CA bundle install path detection (#32)

2025-04-05 01:00:11 -05:00 · 2020-02-04 22:44:58 +01:00 · 2020-02-04 22:44:58 +01:00 · 7fcf08ad75
commit 7fcf08ad75
parent e7dd72c64d
45 changed files with 129 additions and 123 deletions
--- a/configure.ac
+++ b/configure.ac
@ -132,6 +132,8 @@ fi
 AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
 AC_SUBST([OPTIONAL_LIBCURL_LIBS])

+AC_DEFINE_UNQUOTED([CA_BUNDLE_PATH], ["$(curl-config --ca 2>/dev/null)"], [CA bundle install path])
+
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT

--- a/osslsigncode.c
+++ b/osslsigncode.c
@ -1919,7 +1919,7 @@ static int verify_timestamp(PKCS7 *p7, PKCS7 *tmstamp_p7, char *untrusted)
 	printf("TSA's certificates file: %s\n", untrusted);
 	store = X509_STORE_new();
 	if (!load_file_lookup(store, untrusted, NULL, X509_PURPOSE_TIMESTAMP_SIGN)) {
-		fprintf(stderr, "Failed to add timestamp store lookup file\n");
+		printf("\nUse the \"-untrusted\" option to add the CA cert bundle to verify timestamp server.\n");
 		ret = 1; /* FAILED */
 	}
 	verok = PKCS7_verify(tmstamp_p7, tmstamp_p7->d.sign->cert, store, 0, NULL, 0);
@ -2971,6 +2971,10 @@ static char *get_cafile(void)
 	const char *sslpart1, *sslpart2;
 	char *cafile, *openssl_dir, *str_begin, *str_end;

+#ifdef CA_BUNDLE_PATH
+	if (strcmp(CA_BUNDLE_PATH, ""))
+		return OPENSSL_strdup(CA_BUNDLE_PATH);
+#endif
 	sslpart1 = OpenSSL_version(OPENSSL_DIR);
 	sslpart2 = "/certs/ca-bundle.crt";
 	str_begin = strchr(sslpart1, '"');
--- a/tests/certs/makecerts.sh
+++ b/tests/certs/makecerts.sh
@ -3,7 +3,7 @@
 result=0

 test_result() {
-  if [ "$1" == 0 ]
+  if test "$1" -eq 0
    then
      printf "Succeeded\n" >> "makecerts.log"
    else
@ -139,9 +139,9 @@ make_certs() {
  test_result $?

 # copy new files
-  if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/expired.pem ] && [ -s tmp/cert.pem ] && \
-    [ -s tmp/CACertCRL.pem ] && [ -s tmp/revoked.pem ] && [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && \
-    [ -s tmp/key.der ] && [ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
+  if test -s tmp/CACert.pem -a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/cert.pem \
+    -a -s tmp/CACertCRL.pem -a -s tmp/revoked.pem -a -s tmp/key.pem -a -s tmp/keyp.pem \
+    -a -s tmp/key.der -a -s tmp/cert.der -a -s tmp/cert.spc -a -s tmp/cert.p12
  then
    cp tmp/* ./
    printf "%s\n" "keys & certificates successfully generated"
@ -164,7 +164,7 @@ make_certs() {
 }

 # Tests requirement
-if [ -n "$(command -v faketime)" ]
+if test -n "$(command -v faketime)"
  then
    make_certs $1
    result=$?
--- a/tests/recipes/01_sign_pem
+++ b/tests/recipes/01_sign_pem
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="011. Sign a PE file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="012. Sign a CAB file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -40,7 +40,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/02_sign_pass
+++ b/tests/recipes/02_sign_pass
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="021. Sign a PE file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="022. Sign a CAB file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -41,7 +41,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/03_sign_der
+++ b/tests/recipes/03_sign_der
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="031. Sign a PE file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -25,7 +25,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="032. Sign a CAB file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -42,7 +42,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/04_sign_spc
+++ b/tests/recipes/04_sign_spc
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="041. Sign a PE file a SPC certificate file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -25,7 +25,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="042. Sign a CAB file a SPC certificate file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -42,7 +42,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="043. Sign a MSI file a SPC certificate file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/05_sign_pkcs12
+++ b/tests/recipes/05_sign_pkcs12
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -23,7 +23,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -40,7 +40,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/06_test_sha256sum
+++ b/tests/recipes/06_test_sha256sum
@ -6,9 +6,9 @@ res=0
 skip=0
 test_name="061. Checking SHA256 message digests for 01x-05x tests"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
-    if [ $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
+    if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_exe.log" >> "results.log"
@ -21,9 +21,9 @@ if [ -s "test.exe" ]
    skip=$(($skip+1))
  fi

