addition to file content, it also hashes some file metadata,
# specifically file names, file sizes, creation times and modification times.
# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm
. $(dirname $0)/../test_library
# PE file
#
# CAB file
#
# MSI file
test_name="411. Signing a MSI file with the MsiDigitalSignatureEx option"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"'
verify_text "$?" "411" "msi" "osslsigncode" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

30
tests/recipes/51_sign_jp_low Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
# Signing a CAB file with "jp low" option
# https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library
# PE file
#
# CAB file
test_name="511. Signing a CAB file with jp low option"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_511.ex_"'
verify_text "$?" "511" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
#
exit 0

31
tests/recipes/52_sign_jp_medium Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# Signing a CAB file with "jp medium" option
# There is no implementation:
# https://github.com/mtrojnar/osslsigncode/blob/0bea1ac8f6d61ed42dd154305a4d5b8c27478ad0/osslsigncode.c#L2555-L2562
. $(dirname $0)/../test_library
# PE file
#
# CAB file
test_name="521. Signing a CAB file with jp medium option"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-jp medium \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_521.ex_"'
verify_text "$?" "521" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
#
exit 0

31
tests/recipes/53_sign_jp_high Normal file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# Signing a CAB file with "jp high" option
# There is no implementation:
# https://github.com/mtrojnar/osslsigncode/blob/0bea1ac8f6d61ed42dd154305a4d5b8c27478ad0/osslsigncode.c#L2555-L2562
. $(dirname $0)/../test_library
# PE file
#
# CAB file
test_name="531. Signing a CAB file with jp high option"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-jp high \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_531.ex_"'
verify_text "$?" "531" "ex_" "3006030200013000" "HEX" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
#
exit 0

33
tests/sample.wxs Normal file
View File

@ -0,0 +1,33 @@
<?xml version='1.0' encoding='windows-1252'?>
<!--https://wiki.gnome.org/msitools/HowTo/CreateMSI-->
<Wix xmlns='http://schemas.microsoft.com/wix/2006/wi'>
<Product Name='Foobar 1.0' Id='ABCDDCBA-86C7-4D14-AEC0-86416A69ABDE' UpgradeCode='ABCDDCBA-7349-453F-94F6-BCB5110BA4FD'
Language='1033' Codepage='1252' Version='1.0.0' Manufacturer='Acme Ltd.'>
<Package Id='*' Keywords='Installer' Description="Acme's Foobar 1.0 Installer"
Comments='Foobar is a registered trademark of Acme Ltd.' Manufacturer='Acme Ltd.'
InstallerVersion='100' Languages='1033' Compressed='yes' SummaryCodepage='1252' />
<Media Id='1' Cabinet='Sample.cab' EmbedCab='yes' DiskPrompt="CD-ROM #1" />
<Property Id='DiskPrompt' Value="Acme's Foobar 1.0 Installation [1]" />
<Directory Id='TARGETDIR' Name='SourceDir'>
<Directory Id='ProgramFilesFolder' Name='PFiles'>
<Directory Id='Acme' Name='Acme'>
<Directory Id='INSTALLDIR' Name='Foobar 1.0'>
<Component Id='MainExecutable' Guid='ABCDDCBA-83F1-4F22-985B-FDB3C8ABD471'>
<File Id='FoobarEXE' Name='FoobarAppl10.exe' DiskId='1' Source='FoobarAppl10.exe' KeyPath='yes'/>
</Component>
</Directory>
</Directory>
</Directory>
</Directory>
<Feature Id='Complete' Level='1'>
<ComponentRef Id='MainExecutable' />
</Feature>
</Product>
</Wix>

