nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 01:00:11 -05:00
Code Issues Projects Releases Wiki Activity

New CMakeTest script

Browse Source
This commit is contained in:
olszomal 2023-04-28 15:56:28 +02:00 committed by Michał Trojnara
parent fb731f2b5e
commit 54e61cb76a
1 changed files with 569 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

689
cmake/CMakeTest.cmake
View File

@ -1,327 +1,606 @@
# make test # make test
# ctest -C Release # ctest -C Release
########## Configure ##########
option(STOP_SERVER "Stop HTTP server after tests" ON)
include(FindPython3) include(FindPython3)
enable_testing()
set(FILES "${PROJECT_BINARY_DIR}/Testing/files")
set(CERTS "${PROJECT_BINARY_DIR}/Testing/certs")
set(CONF "${PROJECT_BINARY_DIR}/Testing/conf")
set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing/")
file(COPY file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/files" "${CMAKE_CURRENT_SOURCE_DIR}/tests/files"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/conf" "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/tsa_server.py" "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py"
DESTINATION "${PROJECT_BINARY_DIR}/Testing" DESTINATION "${TEST_DIR}/")
)
file(MAKE_DIRECTORY "${TEST_DIR}/logs")
set(FILES "${TEST_DIR}/files")
set(CERTS "${TEST_DIR}/certs")
set(CONF "${TEST_DIR}/conf")
set(LOGS "${TEST_DIR}/logs")
set(CLIENT_HTTP "${TEST_DIR}/client_http.py")
if(CMAKE_HOST_UNIX)
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py"
DESTINATION "${TEST_DIR}/")
set(SERVER_HTTP "${TEST_DIR}/server_http.py")
else(CMAKE_HOST_UNIX)
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw"
DESTINATION "${TEST_DIR}/")
set(SERVER_HTTP "${TEST_DIR}/server_http.pyw")
endif(CMAKE_HOST_UNIX)
file(COPY file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt" "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt"
DESTINATION "${CONF}" DESTINATION "${CONF}")
)
set(legacy_p12 "-pkcs12" "${CERTS}/legacy.p12" "-readpass" "${CERTS}/password.txt")
set(priv_p12 "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt")
set(priv_spc "-certs" "${CERTS}/cert.spc" "-key" "${CERTS}/key.pvk" "-pass" "passme")
set(priv_der "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme")
set(priv_pkey "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/keyp.pem" "-pass" "passme")
set(sign_opt "-time" "1556708400"
"-add-msi-dse" "-comm" "-ph" "-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode" "-ac" "${CERTS}/crosscert.pem"
)
# Stop server if running
if(CMAKE_HOST_UNIX) if(CMAKE_HOST_UNIX)
if(Python3_FOUND)
if(EXISTS ${LOGS}/port.log)
# Try to kill HTTP server
message(STATUS "Try to kill HTTP server")
execute_process(
COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}"
OUTPUT_VARIABLE client_output
RESULT_VARIABLE client_result)
if(NOT client_result)
# Successfully closed
message(STATUS "${client_output}")
endif(NOT client_result)
endif(EXISTS ${LOGS}/port.log)
# Start Time Stamping Authority and CRL distribution point HTTP server
execute_process(
COMMAND ${Python3_EXECUTABLE} "${SERVER_HTTP}"
OUTPUT_FILE ${LOGS}/server.log
ERROR_FILE ${LOGS}/server.log
RESULT_VARIABLE server_error)
endif(Python3_FOUND)
if(NOT EXISTS ${LOGS}/port.log OR server_error)
# Failed to start HTTP server
set(PORT 19254)
message(STATUS "Fail to start HTTP server, CTest skips some tests")
else(NOT EXISTS ${LOGS}/port.log OR server_error)
file(READ ${LOGS}/port.log PORT)
message(STATUS "HTTP server started, URL http://127.0.0.1:${PORT}")
endif(NOT EXISTS ${LOGS}/port.log OR server_error)