-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
-    if [ $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
+    if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_ex_.log" >> "results.log"
@ -36,9 +36,9 @@ if [ -s "test.ex_" ]
    skip=$(($skip+1))
  fi

-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
-    if [ $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
+    if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_msi.log" >> "results.log"
@ -51,7 +51,7 @@ if [ -s "sample.msi" ]
    skip=$(($skip+1))
  fi

-if [ $skip -lt 3 ]
+if test $skip -lt 3
  then
    test_result "$res" "$test_name"
  else
--- a/tests/recipes/07_sign_timestamp
+++ b/tests/recipes/07_sign_timestamp
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="071. Sign a PE file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # CAB file
 test_name="072. Sign a CAB file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -41,7 +41,7 @@ if [ -s "test.ex_" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="073. Sign a MSI file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/08_sign_rfc3161
+++ b/tests/recipes/08_sign_rfc3161
@ -11,7 +11,7 @@ script_path=$(pwd)
 # PE file
 test_name="081. Sign a PE file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -28,7 +28,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # CAB file
 test_name="082. Sign a CAB file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -45,7 +45,7 @@ if [ -s "test.ex_" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="083. Sign a MSI file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/09_sign_page_hashes
+++ b/tests/recipes/09_sign_page_hashes
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="091. Generate page hashes for a PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 -ph \
        -st "1556668800" \
--- a/tests/recipes/10_sign_blob
+++ b/tests/recipes/10_sign_blob
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="101. Sign a PE file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="102. Sign a CAB file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -41,7 +41,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="103. Sign a MSI file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/11_sign_nest
+++ b/tests/recipes/11_sign_nest
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="111. Sign a PE file with the nest flag"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -32,7 +32,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="113. Sign a MSI file with the nest flag"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/12_sign_readpass_pem
+++ b/tests/recipes/12_sign_readpass_pem
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="121. Sign a PE file with the PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="122. Sign a CAB file with a PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -41,7 +41,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="123. Sign a MSI file with a PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/13_sign_readpass_pkcs12
+++ b/tests/recipes/13_sign_readpass_pkcs12
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="131. Sign a PE file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -25,7 +25,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -42,7 +42,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/14_sign_descryption
+++ b/tests/recipes/14_sign_descryption
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="141. Sign a PE file with a descryption"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -24,7 +24,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="142. Sign a CAB file with a descryption"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -41,7 +41,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="143. Sign a MSI file with a descryption"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/15_sign_url
+++ b/tests/recipes/15_sign_url
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="151. Sign a PE file with specified URL"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -25,7 +25,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="152. Sign a CAB file with specified URL"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -42,7 +42,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="153. Sign a MSI file with specified URL"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/16_sign_comm
+++ b/tests/recipes/16_sign_comm
@ -10,7 +10,7 @@ script_path=$(pwd)
 # PE file
 test_name="161. Sign a PE file with the common purpose set"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -27,7 +27,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="162. Sign a CAB file with the common purpose set"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -44,7 +44,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="163. Sign a MSI file with the common purpose set"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/17_sign_crosscertfile
+++ b/tests/recipes/17_sign_crosscertfile
@ -9,7 +9,7 @@ script_path=$(pwd)
 # PE file
 test_name="171. Add an additional certificate to the signature block of the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -26,7 +26,7 @@ if [ -s "test.exe" ]
 # CAB file
 test_name="172. Add an additional certificate to the signature block of the CAB file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -43,7 +43,7 @@ if [ -s "test.ex_" ]
 # MSI file
 test_name="173. Add an additional certificate to the signature block of the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/21_sign_hash_md5
+++ b/tests/recipes/21_sign_hash_md5
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h md5 \
        -st "1556668800" \
--- a/tests/recipes/22_sign_hash_sha1
+++ b/tests/recipes/22_sign_hash_sha1
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha1 \
        -st "1556668800" \
--- a/tests/recipes/23_sign_hash_sha2
+++ b/tests/recipes/23_sign_hash_sha2
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha2 \
        -st "1556668800" \
--- a/tests/recipes/24_sign_hash_sha384
+++ b/tests/recipes/24_sign_hash_sha384
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha384 \
        -st "1556668800" \
--- a/tests/recipes/25_sign_hash_sha512
+++ b/tests/recipes/25_sign_hash_sha512
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
--- a/tests/recipes/31_extract_signature
+++ b/tests/recipes/31_extract_signature
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="311. Extract the signature from the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -28,7 +28,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="312. Extract the signature from the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/32_attach_signature
+++ b/tests/recipes/32_attach_signature
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="321. Attach the signature to the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode attach-signature -sigin "sign_pe.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
@ -26,7 +26,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="322. Attach the signature to the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode attach-signature -sigin "sign_msi.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
--- a/tests/recipes/33_remove_signature
+++ b/tests/recipes/33_remove_signature
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="331. Remove the signature from the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -28,7 +28,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="332. Remove the signature from the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/35_varia_sha256sum
+++ b/tests/recipes/35_varia_sha256sum
@ -7,9 +7,9 @@ res=0
 skip=0
 test_name="351. Checking SHA256 message digests for 31x-34x tests"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
-    if [ $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
+    if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_exe.log" >> "results.log"
@ -22,9 +22,9 @@ if [ -s "test.exe" ]
    skip=$(($skip+1))
  fi