168
tests/test_library Executable file
View File

@ -0,0 +1,168 @@
# this file is a library sourced from recipes/*
result_path=$(pwd)
cd $(dirname "$0")/../
script_path=$(pwd)
cd "${result_path}"
test_result() {
#1 last exit status
#2 test name
local result=0
if [ $1 -eq 0 ]
then
printf "%s\n" "Test succeeded"
else
printf "%s\n" "Test failed"
printf "%-100s\t%s\n" "$2" "failed" 1>&3
result=1
fi
return $result
}
verify_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 sha256sum requirement
local result=0
if [ "$1" -eq 0 ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
result=$?
if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
then
cat "verify.log" >> "results.log"
elif [ "$4" = "sha256sum" ]
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
if [ -s "test_$2_signed.$3" ]
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
fi
else
rm -f "test_$2.$3" "test_$2_signed.$3"
fi
else
result=1
fi
return $result
}
verify_no_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 sha256sum requirement
local result=0
if [ "$1" -eq 0 ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
if grep -q -e "No signature found" -e "MSI file has no signature" "verify.log"
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
else
result=1
cat "verify.log" >> "results.log"
printf "Faild: the signature was found\n"
fi
else
result=1
fi
return $result
}
modify_blob() {
# $1 test number
# $2 filename extension
local result=0
begin_blob=$(echo -n "---BEGIN_BLOB---" | xxd -p)
modify_blob=$(echo -n "---MODIFIED_BLOB---" | xxd -p)
zero_blob="00000000000000000000000000000000000000"
xxd -p -c 1000 "test_$1.$2" | \
sed "s/$begin_blob$zero_blob/$begin_blob$modify_blob/" | \
xxd -p -r > "test_$1_modifed.$2"
../../osslsigncode verify -in "test_$1_modifed.$2" 2>> "verify.log" 1>&2
result=$?
if [ "$result" -ne 0 ] || \
[ $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 ]
then
result=1
cat "verify.log" >> "results.log"
printf "Faild: verify error or non-unique message digests were found\n"
else
rm -f "test_$1_modifed.$2"
fi
return $result
}
verify_text() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 searched text
# $5 ASCII od HEX format
# $6 sha256sum requirement
# $7 modify requirement
local result=0
if [ "$1" -eq 0 ]
then
if [ "$3" != "ex_" ]
then
../../osslsigncode verify -in "test_$2.$3" 2> "verify.log" 1>&2
result=$?
fi
if [ "$result" -ne 0 ] || grep -q "No signature found" "verify.log"
then
result=1
cat "verify.log" >> "results.log"
else
if [ "$5" = "ASCII" ]
then
searched_text=$(echo -n "$4" | xxd -p)
else
searched_text=$4
fi
if ! xxd -p -c 1000 "test_$2.$3" | grep $searched_text 2>> /dev/null 1>&2
then
result=1
printf "Faild: $4 not found\n"
elif [ "$7" = "MODIFY" ]
then
modify_blob $2 $3
result=$?
fi
if [ "$result" -eq 0 ]
then
if [ "$6" = "sha256sum" ]
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
if [ -s "test_$2_signed.$3" ]
then
sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
fi
else
rm -f "test_$2.$3" "test_$2_signed.$3"
fi
fi
if [ "$result" -eq 0 ] && [ "$2" = "401" ]
then
printf "Faild: unhashed file metadata was found\n"
result=1
fi
fi
else
result=1
fi
return $result
}

39
tests/testall.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/sh
# requires mingw64-gcc, gcab, msitools, libgsf, libgsf-devel
result=0
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
result_path="${result_path}/logs"
rm -rf "${result_path}"
mkdir "${result_path}"
cd "${result_path}"
date > "results.log"
touch FoobarAppl10.exe
cp "../sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
x86_64-w64-mingw32-gcc "../myapp.c" -o "test.exe" 2>> "results.log" 1>&2
gcab -c "test.ex_" "test.exe" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2
for plik in ${script_path}/recipes/*
do
/bin/sh $plik 3>&1 2>> "results.log" 1>&2
done
count=$(grep -c "Test succeeded" "results.log")
if [ $count -ne 0 ]
then
skip=$(grep -c "Test skipped" "results.log")
fail=$(grep -c "Test failed" "results.log")
printf "%s\n" "./newtest.sh finished"
printf "%s\n" "summary: success $count, skip $skip, fail $fail"
else # no test was done
result=1
fi
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "sign_pe.pem" "sign_msi.pem" "verify.log"
exit $result