From 60fe5d15fef572d1e3186397a80624c5c7b807d4 Mon Sep 17 00:00:00 2001 From: olszomal Date: Tue, 12 Apr 2022 12:42:02 +0200 Subject: [PATCH] use CMake instead of Makefile --- .gitignore | 44 ++-- CMakeLists.txt | 50 ++++ Config.h.in | 12 + INSTALL.W32.md | 50 ++++ LICENSE.txt | 2 +- Makefile.am | 21 -- NEWS.md | 1 + README.md | 56 ++--- bootstrap | 2 - cmake/CMakeDist.cmake | 27 +++ cmake/CMakeInstall.cmake | 29 +++ cmake/CMakeTest.cmake | 278 +++++++++++++++++++++++ cmake/FindCurl.cmake | 47 ++++ cmake/FindMapping.cmake | 22 ++ cmake/FindOpenssl.cmake | 71 ++++++ cmake/SetOptions.cmake | 54 +++++ configure.ac | 147 ------------ tests/certs/.gitignore | 2 + tests/certs/makecerts.sh | 91 +++++--- tests/certs/openssl_intermediate.cnf | 17 +- tests/certs/openssl_root.cnf | 12 +- tests/certs/openssl_tsa.cnf | 46 ++++ tests/certs/openssl_tsa_root.cnf | 83 +++++++ tests/files/unsigned.cat | Bin 0 -> 394 bytes tests/files/unsigned.ex_ | Bin 0 -> 120 bytes tests/files/unsigned.exe | Bin 0 -> 96150 bytes tests/files/unsigned.msi | Bin 0 -> 9728 bytes tests/recipes/01_sign_pem | 53 ----- tests/recipes/02_sign_pass | 53 ----- tests/recipes/03_sign_der | 54 ----- tests/recipes/04_sign_spc_pvk | 54 ----- tests/recipes/05_sign_pkcs12 | 53 ----- tests/recipes/06_test_sha256sum | 34 --- tests/recipes/07_sign_timestamp | 61 ----- tests/recipes/08_sign_rfc3161 | 65 ------ tests/recipes/09_sign_page_hashes | 33 --- tests/recipes/10_sign_blob | 53 ----- tests/recipes/11_sign_nest | 42 ---- tests/recipes/12_sign_readpass_pem | 54 ----- tests/recipes/13_sign_readpass_pkcs12 | 54 ----- tests/recipes/14_sign_descryption | 53 ----- tests/recipes/15_sign_url | 54 ----- tests/recipes/16_sign_comm | 58 ----- tests/recipes/17_sign_crosscertfile | 55 ----- tests/recipes/21_sign_hash_md5 | 52 ----- tests/recipes/22_sign_hash_sha1 | 52 ----- tests/recipes/23_sign_hash_sha2 | 52 ----- tests/recipes/24_sign_hash_sha384 | 52 ----- tests/recipes/25_sign_hash_sha512 | 52 ----- tests/recipes/26_extract_signature_pem | 55 ----- tests/recipes/27_extract_signature_der | 54 ----- tests/recipes/31_attach_signature_der | 58 ----- tests/recipes/32_attach_signature_pem | 58 ----- tests/recipes/33_attach_signed | 58 ----- tests/recipes/34_attach_nest | 44 ---- tests/recipes/35_remove_signature | 54 ----- tests/recipes/36_varia_sha256sum | 34 --- tests/recipes/37_add_signature_timestamp | 64 ------ tests/recipes/38_add_signature_rfc3161 | 64 ------ tests/recipes/39_add_signature_blob | 55 ----- tests/recipes/40_verify_leaf_hash | 51 ----- tests/recipes/41_sign_add_msi_dse | 41 ---- tests/recipes/42_sign_jp_low | 38 ---- tests/recipes/45_verify_fake_pe | 36 --- tests/recipes/46_verify_timestamp | 46 ---- tests/recipes/47_verify_rfc3161 | 46 ---- tests/recipes/51_verify_time | 52 ----- tests/recipes/52_verify_timestamp | 62 ----- tests/recipes/53_verify_rfc3161 | 62 ----- tests/recipes/54_verify_expired | 62 ----- tests/recipes/55_verify_revoked | 62 ----- tests/recipes/56_verify_multiple | 60 ----- tests/test_library | 174 -------------- tests/testall.sh | 135 ----------- tests/testsign.sh | 90 -------- tests/tsa_server.py | 140 ++++++++++++ 76 files changed, 1036 insertions(+), 3026 deletions(-) create mode 100644 CMakeLists.txt create mode 100644 Config.h.in delete mode 100644 Makefile.am delete mode 100755 bootstrap create mode 100644 cmake/CMakeDist.cmake create mode 100644 cmake/CMakeInstall.cmake create mode 100644 cmake/CMakeTest.cmake create mode 100644 cmake/FindCurl.cmake create mode 100644 cmake/FindMapping.cmake create mode 100644 cmake/FindOpenssl.cmake create mode 100644 cmake/SetOptions.cmake delete mode 100644 configure.ac create mode 100644 tests/certs/openssl_tsa.cnf create mode 100644 tests/certs/openssl_tsa_root.cnf create mode 100755 tests/files/unsigned.cat create mode 100644 tests/files/unsigned.ex_ create mode 100755 tests/files/unsigned.exe create mode 100644 tests/files/unsigned.msi delete mode 100644 tests/recipes/01_sign_pem delete mode 100644 tests/recipes/02_sign_pass delete mode 100644 tests/recipes/03_sign_der delete mode 100644 tests/recipes/04_sign_spc_pvk delete mode 100644 tests/recipes/05_sign_pkcs12 delete mode 100644 tests/recipes/06_test_sha256sum delete mode 100644 tests/recipes/07_sign_timestamp delete mode 100644 tests/recipes/08_sign_rfc3161 delete mode 100644 tests/recipes/09_sign_page_hashes delete mode 100644 tests/recipes/10_sign_blob delete mode 100644 tests/recipes/11_sign_nest delete mode 100644 tests/recipes/12_sign_readpass_pem delete mode 100644 tests/recipes/13_sign_readpass_pkcs12 delete mode 100644 tests/recipes/14_sign_descryption delete mode 100644 tests/recipes/15_sign_url delete mode 100644 tests/recipes/16_sign_comm delete mode 100644 tests/recipes/17_sign_crosscertfile delete mode 100644 tests/recipes/21_sign_hash_md5 delete mode 100644 tests/recipes/22_sign_hash_sha1 delete mode 100644 tests/recipes/23_sign_hash_sha2 delete mode 100644 tests/recipes/24_sign_hash_sha384 delete mode 100644 tests/recipes/25_sign_hash_sha512 delete mode 100644 tests/recipes/26_extract_signature_pem delete mode 100644 tests/recipes/27_extract_signature_der delete mode 100644 tests/recipes/31_attach_signature_der delete mode 100644 tests/recipes/32_attach_signature_pem delete mode 100644 tests/recipes/33_attach_signed delete mode 100644 tests/recipes/34_attach_nest delete mode 100644 tests/recipes/35_remove_signature delete mode 100644 tests/recipes/36_varia_sha256sum delete mode 100644 tests/recipes/37_add_signature_timestamp delete mode 100644 tests/recipes/38_add_signature_rfc3161 delete mode 100644 tests/recipes/39_add_signature_blob delete mode 100644 tests/recipes/40_verify_leaf_hash delete mode 100644 tests/recipes/41_sign_add_msi_dse delete mode 100644 tests/recipes/42_sign_jp_low delete mode 100644 tests/recipes/45_verify_fake_pe delete mode 100644 tests/recipes/46_verify_timestamp delete mode 100755 tests/recipes/47_verify_rfc3161 delete mode 100644 tests/recipes/51_verify_time delete mode 100644 tests/recipes/52_verify_timestamp delete mode 100644 tests/recipes/53_verify_rfc3161 delete mode 100644 tests/recipes/54_verify_expired delete mode 100644 tests/recipes/55_verify_revoked delete mode 100644 tests/recipes/56_verify_multiple delete mode 100755 tests/test_library delete mode 100755 tests/testall.sh delete mode 100755 tests/testsign.sh create mode 100644 tests/tsa_server.py diff --git a/.gitignore b/.gitignore index 6fb8b57..fd34917 100644 --- a/.gitignore +++ b/.gitignore @@ -1,24 +1,20 @@ -.deps -Makefile -Makefile.in -aclocal.m4 -autom4te.cache/ -compile +build/ +CMakeFiles/ +_CPack_Packages/ +Testing/ + +CMakeCache.txt +cmake_install.cmake config.h -config.h.in -config.h.in~ -config.log -config.status -configure -depcomp -install-sh +CPackConfig.cmake +CPackSourceConfig.cmake +CTestTestfile.cmake +install_manifest.txt +Makefile missing osslsigncode -osslsigncode.o -msi.o +osslsigncode.exe stamp-h1 -INSTALL -COPYING .#*# .*.bak @@ -26,25 +22,21 @@ COPYING .*.rej .*~ #*# +*.asc *.bak +*.bz2 *.d *.def *.dll -*.exe +*.gz +*.key *.la *.lib *.lo *.orig +*.pc *.pdb *.rej *.u *.rc -*.pc *~ -*.gz -*.bz2 -*.asc - -**/*.log -!myapp.exe -*.pem diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..4e8ff68 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,50 @@ +# required cmake version +cmake_minimum_required(VERSION 3.6) + +# set the project name and version +project(osslsigncode VERSION 2.4) +set(DEV "-dev") +set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${DEV}") +set(PACKAGE_STRING "${PROJECT_NAME} ${PROJECT_VERSION}") +set(PACKAGE_BUGREPORT "Michal.Trojnara@stunnel.org") + +# specify the C++ standard +set(CMAKE_C_STANDARD 11) +set(CMAKE_C_STANDARD_REQUIRED ON) + +# make find modules in cmake dir available +set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") + +# load CMake project modules +include(SetOptions) +include(FindOpenssl) +include(FindCurl) +include(FindMapping) + +# use config.h +target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1) +configure_file(Config.h.in config.h) + +# add include directories to osslsigncode +target_include_directories(osslsigncode PUBLIC "${PROJECT_BINARY_DIR}") + +if(MSVC) + # set output directory + set_target_properties(osslsigncode PROPERTIES + RUNTIME_OUTPUT_DIRECTORY_DEBUG ${PROJECT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELEASE ${PROJECT_BINARY_DIR} + ) + # copy necessary libraries + file(COPY ${OPENSSL_LIBS} ${CURL_LIB} DESTINATION ${PROJECT_BINARY_DIR}) +else() + # set LD_LIBRARY_PATH + set_target_properties(osslsigncode PROPERTIES + INSTALL_RPATH_USE_LINK_PATH TRUE + ) +endif() + +include(CMakeTest) +include(CMakeInstall) +if(NOT MSVC) + include(CMakeDist) +endif() diff --git a/Config.h.in b/Config.h.in new file mode 100644 index 0000000..77fa15b --- /dev/null +++ b/Config.h.in @@ -0,0 +1,12 @@ +/* the configured options and settings for osslsigncode */ +#define VERSION_MAJOR "@osslsigncode_VERSION_MAJOR@" +#define VERSION_MINOR "@osslsigncode_VERSION_MINOR@" +#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@" +#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" +#cmakedefine ENABLE_CURL +#cmakedefine HAVE_TERMIOS_H +#cmakedefine HAVE_GETPASS +#cmakedefine HAVE_SYS_MMAN_H +#cmakedefine HAVE_MMAP +#cmakedefine HAVE_MAPVIEWOFFILE +#cmakedefine _WIN32 diff --git a/INSTALL.W32.md b/INSTALL.W32.md index 291c5d6..3dcd131 100644 --- a/INSTALL.W32.md +++ b/INSTALL.W32.md @@ -93,3 +93,53 @@ OpenSSL 1.1.1k 25 Mar 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021) libcurl/7.78.0 OpenSSL/1.1.1k ``` + +### Building OpenSSL, Curl and osslsigncode sources with Microsoft Visual Studio 64-bit: + +1) Download and install Strawberry Perl from https://strawberryperl.com/ + +2) Run "Open Visual Studio 2022 Tools Command Prompt for targeting x64" + +3) Build and install OpenSSL. +``` + cd openssl-(version) + perl Configure VC-WIN64A --prefix=C:\OpenSSL\vc-win64a --openssldir=C:\OpenSSL\SSL no-asm shared + nmake && nmake install +``` + +4) Build and install curl. +``` + cd curl-(version)\winbuild + nmake /f Makefile.vc mode=dll WITH_PREFIX=C:\curl SSL_PATH=C:\OpenSSL\vc-win64a \ + VC=22 MACHINE=x64 DEBUG=no WITH_SSL=dll ENABLE_NGHTTP2=no ENABLE_SSPI=no \ + ENABLE_IDN=no GEN_PDB=no ENABLE_WINSSL=no USE_ZLIB=no +``` + +5) Build 64-bit Windows osslsigncode. + Navigate to the build directory and run CMake to configure the osslsigncode project + and generate a native build system: +``` + mkdir build && cd build && cmake .. +``` + with specific compile options: +``` + -Denable-strict=ON + -Denable-pedantic=ON + -Dwith-curl=OFF + -Dssl-path=C:\OpenSSL\ + -Dcurl-path=C:\curl\ +``` + Then call that build system to actually compile/link the osslsigncode project: +``` + cmake --build . +``` + +6) Make tests. +``` + ctest -C Release +``` + +5) Make install (with administrator privileges). +``` + cmake --install . --prefix "C:\osslsigncode" +``` diff --git a/LICENSE.txt b/LICENSE.txt index ac2d3fe..bee8331 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2014 Per Allansson -Copyright (C) 2018-2019 Michał Trojnara +Copyright (C) 2018-2022 Michał Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index 6c4fc28..0000000 --- a/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -AUTOMAKE_OPTIONS = foreign 1.10 -MAINTAINERCLEANFILES = \ - config.log config.status \ - $(srcdir)/Makefile.in \ - $(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \ - $(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \ - $(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/ylwrap \ - $(srcdir)/config.guess $(srcdir)/config.sub -EXTRA_DIST = .gitignore COPYING.txt LICENSE.txt INSTALL.W32.md NEWS.md README.md TODO.md - -AM_CFLAGS = $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS) - -bin_PROGRAMS = osslsigncode - -osslsigncode_SOURCES = osslsigncode.c msi.c msi.h -osslsigncode_LDADD = $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS) - -# bash completion script -AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions' -bashcompdir = @bashcompdir@ -dist_bashcomp_DATA = osslsigncode.bash diff --git a/NEWS.md b/NEWS.md index aceb0e1..2724540 100644 --- a/NEWS.md +++ b/NEWS.md @@ -12,6 +12,7 @@ - remove "-timestamp-expiration" option - disable verification of the Timestamp Server signature ("-ignore-timestamp" option) +- use CMake instead of Makefile ### 2.3 (2022.03.06) diff --git a/README.md b/README.md index 85430c0..b0e0dc1 100644 --- a/README.md +++ b/README.md @@ -29,43 +29,47 @@ supports signature verification, removal and extraction. This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems. See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes. +We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead of cloning from a git repository. -### Generate the ./configure script - -This step is only needed if osslsigncode was cloned from a git repository. -We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead. +### Configure, build, make tests and install osslsigncode * Install prerequisites on a Debian-based distributions, such as Ubuntu: ``` - sudo apt update && sudo apt install automake pkg-config + sudo apt update && sudo apt install cmake libssl-dev libcurl4-openssl-dev ``` - -* Install prerequisites on macOS with Homebrew: -``` - brew install automake pkg-config -``` - -* Generate the ./configure script: -``` - ./bootstrap -``` - -### Configure, build and install osslsigncode - -* Install prerequisites on a Debian-based distributions, such as Ubuntu: -``` - sudo apt update && sudo apt install build-essential pkg-config libssl-dev libcurl4-openssl-dev -``` - * Install prerequisites on macOS with Homebrew: ``` brew install pkg-config openssl@1.1 export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" ``` - -* Configure, build and install osslsigncode: +* Navigate to the build directory and run CMake to configure the osslsigncode project + and generate a native build system: ``` - ./configure && make && sudo make install + mkdir build && cd build && cmake .. +``` + with specific compile options: +``` + -Denable-strict=ON + -Denable-pedantic=ON + -Dssl-path=/opt/openssl-3.0.2/ + -Dcurl-path=/opt/curl-7.82/ + -Dwith-curl=OFF +``` +* Then call that build system to actually compile/link the osslsigncode project (alias `make`): +``` + cmake --build . +``` +* Make test: +``` + ctest -C Release +``` +* Make install: +``` + sudo cmake --install . --prefix "/home/myuser/installdir" +``` +* Make tarball (simulate autotools' `make dist`): +``` + cmake --build . --target package_source ``` ## USAGE diff --git a/bootstrap b/bootstrap deleted file mode 100755 index 4cd22ac..0000000 --- a/bootstrap +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -autoreconf --verbose --install --force diff --git a/cmake/CMakeDist.cmake b/cmake/CMakeDist.cmake new file mode 100644 index 0000000..5e7688f --- /dev/null +++ b/cmake/CMakeDist.cmake @@ -0,0 +1,27 @@ +# make dist +# cmake --build . --target package_source + +set(CPACK_PACKAGE_NAME ${PROJECT_NAME}) +set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION}) +set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files") +set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME}) +set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md") +set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING.txt") +set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}") +set(CPACK_SOURCE_GENERATOR "TGZ") +set(CPACK_SOURCE_IGNORE_FILES "\.git/;\.gitignore") +list(APPEND CPACK_SOURCE_IGNORE_FILES "Makefile") +list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt") +list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles") +list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackConfig.cmake") +list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackSourceConfig.cmake") +list(APPEND CPACK_SOURCE_IGNORE_FILES "CTestTestfile.cmake") +list(APPEND CPACK_SOURCE_IGNORE_FILES "cmake_install.cmake") +list(APPEND CPACK_SOURCE_IGNORE_FILES "config.h") +list(APPEND CPACK_SOURCE_IGNORE_FILES "/CMakeFiles/") +list(APPEND CPACK_SOURCE_IGNORE_FILES "/Testing/") +list(APPEND CPACK_SOURCE_IGNORE_FILES "/_CPack_Packages/") +list(APPEND CPACK_SOURCE_IGNORE_FILES "/build/") + +include(CPack) +add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) diff --git a/cmake/CMakeInstall.cmake b/cmake/CMakeInstall.cmake new file mode 100644 index 0000000..20b4dc3 --- /dev/null +++ b/cmake/CMakeInstall.cmake @@ -0,0 +1,29 @@ +# make install +# cmake --install . --prefix "/home/myuser/installdir" + +# installation rules for a project +set(BINDIR "${CMAKE_INSTALL_PREFIX}/bin") +install(TARGETS osslsigncode RUNTIME DESTINATION ${BINDIR}) +if(MSVC) + install(FILES + "${PROJECT_BINARY_DIR}/libcrypto-3-x64.dll" + "${PROJECT_BINARY_DIR}/libssl-3-x64.dll" + "${PROJECT_BINARY_DIR}/libcurl.dll" + DESTINATION ${BINDIR} + ) +endif() + +# install bash completion script +if(NOT MSVC) + find_package(bash-completion QUIET) + if(NOT BASH_COMPLETION_COMPLETIONSDIR) + if(BASH_COMPLETION_COMPATDIR) + set(BASH_COMPLETION_COMPLETIONSDIR ${BASH_COMPLETION_COMPATDIR}) + else() + set(SHAREDIR "${CMAKE_INSTALL_PREFIX}/share") + set(BASH_COMPLETION_COMPLETIONSDIR "${SHAREDIR}/bash-completion/completions") + endif() + endif() + message(STATUS "Using bash completions dir ${BASH_COMPLETION_COMPLETIONSDIR}") + install(FILES "osslsigncode.bash" DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR}) +endif() diff --git a/cmake/CMakeTest.cmake b/cmake/CMakeTest.cmake new file mode 100644 index 0000000..8830c64 --- /dev/null +++ b/cmake/CMakeTest.cmake @@ -0,0 +1,278 @@ +# make test +# ctest -C Release + +include(FindPython3) +enable_testing() + +file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/tsa_server.py" + DESTINATION "${PROJECT_BINARY_DIR}/Testing" +) +file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/files" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs" + DESTINATION "${PROJECT_BINARY_DIR}/Testing" +) + +set(FILES "${PROJECT_BINARY_DIR}/Testing/files") +set(CERTS "${PROJECT_BINARY_DIR}/Testing/certs") + +set(priv_p12 "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt") +set(priv_spc "-certs" "${CERTS}/cert.spc" "-key" "${CERTS}/key.pvk" "-pass" "passme") +set(priv_der "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme") +set(priv_pkey "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/keyp.pem" "-pass" "passme") +set(sign_opt "-time" "1556708400" + "-add-msi-dse" "-comm" "-ph" "-jp" "low" + "-h" "sha512" "-i" "https://www.osslsigncode.com/" + "-n" "osslsigncode" "-ac" "${CERTS}/crosscert.pem" +) +execute_process( + COMMAND "${CERTS}/makecerts.sh" + WORKING_DIRECTORY ${CERTS} + OUTPUT_VARIABLE makecerts +) +message(STATUS "makecerts.sh: ${makecerts}") +execute_process( + COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der" + OUTPUT_VARIABLE sha256sum +) +string(SUBSTRING ${sha256sum} 0 64 leafhash) +set(verify_opt "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem" + "-TSA-CAfile" "${CERTS}/TSACA.pem" +) +set(extensions_4 "exe" "ex_" "msi" "cat") +set(extensions_3 "exe" "ex_" "msi") +set(files_4 "signed" "nested" "added") +set(files_3 "removed" "attached_pem" "attached_der") +set(sign_formats "pem" "der") +set(pem_certs "cert" "expired" "revoked") +set(failed_certs "expired" "revoked") + +add_test( + NAME version + COMMAND osslsigncode --version +) + +foreach(ext ${extensions_4}) + # Signing time: May 1 00:00:00 2019 GMT + set(sign_${ext} ) + add_test( + NAME signed_${ext} + COMMAND osslsigncode "sign" ${sign_opt} ${priv_p12} + "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}" + ) +endforeach() + +foreach(ext ${extensions_3}) + add_test( + NAME removed_${ext} + COMMAND osslsigncode "remove-signature" + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}" + ) +endforeach() + +foreach(ext ${extensions_3}) + add_test( + NAME extract_pem_${ext} + COMMAND osslsigncode "extract-signature" "-pem" + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem" + ) +endforeach() + +foreach(ext ${extensions_3}) + add_test( + NAME extract_der_${ext} + COMMAND osslsigncode "extract-signature" + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der" + ) +endforeach() + +foreach(ext ${extensions_3}) + set_tests_properties(removed_${ext} extract_pem_${ext} extract_der_${ext} + PROPERTIES DEPENDS sign_${ext} + REQUIRED_FILES "${FILES}/signed.${ext}" + ) +endforeach() + +foreach(ext ${extensions_3}) + foreach(format ${sign_formats}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + add_test( + NAME attached_${format}_${ext} + COMMAND osslsigncode "attach-signature" ${verify_opt} + "-time" "1567296000" + "-require-leaf-hash" "SHA256:${leafhash}" + "-add-msi-dse" "-h" "sha512" "-nest" + "-sigin" "${FILES}/${ext}.${format}" + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}" + ) + set_tests_properties(attached_${format}_${ext} PROPERTIES + DEPENDS extract_pem_${ext} + REQUIRED_FILES "${FILES}/signed.${ext}" + REQUIRED_FILES "${FILES}/${ext}.${format}" + ) + endforeach() +endforeach() + +foreach(ext ${extensions_4}) + add_test( + NAME added_${ext} + COMMAND osslsigncode "add" + "-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512" + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}" + ) + set_tests_properties(added_${ext} PROPERTIES + DEPENDS sign_${ext} + REQUIRED_FILES "${FILES}/signed.${ext}" + ) +endforeach() + +foreach(ext ${extensions_4}) + add_test( + NAME nested_${ext} + COMMAND osslsigncode "sign" "-nest" ${sign_opt} ${priv_der} + "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}" + ) + set_tests_properties(nested_${ext} PROPERTIES + DEPENDS sign_${ext} + REQUIRED_FILES "${FILES}/signed.${ext}" + ) +endforeach() + + +foreach(file ${files_4}) + foreach(ext ${extensions_4}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + add_test( + NAME verify_${file}_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "1567296000" + "-require-leaf-hash" "SHA256:${leafhash}" + "-in" "${FILES}/${file}.${ext}" + ) + set_tests_properties(verify_${file}_${ext} PROPERTIES + DEPENDS ${file}_${ext} + REQUIRED_FILES "${FILES}/${file}.${ext}" + ) + endforeach() +endforeach() + +foreach(file ${files_3}) + foreach(ext ${extensions_3}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + add_test( + NAME verify_${file}_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "1567296000" + "-require-leaf-hash" "SHA256:${leafhash}" + "-in" "${FILES}/${file}.${ext}" + ) + set_tests_properties(verify_${file}_${ext} PROPERTIES + DEPENDS ${file}_${ext} + REQUIRED_FILES "${FILES}/${file}.${ext}" + ) + endforeach() +endforeach() + +foreach(ext ${extensions_3}) + set_tests_properties(verify_removed_${ext} PROPERTIES + WILL_FAIL TRUE + ) +endforeach() + + +if(Python3_FOUND) + foreach(ext ${extensions_4}) + foreach(cert ${pem_certs}) + add_test( + NAME sign_ts_${cert}_${ext} + COMMAND ${Python3_EXECUTABLE} "${PROJECT_BINARY_DIR}/Testing/tsa_server.py" + "--certs" "${CERTS}/${cert}.pem" "--key" "${CERTS}/key.pem" + "--input" "${FILES}/unsigned.${ext}" "--output" "${FILES}/ts_${cert}.${ext}" + ) + endforeach() + endforeach() + + foreach(ext ${extensions_4}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + add_test( + NAME verify_ts_cert_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "1567296000" + "-in" "${FILES}/ts_cert.${ext}" + ) + set_tests_properties(verify_ts_cert_${ext} PROPERTIES + DEPENDS sign_ts_${cert}_${ext} + REQUIRED_FILES "${FILES}/ts_cert.${ext}" + ) + endforeach() + + # Signature verification time: Jan 1 00:00:00 2035 GMT + foreach(ext ${extensions_4}) + add_test( + NAME verify_ts_future_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "2051222400" + "-in" "${FILES}/ts_cert.${ext}" + ) + set_tests_properties(verify_ts_future_${ext} PROPERTIES + DEPENDS sign_ts_${cert}_${ext} + REQUIRED_FILES "${FILES}/ts_cert.${ext}" + ) + endforeach() + + # Signature verification time: Jan 1 00:00:00 2035 GMT + # enabled "-ignore-timestamp" option + foreach(ext ${extensions_4}) + add_test( + NAME verify_ts_ignore_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "2051222400" + "-ignore-timestamp" + "-in" "${FILES}/ts_cert.${ext}" + ) + set_tests_properties(verify_ts_ignore_${ext} PROPERTIES + DEPENDS sign_ts_${cert}_${ext} + REQUIRED_FILES "${FILES}/ts_cert.${ext}" + WILL_FAIL TRUE + ) + endforeach() + + # Signature verification time: Sep 1 00:00:00 2019 GMT + # Certificate has expired or revoked + foreach(ext ${extensions_4}) + foreach(cert ${failed_certs}) + add_test( + NAME verify_ts_${cert}_${ext} + COMMAND osslsigncode "verify" ${verify_opt} + "-time" "1567296000" + "-in" "${FILES}/ts_${cert}.${ext}" + ) + set_tests_properties(verify_ts_${cert}_${ext} PROPERTIES + DEPENDS sign_ts_${cert}_${ext} + REQUIRED_FILES "${FILES}/ts_${cert}.${ext}" + WILL_FAIL TRUE + ) + endforeach() + endforeach() + +else() + message(STATUS "Python3 was not found, skip timestamping tests") +endif() + +foreach(ext ${extensions_4}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed.${ext}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/nested.${ext}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/removed.${ext}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/added.${ext}") + foreach(cert ${pem_certs}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") + endforeach() + foreach(format ${sign_formats}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") + endforeach() + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") +endforeach() +add_test(NAME remove_files COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES}) diff --git a/cmake/FindCurl.cmake b/cmake/FindCurl.cmake new file mode 100644 index 0000000..d32b55b --- /dev/null +++ b/cmake/FindCurl.cmake @@ -0,0 +1,47 @@ +# find the native CURL headers and libraries + +if(with-curl) + if(curl-path) + set(CURL_SEARCH_DIR PATHS ${CURL_ROOT} NO_DEFAULT_PATH) + find_path(CURL_INCLUDE_DIRS + NAMES curl/curl.h + PATHS ${CURL_SEARCH_DIR} + PATH_SUFFIXES include + REQUIRED + ) + find_library(CURL_LIBRARIES + NAMES libcurl libcurl.so + PATHS ${CURL_SEARCH_DIR} + PATH_SUFFIXES lib + NO_DEFAULT_PATH + REQUIRED + ) + mark_as_advanced( + CURL_INCLUDE_DIRS + CURL_LIBRARIES + ) + set(CURL_FOUND TRUE) + endif() + + if(CURL_FOUND) + target_link_libraries(osslsigncode PRIVATE ${CURL_LIBRARIES}) + include_directories(${CURL_INCLUDE_DIRS}) + message(STATUS "Link CURL library: ${CURL_LIBRARIES}") + message(STATUS "Include CURL directory: ${CURL_INCLUDE_DIRS}") + set(ENABLE_CURL 1) + else() + MESSAGE(FATAL_ERROR "Could not find the CURL library and development files.") + endif() + + if(MSVC) + find_path(CURL_BIN_DIR + NAMES curl.exe + PATHS ${CURL_SEARCH_DIR} + PATH_SUFFIXES bin + REQUIRED + ) + set(CURL_LIB "${CURL_BIN_DIR}/libcurl.dll") + endif() +else() + message(STATUS "Disable CURL") +endif() diff --git a/cmake/FindMapping.cmake b/cmake/FindMapping.cmake new file mode 100644 index 0000000..ba94fa5 --- /dev/null +++ b/cmake/FindMapping.cmake @@ -0,0 +1,22 @@ +include(CheckIncludeFile) +include(CheckFunctionExists) + +if(NOT MSVC) + check_function_exists(getpass HAVE_GETPASS) + check_include_file(termios.h HAVE_TERMIOS_H) + check_include_file(sys/mman.h HAVE_SYS_MMAN_H) + if(HAVE_SYS_MMAN_H) + check_function_exists(mmap HAVE_MMAP) + if(NOT HAVE_MMAP) + message(FATAL_ERROR "Error: Need mmap to build.") + endif() + endif() +endif() + +# include wincrypt.h in Windows.h +if(MSVC AND NOT CYGWIN) + check_include_file(windows.h HAVE_MAPVIEWOFFILE) + if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE)) + message(FATAL_ERROR "Error: Need file mapping function to build.") + endif() +endif() diff --git a/cmake/FindOpenssl.cmake b/cmake/FindOpenssl.cmake new file mode 100644 index 0000000..e20d3d6 --- /dev/null +++ b/cmake/FindOpenssl.cmake @@ -0,0 +1,71 @@ +# find the OpenSSL encryption library + +if(ssl-path) + set(OPENSSL_SEARCH_DIR PATHS ${OPENSSL_ROOT} NO_DEFAULT_PATH) + find_path(OPENSSL_INCLUDE_DIR + NAMES openssl/opensslconf.h + PATHS ${OPENSSL_SEARCH_DIR} + PATH_SUFFIXES include + REQUIRED + ) + find_library(OPENSSL_SSL + NAMES libssl libssl.so + PATHS ${OPENSSL_SEARCH_DIR} + PATH_SUFFIXES lib lib64 + NO_DEFAULT_PATH + REQUIRED + ) + find_library(OPENSSL_CRYPTO + NAMES libcrypto libcrypto.so + PATHS ${OPENSSL_SEARCH_DIR} + PATH_SUFFIXES lib lib64 + NO_DEFAULT_PATH + REQUIRED + ) + + if(MSVC) + find_file(OPENSSL_APPLINK_SOURCE + NAMES openssl/applink.c + PATHS ${OPENSSL_INCLUDE_DIR} + NO_DEFAULT_PATH + REQUIRED + ) + else() + set(OPENSSL_APPLINK_SOURCE) + endif() + + set(OPENSSL_LIBRARIES ${OPENSSL_SSL} ${OPENSSL_CRYPTO}) + mark_as_advanced( + OPENSSL_INCLUDE_DIR + OPENSSL_LIBRARIES + OPENSSL_APPLINK_SOURCE + ) + set(OPENSSL_FOUND TRUE) +endif() + +if(OPENSSL_FOUND) + message(STATUS "Link OpenSSL libraries: ${OPENSSL_LIBRARIES}") + message(STATUS "Include OpenSSL directory: ${OPENSSL_INCLUDE_DIR}") + if(MSVC) + message(STATUS "OpenSSL applink source: ${OPENSSL_APPLINK_SOURCE}") + endif() +else() + MESSAGE(FATAL_ERROR "Could not find the OpenSSL library and development files.") +endif() + +if(MSVC) + find_path(OPENSSL_BIN_DIR + NAMES openssl.exe + PATHS ${OPENSSL_SEARCH_DIR} + PATH_SUFFIXES bin + REQUIRED + ) + set(OPENSSL_LIBS "${OPENSSL_BIN_DIR}/libcrypto-3-x64.dll" "${OPENSSL_BIN_DIR}/libssl-3-x64.dll") +endif() + +# add an executable target called "osslsigncode" to be built from the source files +set(SOURCE_FILES osslsigncode.c msi.c ${OPENSSL_APPLINK_SOURCE}) +add_executable(osslsigncode) +target_sources(osslsigncode PRIVATE ${SOURCE_FILES}) +target_link_libraries(osslsigncode PRIVATE ${OPENSSL_LIBRARIES}) +include_directories(${OPENSSL_INCLUDE_DIR}) diff --git a/cmake/SetOptions.cmake b/cmake/SetOptions.cmake new file mode 100644 index 0000000..0a26f29 --- /dev/null +++ b/cmake/SetOptions.cmake @@ -0,0 +1,54 @@ +# add command line options + +# set Release build mode +if(NOT CMAKE_BUILD_TYPE) + set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose Release or Debug" FORCE) +endif() + +option(enable-strict "Enable strict compile mode" OFF) +option(enable-pedantic "Enable pedantic compile mode" OFF) +option(with-curl "Enable curl" ON) + +if(MSVC) + set(ssl-path "D:/TEMP/OpenSSL-3.0.2/vc-win64a" CACHE FILEPATH "OpenSSL library path") + set(curl-path "D:/TEMP/curl-7.82.0" CACHE FILEPATH "cURL library path") +else() + option(ssl-path "OpenSSL library path" OFF) + option(curl-path "cURL library path" OFF) +endif() + +if(ssl-path) + set(OPENSSL_ROOT ${ssl-path}) + set(OPENSSL_SEARCH_DIR) +else() + include(FindOpenSSL) +endif() + +if(with-curl) + if(curl-path) + set(CURL_ROOT ${curl-path}) + set(CURL_BIN_DIR) + else() + include(FindCURL) + endif() +endif() + +# enable compile options +if(enable-strict) + message(STATUS "Enable strict compile mode") + if(MSVC) + # Microsoft Visual C warning level + add_compile_options(/Wall) + else() + add_compile_options(-Wall -Wextra) + endif() +endif() + +if(enable-pedantic) + message(STATUS "Enable pedantic compile mode") + if(MSVC) + add_compile_options(/W4) + else() + add_compile_options(-pedantic) + endif() +endif() diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 