-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
-    if [ $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 ]
+    if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_msi.log" >> "results.log"
@ -37,7 +37,7 @@ if [ -s "sample.msi" ]
    skip=$(($skip+1))
  fi

-if [ $skip -lt 2 ]
+if test $skip -lt 2
  then
    test_result "$res" "$test_name"
  else
--- a/tests/recipes/36_add_signature_blob
+++ b/tests/recipes/36_add_signature_blob
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="361. Add an unauthenticated blob to the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -29,7 +29,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="362. Add an unauthenticated blob to the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/37_add_signature_timestamp
+++ b/tests/recipes/37_add_signature_timestamp
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="371. Add an authenticode timestamp to the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -29,7 +29,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="372. Add an authenticode timestamp to the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/38_add_signature_rfc3161
+++ b/tests/recipes/38_add_signature_rfc3161
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="381. Add RFC 3161 timestamp to signed PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -29,7 +29,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="382. Add RFC 3161 timestamp to signed MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/40_verify_leaf_hash
+++ b/tests/recipes/40_verify_leaf_hash
@ -7,7 +7,7 @@ script_path=$(pwd)
 # PE file
 test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
@ -25,7 +25,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/41_sign_add_msi_dse
+++ b/tests/recipes/41_sign_add_msi_dse
@ -17,7 +17,7 @@ script_path=$(pwd)
 # MSI file
 test_name="411. Sign a MSI file with the add-msi-dse option"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/42_sign_jp_low
+++ b/tests/recipes/42_sign_jp_low
@ -11,7 +11,7 @@ script_path=$(pwd)
 # CAB file
 test_name="421. Sign a CAB file with jp low option"
 printf "\n%s\n" "$test_name"
-if [ -s "test.ex_" ]
+if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/45_verify_fake_pe
+++ b/tests/recipes/45_verify_fake_pe
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="451. Verify changed PE file after signing"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/46_verify_timestamp
+++ b/tests/recipes/46_verify_timestamp
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="461. Verify changed PE file after signing with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/47_verify_rfc3161
+++ b/tests/recipes/47_verify_rfc3161
@ -8,7 +8,7 @@ script_path=$(pwd)
 # PE file
 test_name="471. Verify changed PE file after signing with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
--- a/tests/recipes/51_verify_time
+++ b/tests/recipes/51_verify_time
@ -6,7 +6,7 @@
 # PE file
 test_name="511. Verify PE file signature after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ]
+if test -s "test.exe"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
@ -26,7 +26,7 @@ if [ -s "test.exe" ]
 # MSI file
 test_name="513. Verify MSI file signature after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ]
+if test -s "sample.msi"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
--- a/tests/recipes/52_verify_timestamp
+++ b/tests/recipes/52_verify_timestamp
@ -6,7 +6,7 @@
 # PE file
 test_name="521. Verify PE file signature with timestamping after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
@ -27,7 +27,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="523. Verify MSI file signature with timestamping after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
--- a/tests/recipes/53_verify_rfc3161
+++ b/tests/recipes/53_verify_rfc3161
@ -6,7 +6,7 @@
 # PE file
 test_name="531. Verify PE file signature with RFC3161 after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
@ -27,7 +27,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
--- a/tests/recipes/54_verify_expired
+++ b/tests/recipes/54_verify_expired
@ -6,7 +6,7 @@
 # PE file
 test_name="541. Verify PE file signed with the expired cert"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
@ -27,7 +27,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="543. Verify MSI file signed with the expired cert"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
--- a/tests/recipes/55_verify_revoked
+++ b/tests/recipes/55_verify_revoked
@ -6,7 +6,7 @@
 # PE file
 test_name="551. Verify PE file signed with the revoked cert"
 printf "\n%s\n" "$test_name"
-if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
@ -27,7 +27,7 @@ if [ -s "test.exe" ] && ! grep -q "no libcurl available" "results.log"
 # MSI file
 test_name="553. Verify MSI file signed with the revoked cert"
 printf "\n%s\n" "$test_name"
-if [ -s "sample.msi" ] && ! grep -q "no libcurl available" "results.log"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
--- a/tests/test_library
+++ b/tests/test_library
@ -11,7 +11,7 @@ test_result() {