# Generate new test certificates
if(NOT SED_EXECUTABLE)
find_program(SED_EXECUTABLE sed)
mark_as_advanced(SED_EXECUTABLE)
endif(NOT SED_EXECUTABLE)
execute_process(
COMMAND ${SED_EXECUTABLE} "-i" "s/:19254/:${PORT}/" "${CONF}/openssl_intermediate_crldp.cnf"
COMMAND ${SED_EXECUTABLE} "-i" "s/:19254/:${PORT}/" "${CONF}/openssl_tsa_root.cnf")
execute_process( execute_process(
COMMAND "${CONF}/makecerts.sh" COMMAND "${CONF}/makecerts.sh"
WORKING_DIRECTORY ${CONF} WORKING_DIRECTORY ${CONF}
OUTPUT_VARIABLE makecerts_output OUTPUT_VARIABLE makecerts_output
RESULT_VARIABLE makecerts_result RESULT_VARIABLE makecerts_result)
) else(CMAKE_HOST_UNIX)
else() message(STATUS "To start HTTP server, URL http://127.0.0.1:19254, run: \"pythonw.exe Testing\\server_http.pyw\"")
set(PORT 19254)
set(makecerts_result 1) set(makecerts_result 1)
endif() endif(CMAKE_HOST_UNIX)
# If makecerts.sh failed copy the set of default certificates
if(makecerts_result) if(makecerts_result)
message(STATUS "makecerts.sh failed") message(STATUS "makecerts.sh failed")
if(makecerts_output) if(makecerts_output)
message(STATUS "${makecerts_output}") message(STATUS "${makecerts_output}")
endif() endif(makecerts_output)
file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs" file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs"
DESTINATION "${PROJECT_BINARY_DIR}/Testing" DESTINATION "${TEST_DIR}")
) endif(makecerts_result)
endif()
# Compute a SHA256 hash of the leaf certificate (in DER form)
execute_process( execute_process(
COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der" COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der"
OUTPUT_VARIABLE sha256sum OUTPUT_VARIABLE sha256sum)
)
string(SUBSTRING ${sha256sum} 0 64 leafhash) string(SUBSTRING ${sha256sum} 0 64 leafhash)
set(verify_opt "-CAfile" "${CERTS}/CACert.pem"
"-CRLfile" "${CERTS}/CACertCRL.pem"
"-TSA-CAfile" "${CERTS}/TSACA.pem" ########## Testing ##########
"-TSA-CRLfile" "${CERTS}/TSACertCRL.pem"
) enable_testing()
# TODO "cat" extension
set(extensions_4 "exe" "ex_" "msi" "cat") set(extensions_4 "exe" "ex_" "msi" "cat")
set(extensions_3 "exe" "ex_" "msi") set(extensions_3 "exe" "ex_" "msi")
set(files_4 "legacy" "signed" "nested" "added")
set(files_3 "removed" "attached_pem" "attached_der")
set(sign_formats "pem" "der")
set(pem_certs "cert" "expired" "revoked")
set(failed_certs "expired" "revoked")
add_test( # Test 1
NAME version # Print osslsigncode version
COMMAND osslsigncode --version add_test(NAME version
) COMMAND osslsigncode --version)
### Sign ###
# Tests 2-5
# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
# Signing time: May 1 00:00:00 2019 GMT
add_test( add_test(
NAME legacy_${ext} NAME legacy_${ext}
COMMAND osslsigncode "sign" ${sign_opt} ${legacy_p12} COMMAND osslsigncode "sign"
"-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/legacy.${ext}" "-pkcs12" "${CERTS}/legacy.p12"
) "-readpass" "${CERTS}/password.txt"
endforeach() "-ac" "${CERTS}/crosscert.pem"
"-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
"-add-msi-dse"
"-comm"
"-ph"
"-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-in" "${FILES}/unsigned.${ext}"
"-out" "${FILES}/legacy.${ext}")
endforeach(ext ${extensions_4})
# Tests 6-9
# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm
# Disable legacy mode and don't automatically load the legacy provider
# Option "-nolegacy" requires OpenSSL 3.0.0 or later
# This tests are expected to fail
if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
foreach(ext ${extensions_4})
add_test(
NAME nolegacy_${ext}
COMMAND osslsigncode "sign"