3afd4db..0000000 --- a/configure.ac +++ /dev/null @@ -1,147 +0,0 @@ -AC_PREREQ(2.60) - -AC_INIT([osslsigncode], [2.4.0-dev], [Michal.Trojnara@stunnel.org]) -AC_CONFIG_AUX_DIR([.]) -AC_CONFIG_HEADERS([config.h]) -AC_CANONICAL_HOST -AM_INIT_AUTOMAKE - -AC_CONFIG_SRCDIR([osslsigncode.c]) - -# bash completion support -AC_ARG_WITH([bashcompdir], - AS_HELP_STRING([--with-bashcompdir=DIR], [directory for bash completions]), , - [PKG_CHECK_VAR([with_bashcompdir], [bash-completion], [completionsdir], , - [with_bashcompdir="${datarootdir}/bash-completion/completions"])]) -AC_MSG_CHECKING([for bashcompdir]) -AC_MSG_RESULT([$with_bashcompdir]) -AC_SUBST([bashcompdir], [$with_bashcompdir]) - -dnl Checks for programs. -AC_PROG_CC -AC_USE_SYSTEM_EXTENSIONS - -AC_ARG_ENABLE( - [strict], - [AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@disabled@:>@])], - , - [enable_strict="no"] -) - -AC_ARG_ENABLE( - [pedantic], - [AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@disabled@:>@])], - , - [enable_pedantic="no"] -) - -AC_ARG_WITH( - [curl], - [AS_HELP_STRING([--with-curl],[enable curl @<:@enabled@:>@])], - , - [with_curl="yes"] -) - -if test "${enable_pedantic}" = "yes"; then - enable_strict="yes"; - CFLAGS="${CFLAGS} -pedantic" -fi -if test "${enable_strict}" = "yes"; then - CFLAGS="${CFLAGS} -Wall -Wextra" -fi - -PKG_PROG_PKG_CONFIG -AC_PROG_CPP -AC_PROG_INSTALL -AC_PROG_LN_S -AC_PROG_MKDIR_P -AC_PROG_SED -AC_PROG_MAKE_SET - -AC_C_CONST -AC_HEADER_STDC -AC_HEADER_TIME -AC_CHECK_HEADERS( - [sys/mman.h], - [AC_CHECK_FUNC( - [mmap], - [AC_DEFINE(HAVE_MMAP, [1], [Define to 1 if you have mmap])], - [AC_MSG_ERROR([Need mmap to build.])] - )], - [have_mmap=no] -) - -case "${host_os}" in - cygwin*) - ;; - *) -AC_CHECK_HEADERS( - [windows.h], - [], - [have_MapViewOfFile=no] -) -esac - -AS_IF([test "x$have_mmap$have_MapViewOfFile" = "xnono"], - [AC_MSG_ERROR([Need file mapping function to buid.])]) - -AC_CHECK_LIB( - [dl], - [dlopen], - [DL_LIBS="-ldl"] -) - -AC_CHECK_HEADERS([termios.h]) -AC_CHECK_FUNCS(getpass) - -PKG_CHECK_MODULES( - [OPENSSL], - [libcrypto >= 1.1.1], - , - [PKG_CHECK_MODULES( - [OPENSSL], - [openssl >= 1.1.1], - , - [AC_CHECK_LIB( - [crypto], - [EVP_MD_CTX_new], - [OPENSSL_LIBS="-lcrypto ${SOCKETS_LIBS} ${DL_LIBS}"], - [AC_MSG_ERROR([OpenSSL 1.1.1 or later is required. https://www.openssl.org/])], - [${DL_LIBS}] - )] - )] -) - -PKG_CHECK_MODULES( - [LIBCURL], - [libcurl >= 7.12.0], - , - [AC_CHECK_LIB( - [curl], - [curl_easy_strerror], - [LIBCURL_LIBS="-lcurl"], - , - [${DL_LIBS}] - )] -) - -if test "${with_curl}" = "yes"; then - test -z "${LIBCURL_LIBS}" && AC_MSG_ERROR(m4_normalize([ - Curl 7.12.0 or later required for timestamping support http://curl.haxx.se/ - m4_newline() or libcurl development package not found, try installing: - m4_newline() * libcurl4-openssl-dev (Debian, Ubuntu) - m4_newline() * libcurl-devel (Fedora, CentOS, RHEL) - m4_newline() * libcurl_dev (Solaris) - ])) - OPTIONAL_LIBCURL_CFLAGS="${LIBCURL_CFLAGS}" - OPTIONAL_LIBCURL_LIBS="${LIBCURL_LIBS}" - AC_DEFINE([ENABLE_CURL], [1], [libcurl is enabled]) -fi - -AC_SUBST([OPTIONAL_LIBCURL_CFLAGS]) -AC_SUBST([OPTIONAL_LIBCURL_LIBS]) - -AC_CONFIG_FILES([Makefile]) -AC_OUTPUT - -# vim: set ts=4 noexpandtab: diff --git a/tests/certs/.gitignore b/tests/certs/.gitignore index 58ba881..ecfce1d 100644 --- a/tests/certs/.gitignore +++ b/tests/certs/.gitignore @@ -4,3 +4,5 @@ *.p12 *.spc *.txt +*.log +tsa-serial diff --git a/tests/certs/makecerts.sh b/tests/certs/makecerts.sh index a9ee839..457f0e0 100755 --- a/tests/certs/makecerts.sh +++ b/tests/certs/makecerts.sh @@ -29,16 +29,18 @@ make_certs() { OPENSSL=openssl fi - mkdir "demoCA/" 2>> "makecerts.log" 1>&2 - touch "demoCA/index.txt" - echo -n "unique_subject = no" > "demoCA/index.txt.attr" - echo 1000 > "demoCA/serial" + mkdir "CA/" 2>> "makecerts.log" 1>&2 + touch "CA/index.txt" + echo -n "unique_subject = no" > "CA/index.txt.attr" + $OPENSSL rand -hex 16 > "CA/serial" + $OPENSSL rand -hex 16 > "tsa-serial" + echo 1001 > "CA/crlnumber" date > "makecerts.log" "$OPENSSL" version 2>> "makecerts.log" 1>&2 echo -n "$password" > "password.txt" printf "\nGenerate root CA certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out demoCA/CA.key \ + "$OPENSSL" genrsa -out CA/CA.key \ 2>> "makecerts.log" 1>&2 test_result $? TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' @@ -46,20 +48,20 @@ make_certs() { OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key demoCA/CA.key -out tmp/CACert.pem \ + "$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/CA.key -out tmp/CACert.pem \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out demoCA/intermediate.key \ + "$OPENSSL" genrsa -out CA/intermediate.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate.cnf" - "$OPENSSL" req -config "$CONF" -new -key demoCA/intermediate.key -out demoCA/intermediate.csr \ + "$OPENSSL" req -config "$CONF" -new -key CA/intermediate.key -out CA/intermediate.csr \ -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? @@ -68,39 +70,39 @@ make_certs() { OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" ca -config "$CONF" -batch -in demoCA/intermediate.csr -out demoCA/intermediate.cer \ + "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediate.csr -out CA/intermediate.cer \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? - "$OPENSSL" x509 -in demoCA/intermediate.cer -out tmp/intermediate.pem \ + "$OPENSSL" x509 -in CA/intermediate.cer -out tmp/intermediate.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log" - "$OPENSSL" genrsa -des3 -out demoCA/private.key -passout pass:"$password" \ + "$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \ 2>> "makecerts.log" 1>&2 test_result $? - cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log" + cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log" test_result $? printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log" - "$OPENSSL" rsa -in demoCA/private.key -passin pass:"$password" -out tmp/key.pem \ + "$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nGenerate a certificate to revoke\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/revoked.csr \ + "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \ -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \ + "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" x509 -in demoCA/revoked.cer -out tmp/revoked.pem \ + "$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \ 2>> "makecerts.log" 1>&2 test_result $? printf "\nRevoke above certificate\n" >> "makecerts.log" - "$OPENSSL" ca -config "$CONF" -revoke demoCA/revoked.cer \ + "$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \ 2>> "makecerts.log" 1>&2 test_result $? @@ -124,27 +126,27 @@ make_certs() { test_result $? printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out demoCA/cross.key \ + "$OPENSSL" genrsa -out CA/cross.key \ 2>> "makecerts.log" 1>&2 TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c ' script_path=$(pwd) OPENSSL="$0" export LD_LIBRARY_PATH="$1" CONF="${script_path}/openssl_intermediate.cnf" - "$OPENSSL" req -config "$CONF" -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \ + "$OPENSSL" req -config "$CONF" -new -x509 -days 900 -key CA/cross.key -out tmp/crosscert.pem \ -subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" test_result $? printf "\nGenerate code signing certificate\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/cert.csr \ + "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in demoCA/cert.csr -out demoCA/cert.cer \ + "$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" x509 -in demoCA/cert.cer -out tmp/cert.pem \ + "$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \ 2>> "makecerts.log" 1>&2 test_result $? @@ -179,14 +181,14 @@ make_certs() { test_result $? printf "\nGenerate expired certificate\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/expired.csr \ + "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \ + "$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \ 2>> "makecerts.log" 1>&2 test_result $? - "$OPENSSL" x509 -in demoCA/expired.cer -out tmp/expired.pem \ + "$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \ 2>> "makecerts.log" 1>&2 test_result $? @@ -194,23 +196,50 @@ make_certs() { cat tmp/intermediate.pem >> tmp/expired.pem 2>> "makecerts.log" test_result $? + printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log" + "$OPENSSL" genrsa -out CA/TSACA.key \ + 2>> "makecerts.log" 1>&2 + TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + OPENSSL="$0" + export LD_LIBRARY_PATH="$1" + CONF="${script_path}/openssl_tsa_root.cnf" + "$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/TSACA.key -out tmp/TSACA.pem \ + 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" + test_result $? + + printf "\nGenerate TSA certificate\n" >> "makecerts.log" + CONF="${script_path}/openssl_tsa.cnf" + "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \ + 2>> "makecerts.log" 1>&2 + test_result $? + CONF="${script_path}/openssl_tsa_root.cnf" + "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \ + 2>> "makecerts.log" 1>&2 + test_result $? + "$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \ + 2>> "makecerts.log" 1>&2 + test_result $? + + printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log" + cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log" + # copy new files if test -s tmp/intermediate.pem -a -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \ -a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \ -a -s tmp/cert.pem -a -s tmp/cert.p12 -a -s tmp/cert.der -a -s tmp/cert.spc \ - -a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc + -a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc \ + -a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem then cp tmp/* ./ - printf "%s\n" "keys & certificates successfully generated" - printf "%s\n" "makecerts.sh finished" + printf "%s" "keys & certificates successfully generated" else - printf "%s\n" "makecerts.sh failed" - printf "%s\n" "error logs ${result_path}/makecerts.log" + printf "%s" "error logs ${result_path}/makecerts.log" result=1 fi # remove the working directory - rm -rf "demoCA/" + rm -rf "CA/" rm -rf "tmp/" exit "$result" diff --git a/tests/certs/openssl_intermediate.cnf b/tests/certs/openssl_intermediate.cnf index b99c777..7ba40b1 100644 --- a/tests/certs/openssl_intermediate.cnf +++ b/tests/certs/openssl_intermediate.cnf @@ -1,19 +1,20 @@ # OpenSSL intermediate CA configuration file -[ ca ] +[ default ] +name = intermediate default_ca = CA_default [ CA_default ] # Directory and file locations dir = . -certs = $dir/demoCA -crl_dir = $dir/demoCA -new_certs_dir = $dir/demoCA -database = $dir/demoCA/index.txt -serial = $dir/demoCA/serial +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial rand_serial = yes -private_key = $dir/demoCA/intermediate.key -certificate = $dir/tmp/intermediate.pem +private_key = $dir/CA/$name.key +certificate = $dir/tmp/$name.pem crl_extensions = crl_ext default_md = sha256 preserve = no diff --git a/tests/certs/openssl_root.cnf b/tests/certs/openssl_root.cnf index 2622fb5..c653920 100644 --- a/tests/certs/openssl_root.cnf +++ b/tests/certs/openssl_root.cnf @@ -6,13 +6,13 @@ default_ca = CA_default [ CA_default ] # Directory and file locations. dir = . -certs = $dir/demoCA -crl_dir = $dir/demoCA -new_certs_dir = $dir/demoCA -database = $dir/demoCA/index.txt -serial = $dir/demoCA/serial +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial rand_serial = yes -private_key = $dir/demoCA/CA.key +private_key = $dir/CA/CA.key certificate = $dir/tmp/CACert.pem crl_extensions = crl_ext default_md = sha256 diff --git a/tests/certs/openssl_tsa.cnf b/tests/certs/openssl_tsa.cnf new file mode 100644 index 0000000..a139088 --- /dev/null +++ b/tests/certs/openssl_tsa.cnf @@ -0,0 +1,46 @@ +# OpenSSL Timestamp Authority configuration file + +oid_section = new_oids + +[ new_oids ] +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +[ req ] +# Options for the `req` tool +default_bits = 2048 +encrypt_key = yes +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = ca_distinguished_name + +[ ca_distinguished_name ] +countryName = "PL" +organizationName = "osslsigncode" +organizationalUnitName = "Timestamp Authority" +commonName = "Test TSA" + + +# Time Stamping Authority command "openssl-ts" + +[ tsa ] +default_tsa = tsa_config + +[ tsa_config ] +dir = ./Testing/certs +signer_cert = $dir/TSA.pem +signer_key = $dir/TSA.key +certs = $dir/tsa-chain.pem +serial = $dir/tsa-serial +default_policy = tsa_policy1 +other_policies = tsa_policy2, tsa_policy3 +signer_digest = sha256 +digests = sha256, sha384, sha512 +accuracy = secs:1, millisecs:500, microsecs:100 +ordering = yes +tsa_name = yes +ess_cert_id_chain = yes +ess_cert_id_alg = sha256 diff --git a/tests/certs/openssl_tsa_root.cnf b/tests/certs/openssl_tsa_root.cnf new file mode 100644 index 0000000..e94c2ba --- /dev/null +++ b/tests/certs/openssl_tsa_root.cnf @@ -0,0 +1,83 @@ +# OpenSSL Root Timestamp Authority configuration file + +[ default ] +name = TSACA +domain_suffix = timestampauthority.com +aia_url = http://$name.$domain_suffix/$name.crt +crl_url = http://$name.$domain_suffix/$name.crl +ocsp_url = http://ocsp.$name.$domain_suffix:9080 +name_opt = utf8, esc_ctrl, multiline, lname, align +default_ca = CA_default + +[ CA_default ] +dir = . +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial +crlnumber = $dir/CA/crlnumber +rand_serial = yes +private_key = $dir/CA/$name.key +certificate = $dir/tmp/$name.pem +default_md = sha256 +default_days = 3650 +default_crl_days = 365 +policy = policy_match +default_startdate = 20180101000000Z +default_enddate = 20280101000000Z +unique_subject = no +x509_extensions = tsa_extensions + +[ policy_match ] +countryName = match +stateOrProvinceName = optional +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ tsa_extensions ] +basicConstraints = critical, CA:false +extendedKeyUsage = critical, timeStamping +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +authorityInfoAccess = @issuer_info +crlDistributionPoints = @crl_info +nameConstraints = @name_constraints + +[ issuer_info ] +caIssuers;URI.0 = $aia_url +OCSP;URI.0 = $ocsp_url + +[ crl_info ] +URI.0 = $crl_url + +[ name_constraints ] +permitted;DNS.0=test.com +permitted;DNS.1=test.org +excluded;IP.0=0.0.0.0/0.0.0.0 +excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 + +[ req ] +# Options for the `req` tool +default_bits = 2048 +encrypt_key = yes +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions + +[ ca_distinguished_name ] +countryName = "PL" +organizationName = "osslsigncode" +organizationalUnitName = "Timestamp Authority Root CA" +commonName = "TSA Root CA" + +[ ca_extensions ] +# Extension to add when the -x509 option is used +basicConstraints = critical, CA:true +subjectKeyIdentifier = hash +keyUsage = critical, keyCertSign, cRLSign diff --git a/tests/files/unsigned.cat b/tests/files/unsigned.cat new file mode 100755 index 0000000000000000000000000000000000000000..23cfbee148aa0d3285c45cc5a180c093e567538b GIT binary patch literal 394 zcmYjMJxc>o5S;h&?&QKH29zi%0)ko?Bl`|D2^c>T6BP`Im_kL1V2Cz~Mzj#cT#-gB zY_&No`~zD01GEv+3O4!&?6hAB*RTv3-oXfW6{ zt%NC*a8p6SyLFbzWShZ%(H25QUhjUNK3aphhuiO);i2bjU&tX%PKGLoRV-jg(Fvpc+l;kcT)kYc`^Pskt z$2hA=X2c$1R^;ihbAs;+IG0kwo26-*^8FENj7H-&N;tp?hpa+N6%i0BT4Z{}$&Y4C6B}xP(X*D=?I#7MB#q6z7)~C8rk0 cB!cB3YFt9pG31jNQn}K&SQuCs61kGN098Q~J^%m! literal 0 HcmV?d00001 diff --git a/tests/files/unsigned.exe b/tests/files/unsigned.exe new file mode 100755 index 0000000000000000000000000000000000000000..fb3f7b8636424a95746b63286561c54fc3d7b0be GIT binary patch literal 96150 zcmeFa3wTu3^*4MbGm}gp;RHw^UMPbOHBl}JqB0hA4w->7I)Mm5u%aY{1X4qiCNm@` zg~XYW9FK!