  local result=0

-  if [ "$1" -eq 0 ]
+  if test "$1" -eq 0
    then
      printf "%s\n" "Test succeeded"
    else
@ -40,8 +40,8 @@ modify_blob() {
      -CRLfile "${script_path}/../certs/CACertCRL.pem" \
      -in "test_$1_changed.$2" 2>> "verify.log" 1>&2
  result=$?
-  if [ "$result" -ne 0 ] || \
-      [ $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 ]
+  if test "$result" -ne 0 \
+      -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1
    then
      printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
      result=1
@ -61,7 +61,7 @@ search_pattern() {

  local result=0

-  if [ "$3" = "ASCII" ]
+  if test "$3" = "ASCII"
    then
      hex_pattern=$(echo -n "$4" | xxd -p)
    else
@ -72,9 +72,9 @@ search_pattern() {
    then
      result=1
      printf "Failed: $4 not found\n"
-    elif [ "$5" = "MODIFY" ]
+    elif test "$5" = "MODIFY"
      then
-        if [ "$2" != "ex_" ]
+        if test "$2" != "ex_"
         then
           modify_blob "$1" "$2" "$4"
           result=$?
@ -99,9 +99,9 @@ verify_signature() {

  local result=0
  printf "" > "verify.log"
-  if [ "$1" -eq 0 ]
+  if test "$1" -eq 0
    then
-      if [ "$3" != "ex_" ]
+      if test "$3" != "ex_"
        then
          cp "test_$2.$3" "test_tmp.tmp"
          TZ=GMT faketime -f "$5" /bin/bash -c '
@ -116,25 +116,25 @@ verify_signature() {
        else
           printf "VERIFY is not supported for CAB files\n"
        fi
-      if [ "$result" -eq 0 ] && [ "$7" != "UNUSED_PATTERN" ] && [ "$8" != "UNUSED_PATTERN" ]
+      if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
        then
          search_pattern "$2" "$3" "$7" "$8" "$9"
          result=$?
        fi
-      if [ "$6" = "sha256sum" ]
+      if test "$6" = "sha256sum"
        then
-          if [ -s "test_$2_signed.$3" ]
+          if test -s "test_$2_signed.$3"
            then
              sha256sum "test_$2_signed.$3" 2>> "sha256sum_$3.log" 1>&2
            else
              sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
            fi
        fi
-      if [ "$4" = "success" ] && [ "$result" -eq 0 ]
+      if test "$4" = "success" -a "$result" -eq 0
        then
          rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
          result=0
-        elif [ "$4" = "fail" ] && [ "$result" -eq 1 ]
+        elif test "$4" = "fail" -a "$result" -eq 1
          then
            rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
            cat "verify.log" >> "results.log"
@ -157,9 +157,9 @@ verify_leaf_hash() {