"-pkcs12" "${CERTS}/legacy.p12"
"-readpass" "${CERTS}/password.txt"
"-nolegacy" # Disable legacy mode
"-ac" "${CERTS}/crosscert.pem"
"-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
"-add-msi-dse"
"-comm"
"-ph"
"-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-in" "${FILES}/unsigned.${ext}"
"-out" "${FILES}/nolegacy.${ext}")
set_tests_properties(
nolegacy_${ext}
PROPERTIES
WILL_FAIL TRUE)
endforeach(ext ${extensions_4})
endif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
# Tests 10-13
# Sign with PKCS#12 container with AES-256-CBC private key and certificate encryption algorithm
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
# Signing time: May 1 00:00:00 2019 GMT
set(sign_${ext})
add_test( add_test(
NAME signed_${ext} NAME signed_${ext}
COMMAND osslsigncode "sign" ${sign_opt} ${priv_p12} COMMAND osslsigncode "sign"
"-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}" "-pkcs12" "${CERTS}/cert.p12"
) "-readpass" "${CERTS}/password.txt"
endforeach() "-ac" "${CERTS}/crosscert.pem"
"-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
"-add-msi-dse"
"-comm"
"-ph"
"-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-in" "${FILES}/unsigned.${ext}"
"-out" "${FILES}/signed.${ext}")
endforeach(ext ${extensions_4})
# Tests 14-17
# Sign with revoked certificate
foreach(ext ${extensions_4})
add_test(
NAME revoked_${ext}
COMMAND osslsigncode "sign"
"-certs" "${CERTS}/revoked.pem"
"-key" "${CERTS}/keyp.pem"
"-readpass" "${CERTS}/password.txt"
"-ac" "${CERTS}/crosscert.pem"
"-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
"-add-msi-dse"
"-comm"
"-ph"
"-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-in" "${FILES}/unsigned.${ext}"
"-out" "${FILES}/revoked.${ext}")
endforeach(ext ${extensions_4})
# Tests 18-20
# Remove signature
# Unsupported command for CAT files
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
add_test( add_test(
NAME removed_${ext} NAME removed_${ext}
COMMAND osslsigncode "remove-signature" COMMAND osslsigncode "remove-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}" "-in" "${FILES}/signed.${ext}"
) "-out" "${FILES}/removed.${ext}")
endforeach() set_tests_properties(
removed_${ext}
PROPERTIES
DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}")
endforeach(ext ${extensions_3})
foreach(ext ${extensions_3}) # Tests 21-24
# Extract PKCS#7 signature in PEM format
foreach(ext ${extensions_4})
add_test( add_test(
NAME extract_pem_${ext} NAME extract_pem_${ext}
COMMAND osslsigncode "extract-signature" "-pem" COMMAND osslsigncode "extract-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem" "-pem" # PEM format
) "-in" "${FILES}/signed.${ext}"
endforeach() "-out" "${FILES}/${ext}.pem")
set_tests_properties(
extract_pem_${ext}
PROPERTIES
DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}")
endforeach(ext ${extensions_4})
foreach(ext ${extensions_3}) # Tests 25-28
# Extract PKCS#7 signature in default DER format
foreach(ext ${extensions_4})
add_test( add_test(
NAME extract_der_${ext} NAME extract_der_${ext}
COMMAND osslsigncode "extract-signature" COMMAND osslsigncode "extract-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der" "-in" "${FILES}/signed.${ext}"
) "-out" "${FILES}/${ext}.der")
endforeach() set_tests_properties(
extract_der_${ext}
PROPERTIES
DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}")
endforeach(ext ${extensions_4})
# Tests 29-34
# Attach signature in PEM or DER format
# Unsupported command for CAT files
set(formats "pem" "der")
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