(Yg^mWYHhW(RZCk%Kr52~NdVCh6j8hc@Ny0#inkCDo$t5yIWrkj?En40 zeZJ@YfA43W=givIwbovH?X}mwoRh-uw{k{~<4ky>QI6XJNPiCY`|p36kUebdwqe}U zsr$xlF?jZkD_&7qZ>_DXSzcGV(ppwpU0vg~E-km#`Kqmz)mG=+`PP*+%gQIErw_5| zsEb@2x9pzb+`?&Jm2zh|E@0-kliX$8(4?eGxGEI-6`nMX>&*nrph^z<(ZWd@-xM`- zh|piyz;VeOx6zQq+Qo5JmaNsKAVU%d2`O5+UXGiZq6OLSCXQ<&;ruWDIa)a`=R9TK zJi>7ggSBt^o8&ET^dhtW4*U>{)ONHZ@vnp{Dw(vb)LV+gla$efhnii7C*jY*6@@3& zX$5;nAOk#cBtIgM@aN!49FuCba;%M;kV!OK5(**c;PM=k8ntp0NETr{RBi*Fgg;hp zX?;BVhB}33u?zaPFC`9EZPu0?z2xREx9;V2^ALKW4a=x7EO8RaqXgxs9dEFt_zx>L^(q$MPvvU$a!2DuSb&wgiU@MtpHPHr!cP+5 zaY`BZLpx?pz9x?)1ZeQKq8#2&)O z3L!}4&Q19?_WyMW?5L=i#E%WIX7FPjoap~BN0iN3Fai0yJ2}z@L`NYSk6e%#d2@Y2 z&i(grTt)M=!teWdv8-siXy|U9Mh4zn2^^20q?G=|c8-&|VAwlrD`~d!c^Q7z|A44u zIZ#3#A!R7bwRlD>ehQNUF!TmF&OgoIou3~T{X27Z5WicAL**%8iEN=b|7=lqMe~`V z2Cs`ik}v4rLaiId-_sb4M&(x0>HOWn9{y)-Y6VjGu}w(f#8CPVF+`N~(r z1d$G>+&BlcrRleFZ#m& zB6>3Ckw}bQD%FjCkkfBLP%ygxK!|WQ?<7^a_4XyV35$i>plQ$t z{#mE3L>)ystm%h*l>lP@q~WCXa_~!Z(blnuE7zCA6U|?v-{dS8%8GLOBmgB9xt+<> z>ClPbhp2@CwBD#5MX1#ywMDb!eH^FWjA%ux5?KOV=EtA=2EKqhRm1)1-Gr76??0lB z+JyR2n{pSztpheow^ziEW}uX9XF-<66d8z^JsZ#R!6K*p>Rwy#6%Rdn2H-}Fh zVs%@!Kd5RdYN@X2^oX+e%ha^-oX!f9g2l_N^7lcIdv zNlja2^BA~y(QdbNNR$_#aGNqA1D)qOE4$8;6}a`b9ScP1J)pEIJs=C}x84b!e-7%@ zBBrj7EG8R*m$3efc4J^prqoc8MU)*DQOdGX6vO=(YoONeur$o#XZ^GZnR1fU z=I@Vs?ZMq%tJLLJ4Pxlxb}_e040+r8X&gmIivEa2w14LN0?e%iUxe(|+tq(SF(B{! zu!h$eau}qx8~oGTp|D}!$;gvhx@_LF6^at}CTn`wY2J)D^|Jay*2w7i6MNCavA_KA zxh*Dc{b!8c(ZL??$SqVa))*KM{3(0UT?6T@vG$pNx{fA~ByVyjbE*7ilDs4RXAIss z@xr&>z616=G{%h~B!;e<;i8!?Oge1PsRDSppDobuIreSDz&Zi<%;#D7fj`J^eKG3gYZ zO&zWO9X@t${|d!yK)IzCMa+4NSX)G?*tW=nnX|+rd2B0a4$V<6EyXmpKLk%0% zkUZJh(X3Dxf`km3%*jrhGgK7zAKmV?go@7kkACUP^qW7~jIo5SE4uY|VKD}ngY)+% ziL!@$j$+$1VT%b>w>a?QPviV+Am2bA7$d(40rJUK>%5^A3vc~+5G-WcPt>+8?Zh^2+xS5F+a4C>NL@=O8Vs9_c#u zQ!1MBKr+ftnLxz1$<0SI9 za#)>7B!ph|OH_nDKH-DrJoF_Cub}Wx5rz$d4laT+@A?NgMC&KOiUw>=;1`z0Du(C> z)+YzXve=e~-^I3R_;uPG(QcZM7Y(-WqLjWGxYW#r+9W0vg91k1a5)LKMQUq40;RAv zpDrkvjh-gunelUMsPOB5ML`+CRZcUE>Gl5p)P~DpwyyxQapPan%8cDsi~vr_y%|5x zpP^~j!EGTG1VdJR+|Mu**1%gRxaxZ|P(JK^bH*3|-_-n`tz-ribpbFlcmEio)cOlp zMzotDi~No7&VXOn5*csm2v!_=i1I^0M!8ro@6Bf>(t~`K z5yO83YM^0aZ9h?r!POO2_r#MKmV6*E*h(4mumW9t|UOc|#ZRR+^(23FU&8W)8 zfo2x1viS~_kX{xgLNtWr4Vwu6WLq{`t1Wt0gIQ79L9(1K!H}jG5mKqv63rUI7&4Eg zgi!i4mOf@U0|hYhBay9j6d{EiBEOBzZ)B7~{lq3v-wV>bUJjE<6DSip6?xIDKeizv zr$3K~2ygN7{GP}#^0%cu#Lz{UZe@cVZmy8wi->U6zAH*IGn7Z?GZc?86!!te0Qvx- zM}2c8G9$0*^cX+ntj%he04znac^}2d5RtMMYGmXiRma2^Mo`A|GC+& zZJ^wQ4V3-OcD8|HiOHYxS7#4R!divR?_!xS9kY!X%Czv$&dkItmz2#vJ1-fs%JUzG z_n7$;Psr1q6YF1DOhXrW>}?GeW0A#UZ*Le%K8wfR<$ITWQ{5l3iqc+X%S~vXzu(eu zCst+u@N%3h|J{n_Yr)+@v25nR_Kr`iXl?{gJ_mMRGCiSX8DPPI?E|miSHOa)$sO|U z%!#ByKip7yxBYYPWx^J+3!?M}xk|G@3CebqCT6DUuwvT00FsG`t>7dVoRAoZkqi$Q zaT~e?eWNKZrwT!1>0<$`WQw`_0gIB|At#p&(M&p5G_WI1*^%av+98-a5{ziyU-xuO zFvlR6nEYS}AIC;BwmHtb(PeQ;TEFNLIq4)xXo*c|FRkV)Q6JU8GWD|?8)a}Jo3A~$ zpDUX0B#E9J+^Lu8oWoJ1PUZR>msw$BFamdpv|K}9iuP`w!dOPT!0+k0f8{q$4~sLV zM;bj3?+jDQ!2FH+TmN1Cf%ahXA@3!3vJ3+ zN{Wvkk31%q@v|EO{2pmQVOhcSLc^h$1`P8^T?zch^gtElrdG%wO8GXaLZ&-ZoRRIK z-XX7N4{7RLXzH9$aXZP?Dc_J*D0N|6)TKI&Gci)ab?_A1!Dx@~s4IUrkwH0+;ZS4< zpeFlFux$c9Uy59m20eQ%xO?4uPK>!i1C|6`SnAwVB+j7o9da$Q>n;$RRTlH7a^gf5 zVz~_;K#n337u|C1@~D+uXR?XdVb}qO!Y#e3+`{I8#Wri9q(Xx5zqfKFm=a4bCQtW> zAnj5fLlLK>U~J{x%JzWbMu+?#r~G}3M;_sk4poegu7lqTITcC=(2o{(Tg2*0eZyPp z!m>zu85x4q-ifsb*<8r>XmlNZk6-6-@!NZ7{vOXYk&xggEn&)>fb zymuC)f$eB8%5OMJP1N@H7N8Fm)D-=@l9WeLI~ZQO7FzC+-Y*P!O@_#YBYus)W3C??X_I*q)?t`;OdxsUWSdAl2l%0!$*T+5dR``g801-dCy7X!HHU0ktZT zA43!<7mZ-?6983?)BPzyc4UasOVVqQD-&V+fC%A*B#1EZ5TbC|&=}EhDspLT{zpHz zq$SDoZT@zHG~XuLPkEgv#>BLf6l1>4K0jwI#57ElNA~TsdS6tw-vCteZIKrf>?!bc zn3AkjH1rd~^ld4#Cs{^%u+LWngmXg+2v)8ZT7FyJ^(6 zV`qtJ7Xv#iSGhZ!wh0r-22S*Z7TYEW z{v+1>9)aI%8sYDK$C=vIVj2!(i|Gt*oFay9!oK_Kp4>N-i6BAiu7UHCQ*Gq`c}Ek* zD+Vw|p3wA1=xcL$FQiPin$yTd?jNupL>|c5>IL%pru_*)dI_rIKV8EI?64y)xiMo4 z>6aikT3o@Xz`HyB;Sr}g$%ga64zT2u??`jn6@mBc!fu5>%(GpJv!}5zA^Rk3;qi-& z2^#KJ3`#i3eBcXIbV;9(JT(3>`H_l^>&9+RoCEcwX28sW1*|}uO>k^M5^_>-rvCt=rgm|%^yUuFp(fd zGHC*mb^T?c{|+ir9|ad9gGvPEBhZnYN4hc4XCco(z1&@phEuvDO(Xp|`UtXt&&>z2 zi4FgWB#3owDq(BsLyEKIYG6z1m=(=K2ESn(aOu5@icncT*bgMJ{*Br7!)T>bIw_!E zgW+|G@B*quH8mlQ*IN)*e-r2H`~xQ&6xhId5)??Vf_<037bXsz9eo%$G=s-Qx+MiM zwH=#17`IF%1BXCImx}r#(QIYS!yYO}+NrlAa6MRL%vHlEs=M(Mw+F2J2ZPF!r6f(i z`#LKB%f#}Ue(-?;pzjOF=o|x}9!E8_BcT`6htM>se>|6rogq53 z;DgtI5m%@XC#TvFc7;|OoKoQvg=Nt~40Vj=i=8CE!Y5q0s!Q6Z^*tF)j04v9)T`=n z{OJ9dh~N7MT|xJ?y}=;SZ12 zde%F%!hfd~EtrmW$n|MBjV|m+FpKYfJ}_1seVt8S?3C>0Tjrp&qv?Zn7#9=|j3Sfs z9BBdmngr=gq15Z%y6;8p5AG<_BJzIBSNQL;a^6d^w1IW=jH9hz zqYp~}N0QLNO@N=|mUe05O_aLar;gxPY&&lBgr@(b&=B?H_WQ$mLJPdp)2XY{u~CT{ zk>9X!i?;F`o~7X_DK2I_HEX+eRAE`aM^c%kMc)(}zEYZIf-n1reBdFJhsnAUb-+(< zhg6@2sO?l|7#V!+9zK3djHW zI77GkBn`Njzvq!Yf`}Y^;C*N-A+eH)RLL-~{t{2Uu5M#PO|$RRAHiDWlE4GY5zzRf zs(EhzE`v&zc7Q(29D0iiOG}ZFIDGhE5mK-Xt~p0exx;>^j&%n>PLLt??<9K5mKZ1Qa@>7 zXUcj0)tO&m(Fox{()_bGW#a^a4{SxmUFNi9if}?=eoFBt`haxdYJ!UlKbEXmV~W!2 z$|BGsf1($O&;T*C#%PF))8s~o*n&vF2^B4Q1g!1gEx+Rx1ROzO{@=lt6=^JAuwyy6 z_I3V+8>5A?$wq677iev9&-KvnK?r=?Md@=<`jBZ2oeDL9JcixTt&;$i`Ja+!n2@dY z?*Q|+^(&)+Rty#P;j~NGg82r!BN@tt&`qpWCh^ZM=&KO0*`G};XR5vEgbLhW(D8pp z0+Bvvt55V7_7G4q@`}E4%MoNDP1+|)uQ{a-kF=NhTN$ukf*pc71yZ^z#kQ|8S!H+& znNi{cL!j^5m_reomE__7+77oGE`<;hqq%JY?MGguQh#ak#a@ckW$1>l&Ic}sAq@7c z`;hvXu3lUMOjx<~bznz60NVbe4nFu90#GirFbjFGkeE%H&#>tv(11KKbcYpMv*9^Z zM!WdUDO<@o41~QYB2It!7rLN=$`>cG#`*|1gI+-%WB;ILQ(vy^Al_#zz+VHc2iPXN zD5=UN5LjfBAm5bX%njSS`3*Fm7ld=jq$7Y0T8I+FPyP0bn}O+NAQQUHz<2GzRvfidtlC{T%sz^sfz36;(TNPcW- zz3u{XBYYzn!VD}kaIt|MKsw+UzpiY;d>qsBZ;;czkBMpqTLELOzK-1`(UCNPC>uAT z))0Aq2E=l|3J!GTP_ITNP$v5|KFjOF>G#gt3qDNXgW1%8eQa zpq3#1nwtGXI}{v!k+q{Uc`$1@DHUYI>}MR05qMxZeIKb4Pz+3Ii5`w znpI$mOWS~gw6{=tv9L@L+WN=3EB7t0sHhOzPG928ZNs@nSzFubu>!44E5lk&|0TIy zQk(BRGFTIEd&W0Rz;4q7j4f^p{W$H|?mFN?E_M`;@P&u4rVHJel-niPyS75M@C2a{ z96zVc3A+T_lcqd|9ujbDZ(%rLgD5!z7jlkR(`hjHce^OXqTF@@K3Zr#CK&9Ut1d&a z4TrEeE22$4wFoY=ww_<%lxJof&V@$?!_;_(0K3dK<__b=M+INwv=!0C1GYuy(XU)M zZC1L9lBc{8Ave%z^Wa!ZXzu5lqPQOf-b8k1pk3Jp`O^l~(h)fE1o0IhKCu7QIWq&Q zi&YOf>ydj~wTig;(5@VThEc`b#ER$PcXfIk38DIC#@XrsV$m5NcOJ%95Pi0B@wy`5 z=oDHN!4VI}_rSgk(*DK2x&Gh#HwUMYrAqW~654qh8c6LFh9?LpHlFnJmXgE{;#*#?B+81wm4Na(MexLTv|A1g2 z$Of;3Hj>Aa;Xi{5#I&!&1~i-{TON&S%ntm9->;xR)8(Q? z%$ZAa+r5(qY@S%wPNTo=%vjxi38589&fI-s8_Za@)b4wm-+sbnZ|67s01a^Ew)gEy z<^xYr7_L!TYhPOvmZ6CD?ShwaI|BYA@G^V|kgLQ@d6%MFFQmX?`FAf;o?%HaZSX^; z2)JjPn&iEl*;=HLKE*4`v67fW$s0qBbw_Dme3EGYvSGYRmvS`!3#wlM{hw3;Nd~=; z7Ygu!TFQq%iED}m|LIA5;0zM{rzd##G5rSi$ZM!y(foCEoln5d*$gKxq5R zlg&rCChRJtGAhtRp&3>fDSH0~tkA?r`+z)I&r~#jgbN$!=k-3+L-#kP$Mn0<(6jo> zt;2wT-Mw<}Kc2h4?MRY%px13^=Uc7<+bFV?_5xXk`@r!8J&|_fR;a)d>{%4<-K`0s>B7jor}naVUx-gum{MG_t)X~sk5Qa zdVi7EbCfk9*84@uvsA`Vg}I5}j&0PVOsJ%{=V1OF=7Uzgg)U%iF@$x0Md|>bB*eaf z!Sp2hfKgBn#_hs@(AenvCoCe-q&5;a=Y7LmxFVQ=;k$My>0bw~ z4nca@Omx$&P+Xc1pi6KGq61x~r}{pnlOwjT6yM*0oS5T)*;mO!Gu4JT9X>b(45&PQ z2K0sG#=OtpzlXftl*js$Tn2WEqtgB4bIUXTsh-OJGG3k*wH+Wu_^jYlnNRtv zq0E(y{i7Qh(nr3m+(fN21<@pBIwQHEb_P<6FPZ zr@yoCC$Qp?|6n7dPPbQHbxN?UFDWPTX;co&@4-G)31%g(LVCc~io()H+k*u5h@smJ z7|jzzwn9S7;OS~Nv7qWwm917kQcL1E42b?IAjCNb#Q@@7u_4HWIU9jN1U_+dmL4>1_|(tTnFus4KruVEb61 zB8;(9-qbS|4cgM`4c<_Yk^z7 zkF^X|r+FuJW^CNkRZOh8Id^C=yi$ME$OpQJqMT+!EXkXRUn~!25pjRi>@&Ie%{U|X z;4brNA0G%HonB(8^+;X&H98ad2w*ORxjLb(=hp*oXHi2vgxH~5dCHt_en z3AzcDl#kv;*-?5~K{jb+pKK0D>tNFlGa5w!*a78jgAFGy-N-mq43x70LWIVE+cG{pcIG`Vnz8{=Z-E zD(qjYCtx0_HGb%t>EQk3r*#3NK8_ywdvotO6(T*{a-FwI~ZVZfn->IRPq`m5LtpO=#9s~_&4;Lu>qvMPK&Gr&82$&e_!u3)%)Flzuw+E(R~OmGa+&a4DfLYe;-b#_FxV1-CCPD4I(_7O~S z@y^fG`;ks`!94iU$M0iEY+9Q%g%8XoeXR$U#Bw)oXNK^mf-#26rw!V6>)Kvh?4L@?PrU~2+YFGcMZW<=+J z9Am*F?M918HztwObT!foF%PiWN-acrnibd_qCSflNF?b~6V6BVmc58dS_aG_{MdNL zKafEpEXx7$E$BS7e<~lO*#hN_aYRNP5jKqA&M*d_gvlmDF_Ri~YO!sNrVgwpVKPW9 z7HDLFhBevW5koT_8F-(PdZ+?u5{9_?duT-bz8AaClz-TN`l7YjY(=8a|AsJmzeS_% zd)9o8EkfT#=#Oli2AJ4((!hR>exC++X|UIg-RXulo#$CIFEb zy4fIQ^P7ixLJm`lXu>gEU^ltgPSSc@ZpLmDc3fI4f!(-Qi+4bbqLhL{jI@5gCI7H? zA6=hSyJYv-14kv%B! zzMn0IDzkC7s_dYljAa!E>?ZzQr zeqVmifPXH?20^yC{cR>UgoRV7PLJWFTj~J!hHiJ;M^?JXhc{Ct@vMk@YW`kWZ`?9{ zxxT|C51}`B1HS=B9_tI!N`b)F1$z~N^s+f z;%M#f)W0E?bzmnU$jKI5vKbG%I{`ABHpqu-0zpp3y3dzJlJF}g(Y~whBSG@oG9!C+ zeSjF~9wU`-`;VJE_E+mZWF>S~|6pZCL%Ioi9r<}&y;{$afAfc1K#I?O+V(J!4A`u& z0)m|Dl%KZcAczK9MI@7lE=n(Bp#Y-{bB049N}h&fdhKf(rQ}J9zxQQ9G7wC``7QRh zFb1TE|CmWyY!iJ~!G;AwNWy{<3f^y6bqAlLQ5Nw6T=P!iWsoQwcooLqZ}J@!AuG_t z+$n5fPG~6oE*BORIAzATjiLEh9O{Q;gP?a#dE6E&2;}b;{AaCehhQAE83g;zb$v>1 zHpXtqX^Ub%+3c1&iPp5jvama}Fx%bM3)M@b!<_(X)7d?a$Y|8Ho1D@OXGMEk{fG22 z+cXjQa9|CEpKrkJ$qO@S{TTQz zbr38nWm1I>E4@pYkzS1vjHZp@Dnx#5JN<;|+=_P3a7{+qOp7dh!)6i}^2ZAk3HJCPH*EBMJL`Sstyt~0jt!Ask*OsC-u5oE>G?%2xG zE$xsF<#vH%%>PA#|I8?U{b7=;obH@Oi;SKMH(wn=OHKQMa2J2iN+<_xYYPg|pWr`k zP@hI1-hU*WX`{&&1z3qh#exta#q{rjSN&b(r!bk}6%KViOtd!66U$@vrt<2{m?Elm z@p3}v>`Wq{PRA63euq&3lsB6AY?TSSg54XP#Jb!gDT)IXz^GT3*In zM*S^4ieco$E!|wK1Ww_+0`oRzAB;jTbk~Ykllb+&r;*lg=I=j>NEx%MQ$W?2Q(IpZk(@A7dET?GU21J$lAN z3^XbN=3@UEn`amtX^*X#jKU%ia$?jr3gg=3*=ZR0MAn;wq+)jVg2uSp{qI>QS!&}0 z`@k$4;5f2Dk}CiMycKESw0J0%r_g)EoG?Dr#Sj*0JpIMr3xiekjzDbuPXy}r$-Vsg zi?O{|!RK^A0qIF^r5ucfJ@i8tNiZ0ikK-nbQP)4P=b>RWjL}+b^W>kvdky=c7c>mI zg-}6Md=NBj?ci$#*|m-|ZNS|I)Sp7V>7C9+pYpfkEm^^UVY3H{--BV&<8RMv8IFW@ zu-1ilh_SIq%)aMfa16nS8~P$^at_^Oz(x!;(rJH#4?Sk0Vz*$r|G0;yWrQ)jCUnOz z7exn9*8w$J{R&cOwC!2-MCeEO7()?WGF)t1g!g~22T~LntRZXvbBE zHl4A1KOjGA5zYP?PzTWpPE;PM6dOMfRa{3C1|Fo>G7iO@IPofC`ia_JROZz0(-?{G z&moy`g42(~RL(;tV<#DtJ-7^jwsra2jJnb(@8H0U)XBqiYe1oJMHaN^R$R-Xbfzq| z_Su3Pt25D0V-onDQ9s6DXXo9cu#?_Z3-!O2?g0ohGzhS)WDI!Wr~A&?^_fFu@p+3>%dRINbBd z*nM!yT48YPb><%DgY$tb&Z$?q6r8eVBcFd@2L`$oKF}`yx8ZR+$R^#Ngf576a^Nr@ zEPzefJ{IIDH<*IlE9m`sFk9mP*yR6UtYGMuo@cr(odNr6vz(fdd>ykLm?5RdY;1%A z;R4f8+Q8k89MHtrpwUk(B=HaJfMpC`rP&A%q;NkSkb;50-vB|4(tUvJv7B(_*Jc^uvr9I*j>f8&iK`qz~&MEYQ64;-I3k z1?p+#2%rd2!cRdJ>cI|}N1l@MVqP&_v}Y6Ny;F~O#`FfC4){|UDOSc(Y?xVEa}fCC9kv7q;OAtqrUAcKtp z)r(SzmT}ee|H3lDn3!+T3RPq3pWMc;zZ+9V1-~$T9wjrQMl0wTGi*@)5eaBH8!x?u{U0FA2SX?eTafks_ZV(XL+kJKcjBda7%^A= z3A}$sc1&HsCQt_^FC!oPD{Z2n@u<|y()*;`8!@9ZofE;w3iLA#9kM7i#2xCB2*vFkY=ANiW}aPXpsU3OjEA8ZNj|(5 zvBoy7F9jQ&Cm=CapwyoXUa65@{E{Zlm0w%?Q?1g%3UpU8Sjc znmn9Fn*XR_C_E8d!h-hD>cRm5TB+qL#Ly26{x9u#jTP;KoHpEosx%j{RfK;>K1s^~ z`HC%LJ<}z zR$mzkb|DzZMEw9}a(mqOuTC}8- zO~g(b%|E)L8@lk$5+tLpX6o)FfihY9ps%PSZGk~ReRz{vcS5L|)8z%oR%0zC@% zi{?~RAnQ-&y%_BxqyIaa^H3i|iu6(ldJ^XQ1ntDYS_CP2BI5`0K`=&J;XpB_7@(@L zir1wK%4QrzLM5P!c5Mb()0s~j&Be4}KL&XTGUory3!?thNqoQp$zZ*?F4ZN^&c;mR z6_|S#8A4rt8zVd5M`N>s~uE1fq%n^a8Ms`Nh@bs1fSeg!(-=Pki7* zv==pYppE23>K>*x5!?@Ha@b%d zkFGdw06d|&xV5#9rh>o%jAOySE)!L|P*t;rfgp`;D(|7Kkv1$;Q3#N)MWev-`(9 zAn9;RePpJr%tVnt9@ACWBD!RNo48OWM@zPP2TTj}sF=(UT}WlefS(ZS@lK43;%f8) z`Wl~`L)VfzfWZWPgi2*Or(%I}(ZF~m)xgdN?y~4kI<#j$t}O6S&%;Q?%H$0w=3de> zTKg2y2`0@PPJD)^-9<;Q#6D1)#{o5nV!^VAEm-*VM=)?v8CTNbXx#HSbDAc-#29C; z&`UVC)!R;8>4Ynei9ifFqD^;3^SqzY;RhyXXped;mJWJTP?DoL{fa7^N3F%kgyHaz z;rNs-FE%pUM*Y6w8ciPNxmPj{(+U2QmJet(TS?AB!oOWfsyi`>u~U1c9p)G>HPbyI zYyyfI>`J#MWD3GH;FL7-!=Wu?>y_8wI@1Jj8ODn|+XT^l51q+}o&>WP3nhlwfbddr z_2*=A&`3y2>s8H5Q3V_*vB`{SiOO<;2l@dmi75#@wZh$-1 z-K$;?QN-6ubULmtmw<*@GJS%9h-qdZ8DRx=-wSl)L)SYP!`pDl03!zL$qr+l`WHwB zzQr~1aeM^Bf(-$zQaY7mkO9W<2HNKW|K5o-`GQ)p6-Y4u>f^B-*?Mb81&H?~-E25m zgFp?5+hBCL4$iJ#tW9tD_|qYUj7iK5JDp%{u4=hBihuDG2Oa=R?DMBrx0)S11QJ`jsw3c;m4QShYJ_M z8-OX+S?Wz%gf*GQsJaj>1N+5{wfR86I&SW_x7qI!~xHTP!vbTI@p*^c+pP%U zoWtbIeffZbcLd$`1N=R|KqB7sBflSC);o<;BDS%6pcgf8(MpPEx^O3YxxG!}V zL~;l0F);;q!HSLPRU_yS!Fz&&DWCDr_Xq}DbjCMC692UC@5$yrc(EFK30r^OyFk{C zY0`HoKC|+>yU2q8Kg^Gb9+1sy{CgtL%peW``kjAW6*-JS7%s~tvMv>6KZjAuG!1LOj#0hOqdM}dA zU(_=$_`o8J1omY@y&pQw2a!d%B7diTW#?&ZM{&J5%qk^$@kJF}!Pevq27SN`zW$C} z#^8Pg=tP1F;S)*;!Uuirt7y{R{M||$)Y|`L>RP;=%&zksz!p9%ds^^PP#3qrc1PhA zbK6CqqSG(1)l{WJ;Wz(@2ccD;_M*&3JCRQ z#GEI$4ZEJ$?L2Lidhih&vH3Ke{P63ifM*oK27Hzg)zw18&uzch2eDQ@eL834|%s_rE zK8%68)V+A`iarx`pO&>L2`j*Gk;}IA+bb}ERAS9FUE|Y)8bi{B7 zoOPlWFVR&aJA4)<dTnqgAE8#f2b@S@tQVwsY^J9P16!M-Go-`FM? z=USA*Xf|dkFvJHw2P>Ws8d-(|u&I8SzWPh)ZD{Froa@5&`IQTB=$b?V#oWdzQMf`l z^C=7!W*3GUvfZHxkGn(DUvS%1-hU4Y;Ibp$^>q6?FNjyQLlSrxbyLnA$ z0e8;#M6CD>Ar|BZ{Jq$;x)xp9_GJ>Z$?L;6%YI)@y^5)I9@3GB?-`!;At^NR@oGx= zh?cJoZvU6w*`j=n80_=n#N`wwU+;&abcXgN*}_KuzNMLv(3S+b-U1dd7`Mf2d**ZH zZ?IDPzw~X5f5%C?NsMoPKp&XhR}Nxk*Qr$dXEcC;B;Svrn~xzRL=Q%S@%<$l|0qn( zt;Ij1kV;}>Wf!K|WxLR~xE?2c&Ie~PJClArtNyBb4WhdJhU%y}EUJxfw1xId%E_mb zQnb%?dau>L#;nqfNNwMQHq=5{A6>>apTq~{%)6B~I2PIn=7Yb-_+;}KZRCwaEv;Q& z!$?Ec*DPbQ_Kx+>`1ML~%m-zZNBcSui)IBdAE~R6qE$Lg!oV>xy8AmKo9}*zF^4Zh zpDZIVJ5%f=yU#`bhL4XOLK^)M-CqO6x&042Djk&F7JM;6uCiseeQhTDlV0R-2>RmXeZYH_v{rLz`ilN4Ayp}v#EbD`aaIL59{UrL3wc(VqnbsQU0=z=)wPkxk zY4`Y#!5vzMTEaFfe(`Mye9t5IjaE4swx7hhtY)1gtV@P9s8 zb(nq|K93y0_h-sx;-gFg?8|;3H|(2^*(V78Fd?+T!7&Yo#T}j<85Y+sI&dG&?nL0$ zgHs;iv}brDt_#9~zl$z~?9lx~`lcf=%d0clO_&3@oqVtqV<3(`}%;>j$e+V}@8Z3ocnTtX4_(R`UPy zd+?=Od^#nFnY;j5Yy9+yS|<>ghKae|a^_I{3X;h}mK~M{Uu~juNVNC@Y)Xpu&IZia z{bH#80(=OSO%crEVG8&6;zo&@gzwux?D#H5T8K>NbM)ge^lHg_MZ-R~;YGJSvg&$| zbPR8M#^r|(7K0pJQ~?7ZE)|^BX@joYzPI6RH=SLWEc`}(-}IsOBLiFY=t+k$PubnP5t1vMA{4GkoLQz?%V?hdhr_H0Y%#H4&BrbH(xk#6nj=DuNT{T zt#I_~ag*mJ+_A!o9;rRzHXvimS#ex9ZbQ)dZ<*!RiQ} ze_3~1uUTkTr$9B)NyR_ObV@wyDJj{5uYzga9n%}!%fSkY^nhW*a%Inff4ac=PNHsN@z&`0$7yYMXDz`z0t8{p~ z4rl4`Y8`$@hr@LE^-8V&+d6!K!I=Ipqy?6U%VBtT6=LB7SE3IKN$V(p+jsot5ke>R zD~Dyv^Z-iy4q^ZE>)gCB```;{uTg%sF?7`tr(ofB`>zQ={VpC%+j zQw#ArNClLN>c#q02)1KMVWr%on8#XyugmE!ItQffw#%dSB`ji z*IwnjWWFB+M-I&0Y+V%V?{oYY2Ud9REF*7pUtth;c5&zQ00`o%b{&eJsO?g`j40@7 z@896FBTP%4LAwg!v%=223*Xf@HgbbDKT?4Q-MFsnHtZA)xI;M-9|Br6QRfz4P{bxF z&IqlAxxEVQw_!*8MJh2AJ((hQ8i5xL>D5_huf)Oa80bG-fs($)e@n1k2g*!Rv|PYA zeh`#FlL&bXM?t6%!T}-rVD)H?(Ba6Vt*8}wC}Dvb`~I+~NnbjMuaGgc%AMc^;=T)D zK-}GEKCpTeS67w4(|VC)E;5ZmW-Ir;w#s&{-F!hxR2$b&lKY5Fs6LC6QAD$-Sm)r=zWqr79c*NS#M&C0OQPp za~xcI@;;@!12dbTd*F#a`q)HO^!K50p#lBP{s+Jntj~Lud*KA5-(>*)*#m;~3A{i- z3M;f%$=a2ty<$Aj7bN#{^eGP;%b4ZyZCejiM<9fq$`k;%Jk^GqzO>3IgfP9OV(^6T zGWC8ir1J#|h8=E0N7G$Vjt{WKB9zEu|6` zS;Cr!wNu0!tye@w!$0k2XZ3Ew!KO8)D>yH{4&RZKfKpX%(NMn1zJuwOrrIKp546$U zX|j>r+_&sre!QF{=A?VDN;3+OABJxP z=7zBkX{rp$LKYeWk=WHKhNw| zhETQK9b(&;rpm*N;EfrKh)Oz%_NHD;KyTlF6_1X80VHUCdrXJ3bogBzj$$x2KBD74 zs?g^%9loT)7j*cP4u7k|4LV$_!)hJguERMxyiSLcbodVM(89BA#p zUo3qfMGMhUVdCG(|Ds+ru`t3IJm>roox}tOB0IK6qv7kdT`0;MMnC#rc)ueSWUzPj zxpD4JEuNvnRvlV(cv6RPB!l?R7!;3}`!>KNAeL8E)mR&9>Z+EFJD*5;M>)=yoRB84 zu!Ym$#%`^==?3Z6H(p!$yLnucm?d0kx%_GvkxZnz-(I4W3Lq8}U4W=XpH$;VA@xhKUVV zPqpHota>X~mRl=IE315U<=1K>TUfRX9M)UM*IHMU)?2GLy= z>&=yQUSDa|O}_HF)vPkwQc+W99ly-FbhWp<-dgIlmd3H@><`o{s;lt=SFC13rFVt3 z4FBZSn%6kKkwdvy57*Y0`9)9{6ExuQWl^8a;pZ)6r-N9!g)M!x)bL9k@})@rn-9K-Y<9jZQ!5 z9|Jt*{Tq6_6WS8vBLlN~Ec{LI-oI;QQUIG!{&LU@VuR`3;$Q_F_iM0ahX#Mp&tOwv5;Kl^9KQ^e)o$z(h9hy-fLFx5DK`54+R%aT~)w!%~`&(?Jot~ zj31Z0yXZ)PJW=of$Q**N{mKmO^} zOZ(jR8GroT`4#`@l;8Z~zLzcAZXI7x^Te{8D1K6(-#GoRXi$97pt$2_j#yC*o;)|6F({rrD4sVc{&4rX^-BiD zdk4i!#++NeY4o7@pz@mr#cKz}9~=~aU{JhuP<(bl!L`<$*>e`;TJ!TJO_`K$osu^t zFYlTuS6Xvsl`pHQE45+@o4ruaoj7$;McI{8W3wd3om>A(t$u#q)G1T`wLWquPWgYe z{(s8+&wr*r|Ec}`R{sB){J)joxAOb{v;F(;+aK=Rzke@* z4D8F|;lenk2fS`L$C(gz07`h$5N-wBoXK&S2!{dR!jpq=FW^^rM1;94tdsGqK-da6 z0Z%Q$d4TzNya+o0e~hOQVS<0d6F@i&cm_`^!W=FN{s7N|2-gDMkLM2vw*vkG&z}%} z81VOao0dCIvNL>2-gDE=5Brz~}K4BOC_gFX6aF2xkEP70+UXHv#5c3V9-&2Uv-x3gKG7!+2^D z?gboWgKQDD0{#(CBf^^itHt{6rLu8x$kn^$jdnHJ}M8`fad{(n*a~ts^><8 zdjT^pM?HiIF2wUZ!X<#|S3ri84mcTmGu;U10ls-9HY*VB1$0~mI_(<#WE$j#FlR>| z9vi|0Tdzeugb6l&4_}o-xC!v&bm$Vo1iv>E@CO zPGN$0xE**ZIqpe37KAqeuKWSVWg}b*xcd&s72$5cZrm-HMq$9WtI_WW_X6hOc0~!o z1iz@|xMc`)KLn0C^drJnz}$ND9hCw6KAskYO9|0~5hnO0o{JIY?!v3Tc&rF#0A7U0hHw~g7oHp{^X=dNQ3)78 z-C#0srkOfi3dmbH-Y}B03f6<=okybCuG35mQ(OP8w>2$=OM4_yd%)Mo zA>2qq7N^rMvV@bnO}$Ac<1$NZ7s)6im5cXGyfo4;O5-kCLAXZ$E3RZSr?;bs^%3Do z)RUN8DUCF*g!1+N9b)E&%w)CE6G*4B^U$ZnM@(vod{Ey^8PqrDOCuhJBy&Ti3~**J zCUGRebNZ6X#UA4CZtz!