  local result=0
  printf "" > "verify.log"
-  if [ "$1" -eq 0 ]
+  if test "$1" -eq 0
    then
-      if [ "$3" != "ex_" ]
+      if test "$3" != "ex_"
        then
          cp "test_$2.$3" "test_tmp.tmp"
          TZ=GMT faketime -f "$4" /bin/bash -c '
@ -175,7 +175,7 @@ verify_leaf_hash() {
        else
           printf "VERIFY is not supported for CAB files\n"
        fi
-      if [ "$result" -eq 0 ]
+      if test "$result" -eq 0
        then
          rm -f "test_$2.$3"
        else
--- a/tests/testall.sh
+++ b/tests/testall.sh
@ -19,7 +19,7 @@ make_tests() {
      /bin/sh $plik 3>&1 2>> "results.log" 1>&2
    done
    count=$(grep -c "Test succeeded" "results.log")
-  if [ $count -ne 0 ]
+  if test $count -ne 0
    then
      skip=$(grep -c "Test skipped" "results.log")
      fail=$(grep -c "Test failed" "results.log")
@ -38,9 +38,9 @@ date > "results.log"
 ../../osslsigncode -v >> "results.log" 2>/dev/null

 cd ${certs_path}
-if [ -s CACert.pem ] && [ -s crosscert.pem ] && [ -s expired.pem ] && [ -s cert.pem ] && \
-    [ -s CACertCRL.pem ] && [ -s revoked.pem ] && [ -s key.pem ] && [ -s keyp.pem ] && \
-    [ -s key.der ] && [ -s cert.der ] && [ -s cert.spc ] && [ -s cert.p12 ]
+if test -s CACert.pem -a -s crosscert.pem -a -s expired.pem -a -s cert.pem \
+    -a -s CACertCRL.pem -a -s revoked.pem -a -s key.pem -a -s keyp.pem \
+    -a -s key.der -a -s cert.der -a -s cert.spc -a -s cert.p12
  then
    printf "%s\n" "keys & certificates path: ${certs_path}"
  else
@ -49,16 +49,16 @@ if [ -s CACert.pem ] && [ -s crosscert.pem ] && [ -s expired.pem ] && [ -s cert.
  fi
 cd "${result_path}"

-if [ "$result" -ne 0 ]
+if test "$result" -ne 0
  then
    exit $result
  fi

 # PE and CAB files support
-if [ -n "$(command -v x86_64-w64-mingw32-gcc)" ]
+if test -n "$(command -v x86_64-w64-mingw32-gcc)"
  then
    x86_64-w64-mingw32-gcc "../myapp.c" -o "test.exe" 2>> "results.log" 1>&2
-    if [ -n "$(command -v gcab)" ]
+    if test -n "$(command -v gcab)"
      then
        gcab -c "test.ex_" "test.exe" 2>> "results.log" 1>&2
      else
@ -75,7 +75,7 @@ if grep -q "no libgsf available" "results.log"
  then
    printf "%s\n" "signing MSI files requires libgsf/libgsf-devel packages and reconfiguration osslsigncode"
  else
-    if [ -n "$(command -v wixl)" ]
+    if test -n "$(command -v wixl)"
      then
        touch FoobarAppl10.exe
        cp "../sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
@ -93,9 +93,9 @@ if grep -q "no libcurl available" "results.log"
  fi

 # Tests requirements
-if [ -n "$(command -v faketime)" ]
+if test -n "$(command -v faketime)"
  then
-    if [ -n "$(command -v xxd)" ]
+    if test -n "$(command -v xxd)"
      then
        make_tests
        result=$?