set_tests_properties(removed_${ext} extract_pem_${ext} extract_der_${ext} foreach(format ${formats})
PROPERTIES DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
foreach(format ${sign_formats})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test( add_test(
NAME attached_${format}_${ext} NAME attached_${format}_${ext}
COMMAND osslsigncode "attach-signature" ${verify_opt} COMMAND osslsigncode "attach-signature"
"-time" "1567296000" # sign options
"-time" "1567296000" # Signing and signature verification time: Sep 1 00:00:00 2019 GMT
"-require-leaf-hash" "SHA256:${leafhash}" "-require-leaf-hash" "SHA256:${leafhash}"
"-add-msi-dse" "-h" "sha512" "-nest" "-add-msi-dse"
"-h" "sha512"
"-nest"
"-sigin" "${FILES}/${ext}.${format}" "-sigin" "${FILES}/${ext}.${format}"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}" "-in" "${FILES}/signed.${ext}"
) "-out" "${FILES}/attached_${format}.${ext}"
set_tests_properties(attached_${format}_${ext} PROPERTIES # verify options
DEPENDS extract_pem_${ext} "-CAfile" "${CERTS}/CACert.pem"
"-CRLfile" "${CERTS}/CACertCRL.pem")
set_tests_properties(
attached_${format}_${ext}
PROPERTIES
DEPENDS "signed_${ext}:extract_${format}_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}" REQUIRED_FILES "${FILES}/signed.${ext}"
REQUIRED_FILES "${FILES}/${ext}.${format}" REQUIRED_FILES "${FILES}/${ext}.${format}")
) endforeach(format ${formats})
endforeach() endforeach(ext ${extensions_3})
endforeach()
# Tests 35-38
# Add an unauthenticated blob to a previously-signed file
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
add_test( add_test(
NAME added_${ext} NAME added_${ext}
COMMAND osslsigncode "add" COMMAND osslsigncode "add"
"-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512" "-addUnauthenticatedBlob"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}" "-add-msi-dse" "-h" "sha512"
) "-in" "${FILES}/signed.${ext}"
set_tests_properties(added_${ext} PROPERTIES "-out" "${FILES}/added.${ext}")
DEPENDS sign_${ext} set_tests_properties(
REQUIRED_FILES "${FILES}/signed.${ext}" added_${ext}
) PROPERTIES
endforeach() DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}")
endforeach(ext ${extensions_4})
# Tests 39-42
# Add the new nested signature instead of replacing the first one
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
add_test( add_test(
NAME nested_${ext} NAME nested_${ext}
COMMAND osslsigncode "sign" "-nest" ${sign_opt} ${priv_der} COMMAND osslsigncode "sign"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}" "-nest"
) "-certs" "${CERTS}/cert.pem"
set_tests_properties(nested_${ext} PROPERTIES "-key" "${CERTS}/key.der"
DEPENDS sign_${ext} "-pass" "passme"
REQUIRED_FILES "${FILES}/signed.${ext}" "-ac" "${CERTS}/crosscert.pem"
) "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
endforeach() "-add-msi-dse"
"-comm"
"-ph"
"-jp" "low"
"-h" "sha512"
"-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-in" "${FILES}/signed.${ext}"
"-out" "${FILES}/nested.${ext}")
set_tests_properties(
nested_${ext}
PROPERTIES
DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.${ext}")
endforeach(ext ${extensions_4})
### Verify signature ###
# Tests 43-45
# Verify PE/MSI/CAB files signed in the catalog file
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test( add_test(
NAME verify_catalog_${ext} NAME verify_catalog_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-catalog" "${FILES}/signed.cat" "-catalog" "${FILES}/signed.cat" # catalog file
"-time" "1567296000" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-require-leaf-hash" "SHA256:${leafhash}" "-require-leaf-hash" "SHA256:${leafhash}"