&w4uq|(7Keo*0Fhg)Pjz@! zhso#<`peMag*yDM4)b()tqy1DP^$$WQkVC){i8|be_H=sWN?;Om3zwza6JS!RI29d zcQURwxNxJSZg4WUDrt7P*Hc>Wb!nGnKA`w~FK)c}YH@B}BXDbsZXBND{tIqL46gnQ zqr2WYvtYibymZ-2TAtc8L6xYP5a?`jaOA40M*Or&j?VTkWO{|R^NMBM_wuG*j)Z!w`k_umS8CO85 zE0-=Q^VQ*EO{12`%|q()axdK@Dy>^y&&@}iE*F$nui}a+T(eX!c`IU7Wi{2SSUz?U z5U(%yE-9_8UE*C`Th4K1T8gi}yiUKl!*O-olG3u3%c`om)d;PuU%sTgvC@mZ0B%W{ z7WxH3H7i$wSB`suTY~#O)mZnv$t|hS(#9AVL5Oc9=Qk|D&6qp5+@vKn)vWrSq$R#; zmUgePbZHGnf|g72FF5`MhP^4r4`KIp}p8D;l6!2%R?4 zm7A(^Y9Lm2M!LX6I8sb2%U71wVx^Z#Av754YZKj=Dy_n**i`SWW7n^+D@5U{a;#qk z3RRb_tmVo~t74?NADJ4;>RCS5i?Q~<@!aT|H^=3}G-RiKTvByjvsdREr2Dy#Fx zxFZh#@A`8LcbvCD85vr7>!|bR$LRxMjr zS*Hai&s^a4I47@+U4fpsYTBf{NqGqgRGZaV(ok7_^;9gS9IUO0+MQ%bE+g;ONK}`2 zIdjg03$PQDWJ#&2sa}qYl!p zzDbK;NAcN+|4oZKC_W$YziaWCDK4FXe`o}qDbBh)&iJ&(rHEKQXM9GB6(Kf-Gj7&m zix9h#Gd`=uN)Wr6Gj7phD-gSeGj7#lwJGyT8#&`PE!LPauMDy0v{+Nhyk&?zufZ5z=Bwt7Tc6EZyIN8*CJa|=Gi&p z4lNQ+nU{~&?bKpjh@o}6v{*M{XkCXEJA@co*Qv#N5u3^xyR?{s*j1cyw-!5@GOrSR z?a^ZW>F*AKmU4z+H)Ek)Q#Y@Cd1XDVT#d()hmL_7W^hJc%OVA+tEu9Q?`l;aHu28# zrM~6y^!K!M{5K<7kI%%*C}k^(YZ$fnwX98vS+nYDR-RTV8aJSaC_ zTh;QrOq_9{d(OHv0eMEsM z%;St>3>jqhMo?|eIM$Haf|%Lj2Qwo)Me~8qSY*hie{(lN6y`WRF3$Kf9RXF*svS3s zr}x4~Fdnp|h(RNoU=imoD0a_5{r03>Qwq++sY#b0kVzIUlWbY$Pr(=qaU+V(Q*&36 z^*U5ATT~RzT2h!lWtxEd6UIC6aWSN)cxoCrW0iUML1c3&V&(D`oN=W&V<(~(Zj@Hs zSZz*mqHxA&s*>?D{A823QaCN)u~-7nT|k|+ITl~S8TBm!%rKTI7jz-RY^h@e$jWD(fByX=a}yLOdT*2U%hKj-6q z%$X!5FZ=O(e|vwK+hQ9-F63fL7{W ze>s)vF@r5Cw77Z9@AF|y9X#up5j4N=U-V-%R!g^Fv5s1(ANT_l4zi`O^iVQ&fSD)# z0Y@$x&L8>%+>MTr9pG^ zNi6gsijkb^k&JU%g0?^nO3YvQtEi1w(uFD=R}@ujfvd3)121#3yo|N1sDARSIas;#mqpkVO=FccwBKWGv|nqM`BlGa}Irhy$M8(ySaR$@4_d4ED7rDK zbjt+MN({`hgUmcHxR_LFfB`5c3#5)_U9gOY;|f?FTzC}-eSu5x-)}|R!kYiGjR z5((oGQG5sHk;OGnR6+YRR;!0HDGaL?SJD`gkW_ybW0tQApo9PfzafI96dcPU!3hEQ zd38!72(u*tbM5h+t}bVi*H2 z0W1JO<<=K-VP_)#Fmf&DVEn&Q-pt^ z!gJUHtsKmgi_4NIq6P6{QA^I5M`cI^stntrv4|?f8uNnMn%{$@tUa09of&}xuBw%V zDCR+(gYt$B@_V6(LJx^Ybm9GJ_$b!U&H7qC`6?}wPS-t}I56Bln(aUk&_HgIPTvuDR z99dHNZ4Gyat=1@JklmeKJ6OQnU0ZWa5LuS@bnF>mMrecT2yK{ot<05@QNYLCQ(LwW zY?PQzK2Z(FlxZi;(b}3F3%F@{?Rcj&Y~Z)3BIa0aC5~-G6c1caq1!~LJMd%T@&OU*4MZvQK@r*&_yTeHquQlZ za(!$GIZ6hXygJUaD_KEdW2|W&tqt7@LSNwE)J}of!zuH=+M26s9JlzS$PE*2algkc z{?y|Z4+tGgg;;c`YB$*9s4KNW@7G_>2fi5BRLm zOnSiQL`ZtTaS@Up@OcrE9`FSbk{<9EA|yTFVIe_!z!ybGdcc=NNP57RMM!$UR|FU7 z0e>k%(gVIKawI+Ae~D0Bc)%kf)GIvTYa-MqJmBj>!fxRK-w>g!@PHG-19GbJ7Zf-O z()?y^+3hHB)$SIh2;GB{_63NpPIjT_Uqug^0F!`WK3iMk$F^}aI=Ew*$2$)&1{JEX zGTf9-tH$uT+9lLbmzEW_l0U6Ihy1D5*2E*he7^R~^T6L1xF1AHS%-v~zpOo%6i`v! zv4qtUj>Ve8En6}2SbD}FB1>C2i!A;xe>eV#=_L(w#Pre^ps#0DQy=!n6is72wqi@P zBhel1Xo*-BEA^i=A3@al6C=3&Jirj7X&x$@O-0!ELE;M#4>R7~8Mk7QZIPI39S{vY zMwD#M{KcdOX8zL=Em;0Eh*nroqN}?n9_?uB471(k>lVBZd+E>k~>Ju@p5)vhpwon_amE*j)MVD9$bC?@r_g zq9eEo&&pdW=>vyx4s}lCIo8UtUXJl;Eh~?3sE?T*JD0cl&RT>ba)GS;YLiUAGM^l3 z!Q3F)-5gFta0mZS;0YCXR{acdZ*wB7_MTXGw0jFC^R1CqxXRnNVPfCW(=Jm~8YTYm zGmvCkw-srRckd9F9X+uaGYE{XWhMNK+DhlH^{kYi8<~&JEjyT>&gj{p1zk1M3Qd4x z(L_Al-Li$vp-`l&tFw!ha}rvxs-P=q6AgECvq}o|bZqVD+}^?FQlK@`g27mfRZ$?i zh6OnVF6N7iwQPa7SkJ0CNh7NfKqFho0kB;p5L_*$E56!POII*R0+wM*C_pPzXV66= z+!hIUb%l4ZGbz|2u9wnvPa@LQ8fn97Q7b!(0I?Evwz%9*c|M1(U1R3Pc`v6x zj|#1z5Dm7vqwNvaM4{$bXEQ$chb!=jgxguOxbE!2gn_j<5s_A_v-t{)!tho~PTkq% zKoNq7m7-}Qprws%=I2-fOKn@|67R@K;D!KFN^#K(C?x_ylQ-s3cpD$=VfIS_VF?!E zggd$-ZHzV1HOv_4+D4vrn1az*EV3De_Qo5oPMN_l|gk00h~53-t^4aZ*Xl zT&w!{g5rD&gL%FurYb1`D>IzKt{$~vrz$i5Uop2_Ra$kR;(Ku2^X&xJ&5_Nag+)r* z3zebCL)G=Z;~=~6UQ`fKO{$IrSDXn)x3H^*xQcC3101o#xR-<)AjB$y5>`)Ks@~_D z1jhsUOpAX0$I$qRW`i@5VVBr;JXn$Qo?VqT6(IACC58S-Ybnuozy-#EdH| zsCS!V22VCouf{amY_4T^AVyOxqifDLpwk>PAZdMpk3exP#RxUzNW_dp8FjUDOm zUyGe!DQ5I=t>&1Gk`KXqnQ_%TS`?jQHYgZd#d6HpCE=A4UI%Ktp@|t5XS0@a#KV1( zZJkO#oE*U>wE^rSV@6U&hEyb8$YiDXx~9=D;*j6;bCTaIQ2 za33|7w|B=G1Iu57Dc6YTT#CG!8M(8`3+9-iQ^EvxbPhFz2;O-%l|GCr3Fcev(T>gA z(U74Bip9_-H}`C|+VN=yH0I10=en*JLWn~)KR$q0Ia#=|N9EaT6eEDs$oL(_;>RaO zRs2pZo^CQ=@dD)|qBbZCpv9QTVo_q;qHSZw!`RJ_YJk#~rrL-)Nn7#)4;b@!Be77J zU5OeA!Ao!De)szcIQPyJTP@m&InyeA>$8 zuoVtYJ~E%kb7#;{l_*956QArFN%Nd$3}|-G{0ZGp;cVN@L6kAz=>dNpgH^^cf3FF}~fD zi$@fcG#0)Mp0Fv`(Jdg%vy6UYDNV>65W{FAWh_02;VpZIW$~SoEnVFS(WEisWiIfj z+#0sRB+bZZtLo4XWOL)!wP1527XL)u{6z)T%?Kzi!*8wRLic-_@ymH1!wAK^{p6vh z%t$N0J8|U%UL3}ZS1Rbn?s25JAHQ%D{{8SgVvh#X;yW3QU-R3-VdVW{{F(-71rbX| z#&0-&AFz7}AHhv343CXhd4KQ{pl9)GKE47^E6FUBs0&Oq`CKG!c;4_M=VOzl6k!|#V*E?(yTG>fSBUr$XdcF| z^#uf;$HjB_ZGId9wuQWJd36&mai|MC4ag6p+3?-E3<-CF%7F3TATAvUtVZBM{33%0 zbmO9n0^@6gV4!L%2AIU*jQ}xC<7!*yt_EL(JBl5*!BDI4A=*aEdNY z(b!l39z?P&o58rJrU{qOLtW5xhz?_cG50Z2?A@UHBt(A#zs>JNfW?&UKLimkfQD*o z`O7A2-?gBL(z4$R&}g{WxYAe)J&gvoH7O(SL#o(_415-WrROo$fyy2`BEhc$yc8h# zqHPHZo^0#QGWy$y-g>tT{D=Y{li7Qb0^gK@QwYS~CiD022)s|QG&)&qvxLjB9p@e) zzQeeZZJm(#BH*!4xriQh5q(MGD?!AXpMt;NE1j`aU7*_Y!}veu*>y1DA3*e781Osz zwf+i$Q@Hpi3jA*b7NJJg;K#ORB= zj3}DGYZHE3e=AAngh1JenO1uN$G_klPiP#UvN?W{b36!cc+!t;ea6i(j@uhpF3*Ww z+{XQe+SM8rnxW}xTn?8!BF)o^T=6nh!vMI4)A_?q=9sF>zqn*y$mxR7TyjxT&`rFZ zR9j{1kz+cHyK7*}HtH8@q|fjePC-&MM23+<`tR!G&m;G`{{+4^fE_gT)*}=Ww1h5g1T3} z-^Vz(h(lK<2C+QDjCYA(Zz9VFcZU|yY}VM3aF!H|8-lICN^TD^+!2a2v!0H8%f#3i zUb)$w#(kWpmYw|_$i?%cBz~LR#a{CL0BtNVsdd|KSp&FZRPy~r1R;bhA#^VJB|;;( zUd{VlN=%#KOCA@AsWnoGA3yJAk$8M81%lRUze@ag7f;-4Md_Xqbz1z%2;2c1N~;@5 zrS<+YuFvgYd1*HWj~F`wT*t%WISB-thz65`58~wEhh7$2vgT<`R1?+>=QT42{1NuYm==$Taw_ z4I1}cD(|NgNc%@NQLR=KY=?SML7fBdEm^oz+R?IT=N)viB(RWOC7&XYr;?@xJLIzn z@)W2pnSYgdj70pOf5REOELeqp#^BstEjZI}PWAd-E1(bk0(aK$`V=tw8EfY5!igXA zs%o!-C!>YIvm5+mY@2%(zu^C>^7D5kke+^3!?nAv!I^%>rn9b+4{*rSf~L?8K8_TF z$sWg7a`c?n4|BPJ`q@rKdp~btNhiv*)eXw@d9ANYde6e=dw?RxlV?)(0JaK_X zMnE$EFFDB#d0R)Fx^kDqb)cepcE%09-a z`PR)f7tz+u(|$+F%)2(RaZ~Qyr2U)p8|1qwG3dQ8o9Q1)VXNoh$S8JpVg`62z0Or^ z)1Zx;;!jYm7N@mSZs7!{3x(A?A|_Odnge(0VeK82t`G z8&=q?miD-XEnQY~7nZ!YSeUDnO;17V|II!Va{n^Qm*j`g@iv2rIm+|ts6Wm7C@ zTG$`98H=o&vHk@X6%I|jt25TQxhH~kL5fChBdpSij>Mx{^js&JvKotEmldmWz<5t$ zi`CA}#O66L@yE?(ie*6uZtd)8R`7fWR@9www!lFZG0sqUt!+pV;RTRjXFBn? zm1KoC_pqf76sF~0vb)vR*=2=WTf5jsl+UEdn%IdsWb2nS=AVSf$a10#KEO1Sm+oNoSi=_36o&+t#!@Xndd?x~{#a6V9 zc4BX%)u0Zx(utD>XhS0tVQ+KrNN=3#a=1Cc-tM5J|CT5(w6-Wrae+4~;fh-2jcRM_ zibUex2W+ zJxIFm&@dHM0$U)^GDxyDUa~mu_|dw$sI+7$n{us}k`}^akpvVYehIeD8%?@2Sj{`E zcrWgntal>$b}%T7R+;=IVRd)XQa#%+4M|&9XFDg_Sd@rLRooItu!|fD(e!&9yDiRL zAcCbK*62`DnTp#5mYd?@q7*_J7+m5+^U4=bZ0TuhW|um!@T~Q;GnqFk(Owv8lM_#J zH}lm1il%7@y^ayqC|zA?vnLX& z+FsJ)i6Kptr?omUvOV998++7_v4|5Dj%^R`NLX#?KhfL5HWsP}YjX%h-KJ(H7U^J{ zoruJiXj}Ihw#7kqMyL_$?ZyDY60$m4S=5O~8`a*4qLI~^8c%kG6Wta@Q$l?~w3lsl zU{^D5ZSRWWwqeYPp)L?{$J7QST>57y( zUdh`P7T068M8)vtN+(KYh|I^j99R?}Z6=rfO~Q#ISL|)svbmXcdqL!=f%P~Th@pbxjU zQ9<{_cdKcW$M~~stOy!Ogwa-%cl2- z#Ip|A{i^`AF+OA??hW!7wp)BRFz4;iIA9sAWmtIDi`6pd%%|}^t0WfY#yRDW5G(WW55q7}^&qc!30GAL*$QcV6amCXWbb%#gw|1m4h|j7vD!h3-dvPIh zPC+_sPL_7Sj%!f647AKmip|+XM`G%PF`YtLPB|teSJ=gc@+9DV$$}RzrCnKy0=>L~ zN>`LRQN3*?Y`PS&Z}-H?BENvg!v3p}JyK8dz7WJ!g{udkcP!zoK}SVIUfxvuk!Eg@i+nDBEm{2K zX1IUj%{St~Bx4P7e(^0g8my%D_GU1;q#mXbMm>K?h@0 zvWTpAuG?(tp2ZH2%|wlxFm|LA0aheBS^?2Qiz{pro?a4ch1r-eTTEGy61Ix~U3Lg_ zV&&g1lwu}`yUpV%t}Dq9STv{1VBJodpF0zkb$2yNld61AJ@XcN2BChfR7X#WQp(^F~j9u-4AO!wz%*QMrc}1N$ zvub%&HR=;EyJ;?LmQ@2>Dq0&~v5M(e)wayrhzC@gHHRu*x!d1FEvithTjhGTnc4wf z!^pt@bNqj2fm84_lYNl}A;!Ov(=Q-4q$O zVT>S&jUC=c?}Zu{Nm6tzF8QNFc=iS%+)b5AsZC;nB%i`|7I8U#0M8BEETv=-1^r2$ z2+%91#MLH#Q{}?U$mQG>eFmFTqVC0+Z(z)A_!s}yXKwWw=F^7ZGi$1=s~7st@Eg9$ z>wRaK2kL#Mf5^84VblLz`&`4rPgMKn%gcOzzj33l%>39P!&f!V z836J5z{tE0C&Ra(7wBjBWer_^ey6Waak|>)tMQrDKEq!P0(1BwpK1Ps@#|{eB2buD z_{#h*RQt+tUFLtnSLHVX5al=ThAi`IuB5=8F}^AZj}aj_nhzZcK;Bm0LIf)h_!b5t zkp6yOCB+6l>o+%j)o1<#Oi)_l3z$i=2XP35N-6(%$QYt{hJF68RhOE+v(4uoWrlB^ zQCbQEezysg;iw<4W%X5E;oNTVfaF3d9QDdIYHdaih5rNi2`8azr(j2mvif((oMV^eEwr9 z*5|*o+802y&;MTExs>7_knQmK9@)W3&VJnI+wVI&hxn$QJALPH%AfM63UhO>Z=rc{ zJ>uTMd0fg$N=yEc{^e1!W5l)!jyzda1xEf$Dm7d@H#397iklFp_bB0Lyz@aO8fz)us zmU0b9dU?^7_$SDFxv}rM!RYhN^Bd0&K;PYTO&xTg53iTeCbdi1oy6~@h#xi`z|jf)4y{grSqG3 z>+3YJKQwMcDmX2#4{z)B8J{Wfp@mPO=`h)))XW!Y^F252Qlt1D-_YvJy2g!Y%?=Eq zRjN-=?|@lqiMl;$zRHYc%Z7F|Ol%z*YPc-6Y#Dap8O9hFlRX_VkcnG>tKHIs8u%~n z9pYIc=zum5vWNP!7t*##+4?#+7tuxh&++CgKwJOlo4qKo{h`XTz%gF7m>VlL1^YZ! zNxX2gOKVj_$)A;11tJwCJ8^2GK`k9i#R=b&XyR8<8E&m=Drv<#i4V$f;U>f8s^AAo znyYGWGs9J(_mzgLR=(F4u4*{q4_7t5r)+c8NyFS)QeM>@VBZ$;cr*f zHa}SvY<`LqD7j_YXen3eSGeT}`RRpvw*G~ioC@RF!Y0lUvk!hCzMIldWnZ#mA8f7a z&{~-;Tot^rBwST{*c_<}o(NY3{z^vt2c0Yno9yLVEL&*LX#x-Ys{KD0HMw7SDIPVA z()VLoGsY&JgZvFbiD_O6YUR>YZ!P(8T5L4I7MUcy%7Nam$v0ighh)Q9JjF#{{$=f% z5xnwYq8|fHJg%)C4!7{KNxVxU&*<6A)(i%F;BtToov_z5wFg^U=#g)(AE{UP4o^YK zRc=pSJ35A4t9#O8Hh(gNcrB+O#J*Xz4~Z*_Q7YdJW%1Wl(ff_;eb?UCjJjS0iZq!# zD2Ls8%EyT$L}H}oJmZC0rHejiAXMyeKgYnIS(Q)Zb`IhVvSSDM1|-HatJzam`bv7oHM9&+rwv#T3eLFUAO+KS2^3rFUkCN4vIXM%JyB{KQ5pZViu^f}Y0R3$3=h zyyCAOL#H*%eJiwKC!7eat;ed?fB8YH4LI=He|{LOOI@lLrIj-5e!o{lJO5>0!RYB2 zIzAyg;1bqwuezR#xfvY>in}?T`hQ(s zKI=g0lD1#d;lrm;)|`LuY?V@Ze@tG`6WnxArquOo5<}h%DRsWBkZq1dGV7ocEWH0| z6FVJq?Udb0=XrL@Zb9Sxmx(x_IMBo5bdZYbdbwRZ+kPW26?cPeQCyDFghm z%zZhtpZ?KUVvoM0Qq)CqYOrRF=;{Kow3uO&ZBcedCe-x-i5Yllb&*3!P~4+RMrD_=)XY1H+#}C_FDw6R^4urgIVaB(@_baD zza-Csi}PRgUC&893R`}MQe4HQJk_$O#z-}0h4h1xJ|oY=@;p|+=XCiM^8fE1uIEo; z&=(Kz&BHgawqn?e?;h2!l_7(L@Zv^KlpVMQS3&$Z4M*?9{|4GefU{}f0&(h)j=~-R z&@=-LH8JrSXvkwjGtj&ZG?UmdKAk?BK@*&T4{gd0K_{@{yfBXka{s}^OGuxE;;*T+dWTmY$pL!$I;6_pi;L98CeEkZX>CT^%Q>uX{ zX2?Yi3KwtUb7{B&NYf0dwt^-;1I;@@Lu)pUKGy>|IfKRS15LvWoSy*AscHDoGb8l$ zOPxph&yniz44mn?&D;z$3*nN-W}vwMG)HHk34`VY+EVfjh{cfrLL&_n2dq|~wbCO4 z``AxxglMh?&7_?QGoRQULYtA%B5*Qv4W$%AFsBP2lp0ZlM34B`uz?gn*5sd$u)*IN4k#s zoI^uWOoPVE^vI6)_%!l`D#(9@ZJnZg7&M_7Xub{_I%oyeH0VwHFY>Va-xHFilGD%w zL;CToq@fnsGH#?Z6Oj2oGI|o~+AL zNH|u5Pl#)Znxd=A8McC^LD4YfnIaWQC!2VaD$gXV3(w??JpYtuHUSl$>51k6<(cG< zRJ_8YymZPl$sfrmrlDGDFCAI+*fdsE7W*8sA}lt10B;-+W|FMrM~3*Lyi<(<_)~SD zzg@Ff6GuqHcOss2b&j{%V*9~bSd6UUJ(R_=fTyxp{g_kV$w^IvyjnlVs*}@Ll~P;< zniI+zUPs{!bM;i`#HfjT3l9yGYP`OxHv9%4$AAcZsFiV;Q9Aj2Bg=VG-HlXDf)!FK z?-lw`zJ7o>G{mk$FAJ|MBGtW@)b$?9dyfL1sVt6whB%l;9sbY3&wG%aLx4rz^)^A} zi$+akm13h)m9G%uMXjWKc@LGZIAE{>A8K9ogSSy{kv>%VLLXg@(x(qmLLah{e(>5o zjXsp(K_nIS2^F`G>~kF(l3zGJMm&@a9i4T3l+HQOPo=Z+jR!#^e4_{-+2;}s#fq{Z z4{(lpyosQ$H`=li5S8XseJ-!3)7VGdh@$$%M@`;rbAigo1P#gZ>Ow@yK25lusZ0-p zM%V`z1&6ZFL%?UU&%>aZ%09%F*Bx~3Gu55rJnxh*O65IfmoL3ci7T%=)96Dqv=Sin z2^H0cXubuSNmX71u&03>1|o7w{@`SVN&|1P8o*1fSTC-*w+Q4q#`! zA!%BgrlXPlUHD%@4ODS?(9R1BMSl7A!N0NZOij@02cu+r9M03xSpO*EKEJX zlr(rRS>4W^J1L&5QgqY=8btA9DjJI9?dmkXs(j-x_ZE^Rc)I_;8Q(aDgu*wdWc7o$ zWB-ZzkRJ+tbX`Pwwd^D>p0X^sZ?uFd_4G8+oeeY7glngvAsM`_!=y?0DtU?bz$+l~ zyRqR@lov);#mYcF4#)YM z1z0W;%l~i2TTUPi*U$)hcu+vi<4!f&%VDn1(`x;s$bqi`6}62ltmF5*{7UDg%p0c5=>CB zU56^KM!USIOuha?td?_1_3zF2kFBAxMJ2b-sw`GQLs1s1 z>^OCy?A!_(Q7;-0MYi@HyxoA$Pt|Uyd>zGNBUqhgz0iGL&CUCiRf$=VgV)oyNS`?P zQ+XDx%W{3*(MObgp-Q}-PNNUee;l45>{Gm+5)JiTC%6qkLjd~*dDH^8M?DSXxCi-X zAPv=SnmHJvNdO9|wyN^(`xSeGi-VK_W zd^Ham;j3A2!^?0B4&EkAQx<9^`BCr@E6Ib&J?R1_2+}i zvq3e+G+?@72b86|4NwU*L--HDu0z>5hubw2W8!Uzg~wZEXW~ouQ>d0xi#yf*6uJ*W zcR$2^katru?Vx)cR4>Fm4r+hAbwkLI%v9cw+j&=56S5&6- zoo7*||Ar!gas>yKDZQ{xl<9{HVnvW_*oRAD!w{~#WeR|^rZ>Nda^K6L!hgJ7g#p11 zWucG9W@jHgPpVy|``uI3LDG%4tJCO1G<&F(;N?}k9n*E*j8v3E=TK$Z2WY0YcRHO_ zA9on}LXp9Sdf%n`xJl5EWs0rS0_J%?HbdSIQWLO9w3)^Fi$Oe~Np-6aKb|j~8M_6k zLU<GF> z4uQPl{mu;j^Et8)9%|#(0GDFN*Fn>OZ2-bzMDcwf$34j306A$R%Bq4hX}Ar}M|pM* zW!1xg-jW(8B}_LPeF!w7#*sz!n#o%~bTPuJdh3TrRtEB;NfyU*#M4>qA7PC?_`TqR z0I1bLc~$lie8@g0;D1*t5`KQm>?3D4v}aK0bCX971(atVw{5sor;&G;=w<9PwOW1C z*pM@xgI1zvdK=Cqnr+JKl*L3UvRI2_QmN}(W-&STd(yUsK8{lL^kv%`)Fx0*<~_)x zj?G|=Gmz6hnbTrzIB~2aYhaMT`${fi4Umurxg1E-c409pX{>($IVzD7M&AX<;){kS zFi3FtTn(DTphZTwe_%HwkQ1=3Lo-f%dR19~klg@;?QkO>0CL=ed;~~tr<>+JAScmK ziIya{VVqd8W45eZ!v@}4h0s)RU*++ir&M?tz-fQJ4rKBgH}W`;25jzjXnqWYCEdsi zKtla)JZJHEz=Ov4=eI6i_}! zrVusmL7?dHT!-olY>OFNw0c40yf2u>5Ani?k!*T|^(ku<;bPl|(~x~ux-=1&%05RC z5l_8yvzmuS*Y z&PqD1UwAlg*riE-M3dg2Nq=@$(rY#8^hFboKIGx~WgPQbHvyxt^N#CSNzgv^;*QCETE9n7E`g%?J9h&sl(TpG=)l)U! z8K7Q|BZaNjH1)kylfFumPID0{OSBRjf2~Om%t|`3^>E%$r%6AeNq{+uSgc2?3~)1=pE(rF#iW1o#b(xiuGCH+-RdZi{kt4V)ClfH6R(obp9 zOEu{On)DNz^oChUe?^o2ItDf#JFnlRN&ku_y>V93U)H3*s!8wGq<>bE-ZU%eFKN5pmBY30P5_exEAwCY0`7ElKvG< z`W>2dTDS99VtJ?52ucvjNsZl72B5l#9_nsmP= z{iaz-e^8U2*Q7tKNq?o()>+oL*-5`&lb+S2KdDK7UXy-wR(ZcmlisaKe^`@#mn|Jp z>^E3tIL4)iFh3>4dkpuF&LEsI`?vHNHu9A_Bfm)q|Y-bF*t$icr*4n zs!FFwxhwlTZQEz1ONzKu_BmzSrw$R?vXxjzn!!E^%4tUWMlpS)ZwMO7`#F&1CDijC z&}rm4(&^;=bvy6G$9t%}(>q#(Z;)RgLBYY-k+2tnVv5}xCGr&c#NGeITNa&r7rHasR{OupZ*fJU=n5&OusxKbEL z)UP5m^6o&$w&B$4;e9jM@aM>BNanrRS{&u?RnQz&H1@1kq#|pa1Pw@BhqA_TU}S^o zta0o#Y7^~95Y|9-C^(cyHJ*kwj?G{VdX4@ml~Zpev8B!h4RzeYGrcv1@~T=J!H4or z3B1gdeNG@o*vHEUu)Q*HI`&y=+Xoi~hq6!Hw$IcxZgK|uyq&VLXX@65L|+6NS~Z%< zK7!Bm_94%DE9^rxMflIu_StnB_6cF<)pRXV59NIZ`}Bb(bQ<;%e5SY0D3MqjeG3UM1!-jSf-P<7`NaN!#T1PI!9g)Mj$cC4YDG#!~ z6;|*d8}EiQOGH|1rLx$YlK!kF{b^15dQJK*n)HTQNqezzw5brgm-@0;Et=?`hr z4{Fk%*QCFOTHv*Oeq56tSJMCE>*@NZ zl^+&+3P7$B=TUum=}b*?(Mk{qnhNC5d#JwK&exl&O-D4VwrWpeB8lCjIcNq-QnhHJbFiCVi16{iaz-r+3D9YSV^F zO?p<7{_m=lu*d30XC-|=lU}MxAJC-#LX&>itfcp8(qC6Cq#8@C-=#_az9#+HtfcSK zq`#_3@7AP0qDg;nR?>Sl>91(gW194bH0j4@CB0jd{*orWRg+FDX3|&XnC&aGk{;Kj zKd(vOq)9($OIPD?henOVU3{d5CzOVePa$SRE-lf+b;FwL0cCRL_I-sGdkBz9T6sZqg6#aXop8y-{oC}e$Iq5o{mYh&!$ zNq=0E{;(#!Mw5PxBVE4x@jmny+MBZQmN@kSsDl-Z2@ONV=X(E%{!DI5D~`6s3}mNZ z{fB7o0nJL}i(-qt9gb)|1DZT&@CTYo`cJUucmy=h?hz8Ed&A7JY3Am5_ejdZn?`7L zjXW8JgyXy5JSkHN!WCngJx1n7M#BcgbrG#7syEVLnAD@k2;{I|-(yRkb6W9vr*jLH#6N$Zril$561QPmyJ-e0= z6tjc8N76XbKMJJ5V~zWP+zn-&viJf|6>{;RZ^e=?JDgtzLi_riy#F4EYO$q#2Jl5k z56vPxMe!gIvJGhPE);qnB=K-8e<^5=L1D-8R{~M{WQ0|(2GZ;Cv1@_QO1Y!YK_DSd z3EmFmeos#C1LDoa7l1tCq4@@oQyzVO0)!5s^Kg1Nl{>(g*oUS{=kGv6x;U19o%ne4 znTvhICp?_j0il&8CshoHdiQJz8%}27(I9|jogLbHKyw_Rv?|_wVzqa(CL6&8I|Q2D z9*f-qgbqj6T|jC)dH({CZV&Pl5O2G2iuicEE`X34vyo1CmJ`ScPu^DpsX-AtUUvzQ zMvrH<18IWWIiAo9q|cL!At1*g!O6v5AiY2wPq+z)nmY)6J_%%{hvxG@)E#F*^KBp@ zFma?$0%@>wk?bEGquEcBr!45DjK@7?dI1neAIloZX7PPyI-J^cDQLV%ocMThng$XF z5osqhyb;JzTOUe)JLl8n;!Jl%4tw-DPBh4gBmLVz>Lk|^mXbau_E{-^ei1ZHpmD76 zGLTK468sk+InX#|QHCByjZTHm)j+;t%fbb#1G3)3XAKa?$MDt{eAaM~t@PNr6Erb9 zRU(^CljNMoV%LC%+(77T$uG1V1L$Zt3L5eh`UwpW0XZc@0=X5)Qd<_H*j+$QdSpES zBnxuKpT7!(4hMM}h`Qs$TgVLc%MGA$q*J~dY@Im+JljnQi(C*g4@d}S(oSf2K9E|3 z96lETY4Z3+4-hq%5vk}o^1G2rScATDp3I`}PPyBb>p?@_>sahVKQfpR7jN>nX1d#+v z%DkT>SvF^)c@c;+hJ>sPjkUZU{t9Tw6b_#fJo^{-*bpC5XJY@Dvd?lLbskx3fSdp; z(oSgD0^}x}4>svs?t~`~mXMh~{SmS3v)c#(PuYUn@60#^HkN}=kK5XX{Fk1>_y)A1n zH<3>P4cYqeatG7|)XCQxq(ZT~Msb$|*<|xU6uT10lO7}q=&Tf<&pjx5L8~5KGks4lb*6z2IMGckP)d*BRMk;$6MkWk_6J{;gbgv^dPqa zQSX-^?r24T#Bp}=^;t^gK^_Nk%v0{q0?B&v^$$RH*_O9PNBBf#i^m#ofX3;m#Y_hM zmxpHl63BvdC+{19P{_%97Z5reIc&O6GK*V zEIBfSuiwdFW@KW|z$EIDCL0o!Y}LmZ<>v_F5I0O; zBiuqCvc`Tad?wLK@edEmSD@9^kEI85`LTL>3Hm-Blf~Dt$42wk;OJNiQu%Y$Q;;1P zISs1uiP4#;q$d;#v#bn#Ptu}qU8CzNstVpkZqXOEG5Hz+?Eu1sgt8$oNUjE)8g+ZL zWAk<^+L7oE$6{7%q`7Ca)gJEN66xv^_Jc(FbfcC~wpv*F!1obE$$E`v4UF!~WCv2o zu>q`5nv21DaO({ z%)+TN0E6M=*dBVlBrgc+y_5Y}s!HFW|DxfGs1mdv2dQEoAw?-@^zwc{PJkukD_puzaw{RLdB zxT{I({O&RO(5)ubhtaPpwN$qZAcu|&1!<-Bl0j9751pOhJ_=(zLLA&AI^?EE9>4CGO{ve)qd zaS?X`_*F|n_^}9}iGXV{o5o6I)5#I^l$O=(sF%Y`8xsb676>a*d*R0x03snRrNrTh zY@X_l$WCT$zYCX_xzT+ah)f2vZiTUeBH@9|;Gn$hU#s{H*!<9{rxdAt48=<2(8i)2 z$LftW+|T>x`n3#K{3(@jJ#q~jw+X3vkk45VBiw4>&s>lXCh_=%l^N}~1}8>ROteTt zX>!LYzeGKKwB4vp#{zBMbkQ_MvG|=sIhvLM*N4P4H{nAF`IT{0K5NQ>8P#|vmXnHa zau;VQ;=KK(B?d)wPqLm5(`ekq_x(FTzQx}O@;JOn}J=#LM-j5a?|M7Y8k#u(5S}O^IiWZd~Q5Rp=LbnB3t*(AraFIh<89>GDw^9>h z=%@AzH;@s0s2Ck@ZEi`#(#e751Nn4hKTAyaEq1P?TwGS{?T?;A7aB8ii}4;+%o)%! z;N#!uV5BMOjM1lMIn6nY5lfEe(QVQQz&*!srUhtk@>Xt~fBszxK`&oyT4K*P#5z4S z*vS;?7W&FeYMdKw93L0AMh8h1xFRhoqltFbNW#K^}+cqMX?P&EgR7JW+w`T^@EpRGw3~Fnv7Hd40PGtr&DSPSwbm{@5 z7;##b@}Ax4WX|n`#MM(JY-@O?hD64f5g<&j;(i$0FoI)-4fdf5|VRi?Ru{GvtJ zTf`ZKy>nE!$bONGD^;CZ>`dELdoV+xosQ{*1Lx#&HFqpjx6yG|J&RC(s#T}y=Iu&% zxmHcZ>seTk`rDJ3aXC%F(0FKM7~@Y~yJc&KmV-O_SUNdAia{SWjhG0~oSq6!uKep} zLc195w)4du%++72v~;(6Iy+G_LuoPA5c4WKZ)*KPmSifY3X}IM?usoJPm47wn0%)B z$^`e*k9*zT-{$M;gZ3NLheYfp=;OyHd*I}0qb z%*0K+f({QomMl}%{&bJpjgnK^v=9obXNFvcv!1-Z1!gyFCes+RFr5z4MyP?LE^aLMk+j1L+*qLq3ERCX(F|$#l)(hIyasX#@nh zHpme${;N)kS2}NhEO+$?(&LJGy#S50Y{sN}rR=LUq zgh&QcG}>Gb`be2)A;R1JxW_KS>+>$Jcg8VjSdy**0kQUWodsg-oXR`*(o@xj09PIq zf$h{~69OhB-XrRL1BDhP?wzTBZ_f*WUG3VXJ}xADWV6HcfS&xh|)w z#demx{Rek8u87Dqnr432y`c4UH6qTi$TJ`-nAD+4bH5jzm3y3tB>^l2T7%i-5Dj}B zz3jHZfq1@E5zwGu_nz_m9&4B;kp+#TY*>Z6tFhef=m@IM2<`=75Hgf-)D(_+y z+daNVp-NAoo(86ya=J=m$|*vWiLIe(9EWvOeh2^m0{uW0C-6A;AfRb-eZ_c5oVdckgc2!A^|rguhaAy?bLXS?@LX z-c9U4%7(-Qq_~E*DMhLkkcx!VT5aI9RDI|J>O)(pJW#0*REnxr$^+%0f`?}NefMYA zUXieNA1b8G=-in(bN=ScnVGXr{`ALJt^K=eicy0^R3D$vvltBz zrbn}?l{2(>I-`-eFP%NE8D?6~_NkLzFP$AspV5G@n{-xDEsogqs@c(;I;xp5!_bXB z%``C>(8l#swn&P7RGU)LM!%s?XofY_lQk_hlj+k_n%j*{YRR0X4QkKlv}{rfCoO1) z{i!rN9{RYNNvEI?a#FdZ)uTjp)9T5B1`}s&WyBET>8y=&<$Ij&u*3sVNf=!8hIuSI zksHaR&9S&PSWlr%qXAzJgrasaRr8Q_|*1AjT)GaB^JRY5L>3KB5}_U~`M#wO*x1{Z9v< z=~J`06Kaw>Z;;yGYo(f9E4?iZwzRdms3>;pg>WRQDA7nb(6KMt9tbJHP#_$OwqO_v z?hEhRAC4%ovn~TesifXTy5R(Snp=)dj2dbRVY*Oods}FKAhfqF9@rm>?+Zktk-foS zOC%hMD`#EbcrNN!4aDzI+RA8(W+sjF1eXREOk~ulUhR~YLCk4MOE;#5!FM-XCW zcw%BuQ;plrvuTMU`w+$i6fEACdY~a zT-@GbrzeFY(XU!#3tZY34+cW<*4DuOj=hmUT#2+rJK)ezd+=<}k-?#GZ?Dob;GS*Q zWOuQ2wL391HK7e!s$sEXA4vBa=+)KKQ6r@phYUS8p=c9YHifg6)=Zn6BKlR+Jgpn4 zXwJ0sacA|mJUwS5wIS6Q)ewCa8B@f&8(6v`yq-GgoEk?2w%(4=J}s428KFI?Ue&Zb zXGhhMbXK#D>lxfmz3PaTi7J7CqkaDE!R>=8PeF519qBXE+=PURlZkftsJ+=H$A|+f z=yh7XPMg;WMQ|4wQ@E+ro}``)r^dY#RlILpZ`xD+YVsuRuc(3ZkNC~NW5qBkc7~nU zQ?wImE@J`B1B7)VpvP&R=`aq32M)!CuxtG`a?ti8sBvNR>PZ!mIiTwnBEi;Nia+N< zF{TE`bi=~Mn9!}0+7zuH=BEc6Fp0U-(ec#dCn3)bg8|KSG$2x(Q{Z8GQVULqhg3jT zIyWA+C&g!9*2zk#2Gk%Ms7KyVjdqpPq0jFMd^xTH#bT((xCZmYuR@RQY8M)TuSKl~ zwhrw^;MW1_0BZp20mOMgKH|MO&XeAu^VxjlC2lih*TKpf@jst+a;#Y#YgyZU+`BmU1)Vs1bLf2Z%5kvi?tHT_1Z2+vd`zvjIoTF?<-@2kN zNK5;u&$H95M4z&CoFot$5S_>^@=FzT4`zqQ^XkSOW8SQ&$splGme+z9RU{Qv_`*uV% zHQ+gaH{hl@iDuX|t6Um86LI;7bLE1{k=2aW%`DQUU-cVqE~cgY7Bh-*)i~+bPxy;j zjmyX1Ha%HO%XBiYab)cT?uAe|-rg2&Zw-V(ZAfcc+e3klw)R+{B^->#;=x!X)Dk=^ z(hb`D=8G5qy!Df+g?;)t1z<~`aJ}@|xS6(eJ!AS?nu9ID(mbYaS^5T}aT3@cv=6(~ zE2^rBr-*Z<5ebx`*G<3c7o;RE&vKf(uv_;?Pm$Gs{=)fxoNt&eBEF_`O!9J0UUt7C z`_Vfu7rut8H0|jBmfS1bWtY5Ans9rLJ(JUaoql`vqqh#smJ=MoHhp~0r6*_Q{R{uh z*KfK0MdU^~&8@~&4ElUl^ji_#V(wuXl4Fn{0!x-rj$p@+k}q#Fzf5cFUWK1+Qoe&C zzka#$UEJ;J@#U+im$0PLBCQgVebOP1$N>pTo9vZ#L_w!~yCOMvA^N!cO|ldFzqt4j ziQM_0{zTsT=&i+b-e`C6#CVvcwVwZIgJ14LF0oy9$OB(#Pq}2z&$O}omAZ?+n0b44 z;?0lWyp_G>GI*}N%C~=U-GFy`Q?WMU=53S*Q3G~umS#CvR^zxy5_UZ-i)+91%VP`b zak*I?7O$po*Oh8oN_9d?^|YLpDbzD|eNkSNvv!>puf8g*uPvyTeuQOYs zDIb5;T0QOS^6T>(a9c4iWA0mvSaEXn)p*U<;ssxiXxWGtyB7EcWMOy87TGEfVeIsp zWe=jI3vXLkA`%rvVu+wa?(AWk?@{TMKH#^4H;iZ*u&K7lAfm-5kINJCq&y{0%Xj1% z`7Z3J1=XGMtf(>~N!$RMoUr*vWlWxvlhPs?8OQANVu&f0!fi67w?KG~YDWeTDp(pCe6a7JReS z=Ms?UyIg&)08I%{Q&M3rF-L8ME7j*%3v*tzbkzg22C>#&iP_ITeyNXVXcXo{483`+p7mBc%jvInNWV; zl#iLg^N!)Y60q+R-XDkUyW%+RffUaCgnhox*ynoMKF62J#oQkMpFDtk0q4TWH>=Us z0GRVL->(BO-)COUe3&^u^L^&}%vteI0JtxlT%UP<1K7UVtBPAK-q#cEAq61Ary~`S_kc2zUsGjY+#g#{MP;!f0j6-1>Zb_1*JRD)pa_SQJ(9(7TZCGFR^S8pRJ!UOgk!N?_!Xn z6!jl`U)l3N=&ysUO7(9At+ImJdEN%`rj6Tg9DUz|T{wXqF>H*5+fxVT=4F?=es2$M zPFb4a@7PbPoblb^&y+op--J^<2+Jt=dywsa{@$;2{d+*mGse=L_Q@RsBj$QA(9vwUIv)Jxsc)&Y z%h(^{?}fjJ?OMhi=$(J>|6Vv!Z~g7WG;=DJqW?Qvl@F9)*fI-oo8 zQdcUxC$coJmkjmvGcT`H|6`!#8D!zT#oUShqe;BS8OuD+bpS8__wwBG{Ga&$Q1R{Z Ijr72O0U%n@r~m)} literal 0 HcmV?d00001 diff --git a/tests/recipes/01_sign_pem b/tests/recipes/01_sign_pem deleted file mode 100644 index 06ad8fe..0000000 --- a/tests/recipes/01_sign_pem +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# Sign a file with a certificate and a private key in the PEM format. -# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=1 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/02_sign_pass b/tests/recipes/02_sign_pass deleted file mode 100644 index 61121a6..0000000 --- a/tests/recipes/02_sign_pass +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# Sign a file with an encrypted private key in the PEM format. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=2 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/03_sign_der b/tests/recipes/03_sign_der deleted file mode 100644 index e066ea8..0000000 --- a/tests/recipes/03_sign_der +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Sign a file with an encrypted private key in the DER format. -# Requires OpenSSL 1.0.0 or later - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=3 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with an encrypted private key in the DER format" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -pass passme \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/04_sign_spc_pvk b/tests/recipes/04_sign_spc_pvk deleted file mode 100644 index 2dac29b..0000000 --- a/tests/recipes/04_sign_spc_pvk +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Sign a file with a certificate in the SPC format -# and a private key in the Microsoft Private Key (PVK) format. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=4 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ - -pass passme \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/05_sign_pkcs12 b/tests/recipes/05_sign_pkcs12 deleted file mode 100644 index 8d98c9f..0000000 --- a/tests/recipes/05_sign_pkcs12 +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# Sign a file with a certificate and a key stored in a PKCS#12 container. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=5 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -pass passme \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/06_test_sha256sum b/tests/recipes/06_test_sha256sum deleted file mode 100644 index d2b88a8..0000000 --- a/tests/recipes/06_test_sha256sum +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# Checking SHA256 message digests for 01x-05x tests - -. $(dirname $0)/../test_library -script_path=$(pwd) -result=0 -test_nr=6 - -for file in ${script_path}/../logs/sha256sum/*.* - do - name="${file##*/}" - case $name in - "cat.log") filetype=CAT; format_nr=1 ;; - "msi.log") filetype=MSI; format_nr=2 ;; - "ex_.log") filetype=CAB; format_nr=3 ;; - "exe.log") filetype=PE; format_nr=4 ;; - "ps1.log") filetype=TXT; format_nr=5 ;; - esac - - number="$test_nr$format_nr" - test_name="Checking SHA256 message digests for a $filetype file test" - printf "\n%03d. %s\n" "$number" "$test_name" - - if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - result=1 - cat "sha256sum/$name" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum/$name" - test_result "$result" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/07_sign_timestamp b/tests/recipes/07_sign_timestamp deleted file mode 100644 index 2428bc8..0000000 --- a/tests/recipes/07_sign_timestamp +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -# Sign a file with Authenticode timestamping - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=7 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with Authenticode timestamping" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Sign a file with Authenticode timestamping" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/08_sign_rfc3161 b/tests/recipes/08_sign_rfc3161 deleted file mode 100644 index d004a02..0000000 --- a/tests/recipes/08_sign_rfc3161 +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -# Sign a file with RFC 3161 timestamping -# An RFC3161 timestamp server provides an essential function in protecting -# data records for the long-term. It provides proof that the data existed -# at a particular moment in time and that it has not changed, even by -# a single binary bit, since it was notarized and time-stamped. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=8 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with RFC 3161 timestamping" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Sign a file with RFC 3161 timestamping" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/09_sign_page_hashes b/tests/recipes/09_sign_page_hashes deleted file mode 100644 index d99881d..0000000 --- a/tests/recipes/09_sign_page_hashes +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# Generate page hashes for a file - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=9 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "exe") filetype=PE; format_nr=4 ;; - *) continue ;; # Warning: -ph option is only valid for PE files - esac - - number="$test_nr$format_nr" - test_name="Generate page hashes for a $filetype file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 -ph \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/10_sign_blob b/tests/recipes/10_sign_blob deleted file mode 100644 index 6265b38..0000000 --- a/tests/recipes/10_sign_blob +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# Sign a file with addUnauthenticatedBlob. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=10 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with addUnauthenticatedBlob" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/11_sign_nest b/tests/recipes/11_sign_nest deleted file mode 100644 index 4b2d94e..0000000 --- a/tests/recipes/11_sign_nest +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# Sign a file twice with the "nest" flag in the second time -# in order to add the new signature instead of replacing the first one. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=11 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Warning: CAT files do not support nesting - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Warning: TXT files do not support nesting - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with the nest flag" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode sign -h sha512 \ - -nest \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/12_sign_readpass_pem b/tests/recipes/12_sign_readpass_pem deleted file mode 100644 index 94f73c1..0000000 --- a/tests/recipes/12_sign_readpass_pem +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Sign a file with a PEM key and a password read from password.txt file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=12 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/13_sign_readpass_pkcs12 b/tests/recipes/13_sign_readpass_pkcs12 deleted file mode 100644 index f958cf6..0000000 --- a/tests/recipes/13_sign_readpass_pkcs12 +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Sign a file with the certificate and key stored in a PKCS#12 container -# and a password read from password.txt file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=13 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/14_sign_descryption b/tests/recipes/14_sign_descryption deleted file mode 100644 index a5e256f..0000000 --- a/tests/recipes/14_sign_descryption +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# Sign a file with a descryption. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=14 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with a descryption" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -n "DESCRYPTION_TEXT" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/15_sign_url b/tests/recipes/15_sign_url deleted file mode 100644 index 31a2f0f..0000000 --- a/tests/recipes/15_sign_url +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Sign a file with specified URL for expanded description of the signed content -# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=15 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with specified URL" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -i "https://www.osslsigncode.com/" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/16_sign_comm b/tests/recipes/16_sign_comm deleted file mode 100644 index 4b2d150..0000000 --- a/tests/recipes/16_sign_comm +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID -# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11" -# changes default Microsoft Individual Code Signing: -# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15" -# sets Microsoft Commercial Code Signing: -# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16" - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=16 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with the common purpose set" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -comm \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/17_sign_crosscertfile b/tests/recipes/17_sign_crosscertfile deleted file mode 100644 index 0476311..0000000 --- a/tests/recipes/17_sign_crosscertfile +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# Add an additional certificate to the signature block of the file. -# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps -# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=17 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Add an additional certificate to the signature block of a $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -ac "${script_path}/../certs/crosscert.pem" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/21_sign_hash_md5 b/tests/recipes/21_sign_hash_md5 deleted file mode 100644 index 8c56c10..0000000 --- a/tests/recipes/21_sign_hash_md5 +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Sign a file with MD5 set of cryptographic hash functions. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=21 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h md5 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "MD5" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/22_sign_hash_sha1 b/tests/recipes/22_sign_hash_sha1 deleted file mode 100644 index 7c89f68..0000000 --- a/tests/recipes/22_sign_hash_sha1 +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Sign a file with SHA1 set of cryptographic hash functions. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=22 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha1 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/23_sign_hash_sha2 b/tests/recipes/23_sign_hash_sha2 deleted file mode 100644 index 1242c7d..0000000 --- a/tests/recipes/23_sign_hash_sha2 +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Signing a file with SHA2 set of cryptographic hash functions. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=23 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha2 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/24_sign_hash_sha384 b/tests/recipes/24_sign_hash_sha384 deleted file mode 100644 index 38fd7dd..0000000 --- a/tests/recipes/24_sign_hash_sha384 +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Sign a file with SHA384 set of cryptographic hash functions. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=24 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha384 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/25_sign_hash_sha512 b/tests/recipes/25_sign_hash_sha512 deleted file mode 100644 index b267ca4..0000000 --- a/tests/recipes/25_sign_hash_sha512 +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Sign a file with SHA512 set of cryptographic hash functions. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=25 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/26_extract_signature_pem b/tests/recipes/26_extract_signature_pem deleted file mode 100644 index a47a03b..0000000 --- a/tests/recipes/26_extract_signature_pem +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# Extract the signature in the PEM format. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=26 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Extract the PEM signature from the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - ../../osslsigncode extract-signature \ - -pem \ - -in "test_$number.