"-in" "${FILES}/unsigned.${ext}" "-CAfile" "${CERTS}/CACert.pem"
) "-CRLfile" "${CERTS}/CACertCRL.pem"
set_tests_properties(verify_catalog_${ext} PROPERTIES "-in" "${FILES}/unsigned.${ext}")
DEPENDS ${file}_${ext} set_tests_properties(
REQUIRED_FILES "${FILES}/unsigned.${ext}" verify_catalog_${ext}
) PROPERTIES
endforeach() DEPENDS "signed_${ext}"
REQUIRED_FILES "${FILES}/signed.cat"
REQUIRED_FILES "${FILES}/unsigned.${ext}")
endforeach(ext ${extensions_3})
# Tests 46-69
foreach(file ${files_4}) # Verify signature
set(files "legacy" "signed" "nested" "added" "removed" "revoked" "attached_pem" "attached_der")
foreach(file ${files})
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test( add_test(
NAME verify_${file}_${ext} NAME verify_${file}_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-time" "1567296000" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-require-leaf-hash" "SHA256:${leafhash}" "-CAfile" "${CERTS}/CACert.pem"
"-in" "${FILES}/${file}.${ext}" "-CRLfile" "${CERTS}/CACertCRL.pem"
) "-in" "${FILES}/${file}.${ext}")
set_tests_properties(verify_${file}_${ext} PROPERTIES set_tests_properties(
DEPENDS ${file}_${ext} verify_${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}" PROPERTIES
) DEPENDS "${file}_${ext}"
endforeach() REQUIRED_FILES "${FILES}/${file}.${ext}")
endforeach() endforeach(ext ${extensions_3})
endforeach(file ${files})
foreach(file ${files_3}) # "Removed" and "revoked" tests are expected to fail
set(files "removed" "revoked")
foreach(file ${files})
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
# Signature verification time: Sep 1 00:00:00 2019 GMT set_tests_properties(
add_test( verify_${file}_${ext}
NAME verify_${file}_${ext} PROPERTIES
COMMAND osslsigncode "verify" ${verify_opt} WILL_FAIL TRUE)
"-time" "1567296000" endforeach(ext ${extensions_3})
"-require-leaf-hash" "SHA256:${leafhash}" endforeach(file ${files})
"-in" "${FILES}/${file}.${ext}"
)
set_tests_properties(verify_${file}_${ext} PROPERTIES
DEPENDS ${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}"
)
endforeach()
endforeach()
foreach(ext ${extensions_3})
set_tests_properties(verify_removed_${ext} PROPERTIES
WILL_FAIL TRUE
)
endforeach()
if(Python3_FOUND) if(Python3_FOUND)
### Sign with Time-Stamp Authority ###
# Tests 70-89
# Sign with the RFC3161 Time-Stamp Authority
# Use "cert" "expired" "revoked" without X509v3 CRL Distribution Points extension
# and "cert_crldp" "revoked_crldp" contain X509v3 CRL Distribution Points extension
set(pem_certs "cert" "expired" "revoked" "cert_crldp" "revoked_crldp")
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
foreach(cert ${pem_certs}) foreach(cert ${pem_certs})
add_test( add_test(
NAME sign_ts_${cert}_${ext} NAME sign_ts_${cert}_${ext}
COMMAND ${Python3_EXECUTABLE} "${PROJECT_BINARY_DIR}/Testing/tsa_server.py" COMMAND osslsigncode "sign"
"--certs" "${CERTS}/${cert}.pem" "--key" "${CERTS}/key.pem" "-certs" "${CERTS}/${cert}.pem"
"--input" "${FILES}/unsigned.${ext}" "--output" "${FILES}/ts_${cert}.${ext}" "-key" "${CERTS}/key.pem"
) "-ac" "${CERTS}/crosscert.pem"
endforeach() "-comm"
endforeach() "-ph"
"-jp" "low"
"-h" "sha384"
"-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode"
"-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT
"-ts" "http://127.0.0.1:${PORT}"
"-in" "${FILES}/unsigned.${ext}"
"-out" "${FILES}/ts_${cert}.${ext}")
set_tests_properties(
sign_ts_${cert}_${ext}
PROPERTIES
REQUIRED_FILES "${LOGS}/port.log")
endforeach(cert ${pem_certs})
endforeach(ext ${extensions_4})