$ext" -out "sign_$format_nr.pem" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/27_extract_signature_der b/tests/recipes/27_extract_signature_der deleted file mode 100644 index 216429a..0000000 --- a/tests/recipes/27_extract_signature_der +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Extract the signature in the DER format. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=27 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Extract the DER signature from the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - ../../osslsigncode extract-signature\ - -in "test_$number.$ext" -out "sign_$format_nr.der" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/31_attach_signature_der b/tests/recipes/31_attach_signature_der deleted file mode 100644 index afcad70..0000000 --- a/tests/recipes/31_attach_signature_der +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# Attach the DER signature to the file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=31 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Attach the DER signature to the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode attach-signature \ - -sigin "sign_$format_nr.der" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$result" -ne 0; then - cp "sign_$format_nr.der" "sign_$number.der" - fi - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/32_attach_signature_pem b/tests/recipes/32_attach_signature_pem deleted file mode 100644 index 7d34603..0000000 --- a/tests/recipes/32_attach_signature_pem +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# Attach the PEM signature to the file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=32 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Attach the PEM signature to the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode attach-signature \ - -sigin "sign_$format_nr.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$result" -ne 0; then - cp "sign_$format_nr.der" "sign_$number.der" - fi - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/33_attach_signed b/tests/recipes/33_attach_signed deleted file mode 100644 index 2e0147e..0000000 --- a/tests/recipes/33_attach_signed +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# Attach the signature to the signed file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=33 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Attach the PEM signature to the signed $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode attach-signature \ - -sigin "sign_$format_nr.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/34_attach_nest b/tests/recipes/34_attach_nest deleted file mode 100644 index 87052cb..0000000 --- a/tests/recipes/34_attach_nest +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# Attach the signature to the signed file with the "nest" flag in order to -# attach the new signature instead of replacing the first one. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=34 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Warning: CAT files do not support nesting - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Warning: TXT files do not support nesting - esac - - number="$test_nr$format_nr" - test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode attach-signature \ - -sigin "sign_$format_nr.pem" \ - -nest \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/35_remove_signature b/tests/recipes/35_remove_signature deleted file mode 100644 index 8d8a063..0000000 --- a/tests/recipes/35_remove_signature +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# Remove the signature from the file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=35 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Unsupported command - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Remove the signature from the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode remove-signature \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/36_varia_sha256sum b/tests/recipes/36_varia_sha256sum deleted file mode 100644 index e24988d..0000000 --- a/tests/recipes/36_varia_sha256sum +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# Checking SHA256 message digests for "extract" and "attach" tests. - -. $(dirname $0)/../test_library -script_path=$(pwd) -result=0 -test_nr=36 - -for file in ${script_path}/../logs/sha256sum/*.* - do - name="${file##*/}" - case $name in - "cat.log") filetype=CAT; format_nr=1 ;; - "msi.log") filetype=MSI; format_nr=2 ;; - "ex_.log") filetype=CAB; format_nr=3 ;; - "exe.log") filetype=PE; format_nr=4 ;; - "ps1.log") filetype=TXT; format_nr=5 ;; - esac - - number="$test_nr$format_nr" - test_name="Checking SHA256 message digests for a $filetype file test" - printf "\n%03d. %s\n" "$number" "$test_name" - - if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - result=1 - cat "sha256sum/$name" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum/$name" - test_result "$result" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/37_add_signature_timestamp b/tests/recipes/37_add_signature_timestamp deleted file mode 100644 index 06c392b..0000000 --- a/tests/recipes/37_add_signature_timestamp +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# Add an authenticode timestamp to the signed file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=37 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Add an authenticode timestamp to the $filetype$desc signed file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode add \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Add an authenticode timestamp to the signed file" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/38_add_signature_rfc3161 b/tests/recipes/38_add_signature_rfc3161 deleted file mode 100644 index 1cdbb55..0000000 --- a/tests/recipes/38_add_signature_rfc3161 +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# Add a RFC 3161 timestamp to the signed file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=38 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode add \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Add a RFC 3161 timestamp to the signed file" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/39_add_signature_blob b/tests/recipes/39_add_signature_blob deleted file mode 100644 index d8e1fed..0000000 --- a/tests/recipes/39_add_signature_blob +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# Add an unauthenticated blob to the signed file. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=39 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Add an unauthenticated blob to the $filetype$desc signed file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "signed_$number.$ext" - ../../osslsigncode add \ - -addUnauthenticatedBlob \ - -in "signed_$number.$ext" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/40_verify_leaf_hash b/tests/recipes/40_verify_leaf_hash deleted file mode 100644 index b3e9dda..0000000 --- a/tests/recipes/40_verify_leaf_hash +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# Compare the leaf certificate hash against specified SHA256 message digest for the file - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=40 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/41_sign_add_msi_dse b/tests/recipes/41_sign_add_msi_dse deleted file mode 100644 index 5b7be24..0000000 --- a/tests/recipes/41_sign_add_msi_dse +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# Sign a MSI file with the add-msi-dse option. -# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used -# when signing MSI files. In addition to file content, it also hashes some file metadata, -# specifically file names, file sizes, creation times and modification times. -# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=41 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files - "msi") filetype=MSI; format_nr=2 ;; - "ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files - "exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files - "ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with the add-msi-dse option" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -add-msi-dse \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/42_sign_jp_low b/tests/recipes/42_sign_jp_low deleted file mode 100644 index 12f7192..0000000 --- a/tests/recipes/42_sign_jp_low +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files -# https://support.microsoft.com/en-us/help/193877 - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=42 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Warning: -jp option is only valid for CAB files - "msi") continue;; # Warning: -jp option is only valid for CAB files - "ex_") filetype=CAB; format_nr=3 ;; - "exe") continue;; # Warning: -jp option is only valid for CAB files - "ps1") continue;; # Warning: -jp option is only valid for CAB files - esac - - number="$test_nr$format_nr" - test_name="Sign a $filetype$desc file with the jp low option" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -jp low \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/45_verify_fake_pe b/tests/recipes/45_verify_fake_pe deleted file mode 100644 index 3c329c8..0000000 --- a/tests/recipes/45_verify_fake_pe +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# Verify changed file after signing. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=45 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Test is not supported for non-PE files - "msi") continue;; # Test is not supported for non-PE files - "ex_") continue;; # Test is not supported for non-PE files - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Test is not supported for non-PE files - esac - - number="$test_nr$format_nr" - test_name="Verify changed $filetype$desc file after signing" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Hello world!" "MODIFY" - test_result "$?" "$number" "$test_name" - done - -exit 0 diff --git a/tests/recipes/46_verify_timestamp b/tests/recipes/46_verify_timestamp deleted file mode 100644 index 0279b30..0000000 --- a/tests/recipes/46_verify_timestamp +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# Verify changed file after signing with Authenticode timestamping. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=46 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Test is not supported for non-PE files - "msi") continue;; # Test is not supported for non-PE files - "ex_") continue;; # Test is not supported for non-PE files - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Test is not supported for non-PE files - esac - - number="$test_nr$format_nr" - test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Hello world!" "MODIFY" - test_result "$?" "$number" "$test_name" - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify changed file after signing with Authenticode timestamping" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/47_verify_rfc3161 b/tests/recipes/47_verify_rfc3161 deleted file mode 100755 index fb4daa9..0000000 --- a/tests/recipes/47_verify_rfc3161 +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# Verify changed file after signing with RFC 3161 timestamping. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=47 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Test is not supported for non-PE files - "msi") continue;; # Test is not supported for non-PE files - "ex_") continue;; # Test is not supported for non-PE files - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Test is not supported for non-PE files - esac - - number="$test_nr$format_nr" - test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "Hello world!" "MODIFY" - test_result "$?" "$number" "$test_name" - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify changed file after signing with RFC 3161 timestamping" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/51_verify_time b/tests/recipes/51_verify_time deleted file mode 100644 index 8d17ce6..0000000 --- a/tests/recipes/51_verify_time +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Verify a file signed after the cert has been expired. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=51 - -for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Verify $filetype$desc file signed after the cert has been expired" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - -exit 0 diff --git a/tests/recipes/52_verify_timestamp b/tests/recipes/52_verify_timestamp deleted file mode 100644 index f8ecc57..0000000 --- a/tests/recipes/52_verify_timestamp +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# Verify a file signed with Authenticode timestamping after the cert has been expired. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=52 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify a file signed with Authenticode after the cert has been expired" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/53_verify_rfc3161 b/tests/recipes/53_verify_rfc3161 deleted file mode 100644 index 1a75992..0000000 --- a/tests/recipes/53_verify_rfc3161 +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# Verify a file signed with RFC3161 timestamping after the cert has been expired. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=53 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify a file signed with RFC3161 after the cert has been expired" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/54_verify_expired b/tests/recipes/54_verify_expired deleted file mode 100644 index 1d315ae..0000000 --- a/tests/recipes/54_verify_expired +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# Verify a file signed with the expired cert. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=54 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Verify a $filetype$desc file signed with the expired cert" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify a file signed with the expired cert" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/55_verify_revoked b/tests/recipes/55_verify_revoked deleted file mode 100644 index 526af24..0000000 --- a/tests/recipes/55_verify_revoked +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# Verify a file signed with the revoked cert. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=55 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") filetype=CAT; format_nr=1 ;; - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") - filetype=TXT - if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then - format_nr=5 - desc=" UTF-16LE(BOM)" - elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then - format_nr=6 - desc=" UTF-8(BOM)" - else - format_nr=7 - desc=" UTF-8" - fi ;; - esac - - number="$test_nr$format_nr" - test_name="Verify a $filetype$desc file signed with the revoked cert" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "notsigned/$name" -out "test_$number.$ext" - result=$? - - if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then - printf "%s\n" "Compare file prefix failed" - test_result "1" "$number" "$test_name" - else - verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - fi - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify a file signed with the revoked cert" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/recipes/56_verify_multiple b/tests/recipes/56_verify_multiple deleted file mode 100644 index 745b947..0000000 --- a/tests/recipes/56_verify_multiple +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# Verify a file signed with the multiple signature. - -. $(dirname $0)/../test_library -script_path=$(pwd) -test_nr=56 - -if ! grep -q "no libcurl available" "results.log"; then - for file in ${script_path}/../logs/notsigned/*.* - do - name="${file##*/}" - ext="${file##*.}" - desc="" - case $ext in - "cat") continue;; # Warning: CAT files do not support nesting - "msi") filetype=MSI; format_nr=2 ;; - "ex_") filetype=CAB; format_nr=3 ;; - "exe") filetype=PE; format_nr=4 ;; - "ps1") continue;; # Warning: TXT files do not support nesting - esac - - number="$test_nr$format_nr" - test_name="Verify a $filetype$desc file signed with the multiple signature" - printf "\n%03d. %s\n" "$number" "$test_name" - - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -verbose \ - -in "notsigned/$name" -out "signed1_$number.$ext" - ../../osslsigncode sign -h sha384 \ - -st "1556668800" \ - -nest \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "signed1_$number.$ext" -out "signed2_$number.$ext" - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -nest \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "signed2_$number.$ext" -out "test_$number.$ext" - result=$? - - verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$number" "$test_name" - done - else - format_nr=0 - number="$test_nr$format_nr" - test_name="Verify a file signed with the multiple signature" - printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" - fi - -exit 0 diff --git a/tests/test_library b/tests/test_library deleted file mode 100755 index 70069d4..0000000 --- a/tests/test_library +++ /dev/null @@ -1,174 +0,0 @@ -# this file is a library sourced from recipes/* - -result_path=$(pwd) -cd $(dirname "$0")/../ -script_path=$(pwd) -cd "${result_path}" - -test_result() { -#1 last exit status -#2 test number -#3 test name - - local result=0 - - if test "$1" -eq 0 - then - printf "%s\n" "Test succeeded" - else - printf "%s\n" "Test failed" - printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3 - result=1 - fi - return "$result" -} - -modify_blob() { -# $1 test number -# $2 filename extension -# $3 text searched in a binary file - - local result=0 - - initial_blob=$(echo -n "$3" | xxd -p) - modified_blob=$(echo -n "FAKE" | xxd -p) - zero_blob="00000000" - - xxd -p -c 1000 "test_$1.$2" | \ - sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \ - xxd -p -r > "changed_$1.$2" - - ../../osslsigncode verify -verbose \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "changed_$1.$2" 2>> "verify.log" 1>&2 - result=$? - - if test "$result" -ne 0 \ - -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1 - then - printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2 - result=1 - else - rm -f "changed_$1.$2" - fi - - return "$result" -} - -search_pattern() { -# $1 test number -# $2 filename extension -# $3 pattern searched in a binary file or verify.log - - local result=0 - - if ! grep -q "$3" "verify.log" - then - hex_pattern=$(echo -n "$3" | xxd -p) - if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2 - then - result=1 - printf "Failed: $3 not found\n" - fi - fi - return "$result" -} - -verify_signature() { -# $1 sign exit code -# $2 test number -# $3 filename extension -# $4 expected result -# $5 fake time -# $6 sha256sum requirement -# $7 pattern searched in the verify.log file -# $8 modify requirement - - local result=0 - - printf "" > "verify.log" - if test "$1" -eq 0 - then - cp "test_$2.$3" "test_tmp.tmp" - TZ=GMT faketime -f "$5" /bin/bash -c ' - printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" - script_path=$(pwd) - ../../osslsigncode verify -verbose \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -in "test_tmp.tmp" 2>> "verify.log" 1>&2' - result=$? - rm -f "test_tmp.tmp" - - if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" - then - search_pattern "$2" "$3" "$7" - result=$? - fi - - if test "$result" -eq 0 -a "$8" = "MODIFY" - then - modify_blob "$2" "$3" "$7" - result=$? - fi - - if test "$6" = "sha256sum" - then - sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2 - fi - - if test "$4" = "success" -a "$result" -eq 0 - then - rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3" - elif test "$4" = "fail" -a "$result" -eq 1 - then - rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3" - rm -f "changed_$2.$3" - cat "verify.log" >> "results.log" - result=0 - else - cat "verify.log" >> "results.log" - result=1 - fi - else - result=1 - fi - return "$result" -} - -verify_leaf_hash() { -# $1 sign exit code -# $2 test number -# $3 filename extension -# $4 fake time - - local result=0 - printf "" > "verify.log" - if test "$1" -eq 0 - then - cp "test_$2.$3" "test_tmp.tmp" - TZ=GMT faketime -f "$4" /bin/bash -c ' - printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" - script_path=$(pwd) - ../../osslsigncode verify -verbose \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \ - -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ - -in "test_tmp.tmp" 2>> "verify.log" 1>&2' - result=$? - rm -f "test_tmp.tmp" - if test "$result" -eq 0 - then - rm -f "test_$2.$3" - else - cat "verify.log" >> "results.log" - fi - else - result=1 - fi - return "$result" -} diff --git a/tests/testall.sh b/tests/testall.sh deleted file mode 100755 index 1b72674..0000000 --- a/tests/testall.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/sh -# mingw64-gcc, gcab, msitools, libgsf, libgsf-devel -# vim-common, libfaketime packages are required - -result=0 -count=0 -skip=0 -fail=0 - -result_path=$(pwd) -cd $(dirname "$0") -script_path=$(pwd) -result_path="${result_path}/logs" -certs_path="${script_path}/certs" - -make_tests() { - for plik in ${script_path}/recipes/* - do - /bin/sh $plik 3>&1 2>> "results.log" 1>&2 - done - count=$(grep -c "Test succeeded" "results.log") - skip=$(grep -c "Test skipped" "results.log") - fail=$(grep -c "Test failed" "results.log") - printf "%s\n" "testall.sh finished" - printf "%s\n" "summary: success $count, skip $skip, fail $fail" - return $fail -} - -rm -rf "${result_path}" -mkdir "${result_path}" -cd "${result_path}" -mkdir "notsigned" "sha256sum" - -date > "results.log" -../../osslsigncode -v >> "results.log" 2>/dev/null - -cd ${certs_path} -if test -s CACert.pem -a -s crosscert.pem -a -s expired.pem -a -s cert.pem \ - -a -s CACertCRL.pem -a -s revoked.pem -a -s key.pem -a -s keyp.pem \ - -a -s key.der -a -s cert.der -a -s cert.spc -a -s cert.p12 - then - printf "%s\n" "keys & certificates path: ${certs_path}" - else - ./makecerts.sh $1 - result=$? - fi -cd "${result_path}" - -if test "$result" -ne 0 - then - exit $result - fi - -# PE files support -if test -n "$(command -v x86_64-w64-mingw32-gcc)" - then - x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2 - else - printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" - printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" - fi - -# CAB files support -if test -n "$(command -v gcab)" - then - gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 - else - printf "%s\n" "gcab not found in \$PATH" - printf "%s\n" "tests for CAB files skipped, please install gcab package" - fi - -# MSI files support -if grep -q "no libgsf available" "results.log" - then - printf "%s\n" "signing MSI files requires libgsf/libgsf-devel packages and reconfiguration osslsigncode" - else - if test -n "$(command -v wixl)" - then - touch FoobarAppl10.exe - cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2 - wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2 - rm -f "notsigned/sample.wxs" - rm -f "FoobarAppl10.exe" - else - printf "%s\n" "wixl not found in \$PATH" - printf "%s\n" "tests for MSI files skipped, please install wixl or msitools package depending on your OS" - fi - fi - -# CAT files support -if test -s "../sources/good.cat" - then - cp "../sources/good.cat" "notsigned/good.cat" - fi - -# TXT files support -if test -s "../sources/utf8.ps1" - then - cp "../sources/utf8.ps1" "notsigned/utf8.ps1" - fi -if test -s "../sources/utf8bom.ps1" - then - cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1" - fi -if test -s "../sources/utf16le.ps1" - then - cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1" - fi - -# Timestamping support -if grep -q "no libcurl available" "results.log" - then - printf "%s\n" "configure --with-curl is required for timestamping support" - fi - -# Tests requirements -if test -n "$(command -v faketime)" - then - if test -n "$(command -v xxd)" - then - make_tests - result=$? - rm -r -f "notsigned/" "sha256sum/" - rm -f sign_[1-9].pem sign_[1-9].der - rm -f "verify.log" - else - printf "%s\n" "xxd not found in \$PATH" - printf "%s\n" "tests skipped, please install vim-common package" - fi - else - printf "%s\n" "faketime not found in \$PATH" - printf "%s\n" "tests skipped, please install faketime package" - fi - -exit $result diff --git a/tests/testsign.sh b/tests/testsign.sh deleted file mode 100755 index 21b34f1..0000000 --- a/tests/testsign.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/sh - -if [ -z "$(command -v keytool)" ]; then - printf "%s\n" "keytool was not found in the \$PATH" - printf "%s\n" "Please install the default-jre-headless package" - exit 1 -fi - -rm -f putty*.exe - -PUTTY_URL="http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe" -[ -f putty.exe ] || wget -q -O putty.exe $PUTTY_URL -[ -f putty.exe ] || curl -o putty.exe $PUTTY_URL - -if [ ! -f putty.exe ]; then - echo "FAIL: Couldn't download putty.exe" - exit 1 -fi - -rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem - -keytool -genkey \ - -alias selfsigned \ - -keysize 2048 \ - -keyalg RSA \ - -keypass passme \ - -storepass passme \ - -keystore key.ks << EOF -John Doe -ACME In -ACME -Springfield -LaLaLand -SE -yes -EOF - -echo "Converting key/cert to PKCS12 container" -keytool -importkeystore \ - -srckeystore key.ks \ - -srcstoretype JKS \ - -srckeypass passme \ - -srcstorepass passme \ - -srcalias selfsigned \ - -destkeystore key.p12 \ - -deststoretype PKCS12 \ - -destkeypass passme \ - -deststorepass passme - -rm -f key.ks - -echo "Converting key to PEM format" -openssl pkcs12 -in key.p12 -passin pass:passme -nocerts -nodes -out key.pem -echo "Converting key to PEM format (with password)" -openssl rsa -in key.pem -out keyp.pem -passout pass:passme -echo "Converting key to DER format" -openssl rsa -in key.pem -outform DER -out key.der -passout pass:passme -echo "Converting key to PVK format" -openssl rsa -in key.pem -outform PVK -pvk-strong -out key.pvk -passout pass:passme - -echo "Converting cert to PEM format" -openssl pkcs12 -in key.p12 -passin pass:passme -nokeys -out cert.pem -echo "Converting cert to SPC format" -openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc - -make -C .. -../osslsigncode sign -spc cert.spc -key key.pem putty.exe putty1.exe -../osslsigncode sign -certs cert.spc -key keyp.pem -pass passme putty.exe putty2.exe -../osslsigncode sign -certs cert.pem -key keyp.pem -pass passme putty.exe putty3.exe -../osslsigncode sign -certs cert.spc -key key.der putty.exe putty4.exe -../osslsigncode sign -pkcs12 key.p12 -pass passme putty.exe putty5.exe -../osslsigncode sign -certs cert.spc -key key.pvk -pass passme putty.exe putty6.exe - -rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem - -echo - -check=`sha1sum putty[1-9]*.exe | cut -d' ' -f1 | uniq | wc -l` -cmp putty1.exe putty2.exe && \ - cmp putty2.exe putty3.exe && \ - cmp putty3.exe putty4.exe && \ - cmp putty4.exe putty5.exe && \ - cmp putty5.exe putty6.exe -if [ $? -ne 0 ]; then - echo "Failure is not an option." - exit 1 -else - echo "Yes, it works." -fi - diff --git a/tests/tsa_server.py b/tests/tsa_server.py new file mode 100644 index 0000000..20fd326 --- /dev/null +++ b/tests/tsa_server.py @@ -0,0 +1,140 @@ +"""Implementation of a Time Stamping Authority HTTP server""" + +import argparse +import contextlib +import os +import pathlib +import subprocess +import sys +import threading +from http.server import BaseHTTPRequestHandler, HTTPServer + +RESULT_PATH = os.getcwd() +FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") +CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") +DEFAULT_PATH = os.path.join(RESULT_PATH, "./osslsigncode") +DEFAULT_IN = os.path.join(FILES_PATH, "./unsigned.exe") +DEFAULT_OUT = os.path.join(FILES_PATH, "./ts.exe") +DEFAULT_CERT = os.path.join(CERTS_PATH, "./cert.pem") +DEFAULT_KEY = os.path.join(CERTS_PATH, "./key.pem") +DEFAULT_CROSSCERT = os.path.join(CERTS_PATH, "./crosscert.pem") +OPENSSL_CONF = os.path.join(CERTS_PATH, "./openssl_tsa.cnf") +REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") +RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") + +DEFAULT_OPENSSL = ["openssl", "ts", + "-reply", "-config", OPENSSL_CONF, + "-passin", "pass:passme", + "-queryfile", REQUEST, + "-out", RESPONS] + + +class RequestHandler(BaseHTTPRequestHandler): + """Handle the HTTP POST request that arrive at the server""" + + def do_POST(self): + """"Serves the POST request type""" + try: + content_length = int(self.headers['Content-Length']) + post_data = self.rfile.read(content_length) + with open(REQUEST, mode="wb") as file: + file.write(post_data) + openssl = subprocess.run(DEFAULT_OPENSSL, check=True, text=True) + openssl.check_returncode() + self.send_response(200) + self.send_header("Content-type", "application/timestamp-reply") + self.end_headers() + resp_data = None + with open(RESPONS, mode="rb") as file: + resp_data = file.read() + self.wfile.write(resp_data) + except Exception as err: # pylint: disable=broad-except + print(f"HTTP POST request error: {err}") + + +class HttpServerThread(): + """TSA server thread handler""" + + def __init__(self): + self.server = None + self.server_thread = None + + def start_server(self) -> (str, int): + """Starting TSA server on localhost and a first available port""" + self.server = HTTPServer(("127.0.0.1", 0), RequestHandler) + self.server_thread = threading.Thread(target=self.server.serve_forever) + self.server_thread.start() + hostname, port = self.server.server_address[:2] + print(f"Timestamp server started, URL: http://{hostname}:{port}") + return hostname, port + + def shut_down(self): + """Shutting down the server""" + if self.server: + self.server.shutdown() + self.server_thread.join() + print("Server is down") + + +def parse_args() -> str: + """Parse the command-line arguments.""" + parser = argparse.ArgumentParser() + parser.add_argument( + "--input", + type=pathlib.Path, + default=DEFAULT_IN, + help="input file" + ) + parser.add_argument( + "--output", + type=pathlib.Path, + default=DEFAULT_OUT, + help="output file" + ) + parser.add_argument( + "--certs", + type=pathlib.Path, + default=DEFAULT_CERT, + help="signing certificate" + ) + parser.add_argument( + "--key", + type=pathlib.Path, + default=DEFAULT_KEY, + help="private key" + ) + parser.add_argument( + "--crosscert", + type=pathlib.Path, + default=DEFAULT_CROSSCERT, + help="additional certificates" + ) + args = parser.parse_args() + program = [DEFAULT_PATH, "sign", "-in", args.input, "-out", args.output, + "-certs", args.certs, "-key", args.key, + "-addUnauthenticatedBlob", "-add-msi-dse", "-comm", "-ph", "-jp", "low", + "-h", "sha384", "-st", "1556668800", "-i", "https://www.osslsigncode.com/", + "-n", "osslsigncode", "-ac", args.crosscert, "-ts"] + return program + +def main() -> None: + """Main program""" + ret = 0 + program = parse_args() + server = HttpServerThread() + hostname, port = server.start_server() + program.append(f"{hostname}:{port}") + try: + osslsigncode = subprocess.run(program, check=True, text=True) + osslsigncode.check_returncode() + except subprocess.CalledProcessError as err: + ret = err.returncode + except Exception as err: # pylint: disable=broad-except + print(f"osslsigncode error: {err}") + finally: + server.shut_down() + sys.exit(ret) + + +if __name__ == '__main__': + main()