foreach(ext ${extensions_3})
### Verify Time-Stamp Authority ###
# Tests 90-92
# Signature verification time: Sep 1 00:00:00 2019 GMT # Signature verification time: Sep 1 00:00:00 2019 GMT
foreach(ext ${extensions_3})
add_test( add_test(
NAME verify_ts_cert_${ext} NAME verify_ts_cert_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-time" "1567296000" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-in" "${FILES}/ts_cert.${ext}" "-CAfile" "${CERTS}/CACert.pem"
) "-TSA-CAfile" "${CERTS}/TSACA.pem"
set_tests_properties(verify_ts_cert_${ext} PROPERTIES "-in" "${FILES}/ts_cert.${ext}")
DEPENDS sign_ts_${cert}_${ext} set_tests_properties(
verify_ts_cert_${ext}
PROPERTIES
DEPENDS "sign_ts_cert_${ext}"
REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}"
) REQUIRED_FILES "${LOGS}/port.log")
endforeach() endforeach(ext ${extensions_3})
# Tests 93-95
# Signature verification time: Jan 1 00:00:00 2035 GMT # Signature verification time: Jan 1 00:00:00 2035 GMT
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
add_test( add_test(
NAME verify_ts_future_${ext} NAME verify_ts_future_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-time" "2051222400" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT
"-in" "${FILES}/ts_cert.${ext}" "-CAfile" "${CERTS}/CACert.pem"
) "-TSA-CAfile" "${CERTS}/TSACA.pem"
set_tests_properties(verify_ts_future_${ext} PROPERTIES "-in" "${FILES}/ts_cert.${ext}")
DEPENDS sign_ts_${cert}_${ext} set_tests_properties(
verify_ts_future_${ext}
PROPERTIES
DEPENDS "sign_ts_cert_${ext}"
REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}"
) REQUIRED_FILES "${LOGS}/port.log")
endforeach() endforeach(ext ${extensions_3})
# Signature verification time: Jan 1 00:00:00 2035 GMT # Tests 96-98
# enabled "-ignore-timestamp" option # Verify with ignored timestamp
# This tests are expected to fail
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
add_test( add_test(
NAME verify_ts_ignore_${ext} NAME verify_ts_ignore_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-time" "2051222400" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT
"-ignore-timestamp" "-ignore-timestamp"
"-in" "${FILES}/ts_cert.${ext}" "-CAfile" "${CERTS}/CACert.pem"
) "-TSA-CAfile" "${CERTS}/TSACA.pem"
set_tests_properties(verify_ts_ignore_${ext} PROPERTIES "-in" "${FILES}/ts_cert.${ext}")
DEPENDS sign_ts_${cert}_${ext} set_tests_properties(
verify_ts_ignore_${ext}
PROPERTIES
DEPENDS "sign_ts_cert_${ext}"
REQUIRED_FILES "${FILES}/ts_cert.${ext}" REQUIRED_FILES "${FILES}/ts_cert.${ext}"
WILL_FAIL TRUE REQUIRED_FILES "${LOGS}/port.log"
) WILL_FAIL TRUE)
endforeach() endforeach(ext ${extensions_3})
### Verify CRL Distribution Points ###
# Tests 99-101
# Verify file signed with X509v3 CRL Distribution Points extension
# Signature verification time: Sep 1 00:00:00 2019 GMT # Signature verification time: Sep 1 00:00:00 2019 GMT
# Certificate has expired or revoked # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
foreach(ext ${extensions_3})
add_test(
NAME verify_ts_cert_crldp_${ext}
COMMAND osslsigncode "verify"
"-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-CAfile" "${CERTS}/CACert.pem"
"-TSA-CAfile" "${CERTS}/TSACA.pem"
"-in" "${FILES}/ts_cert_crldp.${ext}")
set_tests_properties(
verify_ts_cert_crldp_${ext}
PROPERTIES
DEPENDS "sign_ts_cert_crldp_${ext}"
REQUIRED_FILES "${FILES}/ts_cert_crldp.${ext}"
REQUIRED_FILES "${LOGS}/port.log")
endforeach(ext ${extensions_3})
# Tests 102-107
# Verify with expired or revoked certificate without X509v3 CRL Distribution Points extension
# This tests are expected to fail
set(failed_certs "expired" "revoked")
foreach(ext ${extensions_3}) foreach(ext ${extensions_3})
foreach(cert ${failed_certs}) foreach(cert ${failed_certs})
add_test( add_test(
NAME verify_ts_${cert}_${ext} NAME verify_ts_${cert}_${ext}
COMMAND osslsigncode "verify" ${verify_opt} COMMAND osslsigncode "verify"
"-time" "1567296000" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-in" "${FILES}/ts_${cert}.${ext}" "-CAfile" "${CERTS}/CACert.pem"
) "-CRLfile" "${CERTS}/CACertCRL.pem"
set_tests_properties(verify_ts_${cert}_${ext} PROPERTIES "-TSA-CAfile" "${CERTS}/TSACA.pem"
DEPENDS sign_ts_${cert}_${ext} "-in" "${FILES}/ts_${cert}.${ext}")
set_tests_properties(
verify_ts_${cert}_${ext}
PROPERTIES
DEPENDS "sign_ts_${cert}_${ext}"
REQUIRED_FILES "${FILES}/ts_${cert}.${ext}" REQUIRED_FILES "${FILES}/ts_${cert}.${ext}"
WILL_FAIL TRUE REQUIRED_FILES "${LOGS}/port.log"
) WILL_FAIL TRUE)
endforeach() endforeach(cert ${failed_certs})
endforeach() endforeach(ext ${extensions_3})
else() # Tests 108-110
message(STATUS "Python3 was not found, skip timestamping tests") # Verify with revoked certificate contains X509v3 CRL Distribution Points extension
endif() # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
# This test is expected to fail
foreach(ext ${extensions_3})
add_test(
NAME verify_ts_revoked_crldp_${ext}
COMMAND osslsigncode "verify"
"-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT
"-CAfile" "${CERTS}/CACert.pem"
"-TSA-CAfile" "${CERTS}/TSACA.pem"
"-in" "${FILES}/ts_revoked_crldp.${ext}")
set_tests_properties(
verify_ts_revoked_crldp_${ext}
PROPERTIES
DEPENDS "sign_ts_revoked_crldp_${ext}"
REQUIRED_FILES "${FILES}/ts_revoked_crldp.${ext}"
REQUIRED_FILES "${LOGS}/port.log"
WILL_FAIL TRUE)
endforeach(ext ${extensions_3})
### Cleanup ###
# Test 111
# Stop HTTP server
if(STOP_SERVER)
add_test(NAME stop_server
COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}")
set_tests_properties(
stop_server
PROPERTIES
REQUIRED_FILES "${LOGS}/port.log")
else(STOP_SERVER)
message(STATUS "Keep HTTP server after tests")
endif(STOP_SERVER)
else(Python3_FOUND)
message(STATUS "CTest skips some tests")
endif(Python3_FOUND)
# Test 112
# Delete test files
foreach(ext ${extensions_4}) foreach(ext ${extensions_4})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/legacy.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/legacy.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_crldp.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/nested.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/nested.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/revoked.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/removed.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/removed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/added.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/added.${ext}")
foreach(cert ${pem_certs}) foreach(cert ${pem_certs})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}")
endforeach() endforeach(cert ${pem_certs})
foreach(format ${sign_formats}) foreach(format ${formats})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}")
endforeach() endforeach(format ${formats})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr")
endforeach() endforeach(ext ${extensions_4})
add_test(NAME remove_files COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})
add_test(NAME remove_files
COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})
#[[
Local Variables:
c-basic-offset: 4
tab-width: 4
indent-tabs-mode: nil
End:
vim: set ts=4 expandtab:
]]