nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

CAB file tests

Browse Source
This commit is contained in:
olszomal 2020-02-21 14:10:21 +01:00
parent 94f5e0c1bf
commit a56aee3c8f
21 changed files with 297 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tests/recipes/11_sign_nest
View File

@ -27,7 +27,25 @@ if test -s "test.exe"
fi
# CAB file
# Error: -nest option is only valid for PE/MSI files
test_name="112. Sign a CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Sign a MSI file with the nest flag"

27
tests/recipes/31_extract_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Extract the signature from the PE/MSI file.
# Extract the signature from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -23,20 +23,35 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="312. Extract the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_312.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_312.ex_" -out "sign_cab.pem"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="312. Extract the signature from the MSI file"
test_name="313. Extract the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_312.msi" && \
-in "sample.msi" -out "test_313.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_312.msi" -out "sign_msi.pem"
verify_signature "$?" "312" "msi" "success" "@2019-09-01 12:00:00" \
-in "test_313.msi" -out "sign_msi.pem"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else

23
tests/recipes/32_attach_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Attach the signature to the PE/MSI file.
# Attach the signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -21,18 +21,31 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="322. Attach the signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature -sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="322. Attach the signature to the MSI file"
test_name="323. Attach the signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_322.msi"
verify_signature "$?" "322" "msi" "success" "@2019-09-01 12:00:00" \
-in "sample.msi" -out "test_323.msi"
verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else

27
tests/recipes/33_remove_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Remove the signature from the PE/MSI file.
# Remove the signature from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -23,20 +23,35 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="332. Remove the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_332_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "fail" "@2019-09-01 12:00:00" \
"sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="332. Remove the signature from the MSI file"
test_name="333. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_332_signed.msi" && \
-in "sample.msi" -out "test_333_signed.msi" && \
../../osslsigncode remove-signature \
-in "test_332_signed.msi" -out "test_332.msi"
verify_signature "$?" "332" "msi" "fail" "@2019-09-01 12:00:00" \
-in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "333" "msi" "fail" "@2019-09-01 12:00:00" \
"sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else

15
tests/recipes/35_varia_sha256sum
View File

@ -22,6 +22,21 @@ if test -s "test.exe"
skip=$(($skip+1))
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_3[1-4]*[1-2]*.ex_
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1

28
tests/recipes/36_add_signature_blob
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Add an unauthenticated blob to the PE/MSI file.
# Add an unauthenticated blob to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="362. Add an unauthenticated blob to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_362_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.ex_" -out "test_362.ex_"
verify_signature "$?" "362" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="362. Add an unauthenticated blob to the MSI file"
test_name="363. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_362_signed.msi"
-in "sample.msi" -out "test_363_signed.msi"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.msi" -out "test_362.msi"
verify_signature "$?" "362" "msi" "success" "@2019-09-01 12:00:00" \
-in "test_363_signed.msi" -out "test_363.msi"
verify_signature "$?" "363" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else

28
tests/recipes/37_add_signature_timestamp
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Add an authenticode timestamp to the PE/MSI file.
# Add an authenticode timestamp to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="372. Add an authenticode timestamp to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="372. Add an authenticode timestamp to the MSI file"
test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_372_signed.msi" && \
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-in "test_372_signed.msi" -out "test_372.msi"
verify_signature "$?" "372" "msi" "success" "@2019-09-01 12:00:00" \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else

28
tests/recipes/38_add_signature_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Add an RFC 3161 timestamp to signed PE/MSI file.
# Add an RFC 3161 timestamp to signed PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="382. Add RFC 3161 timestamp to signed CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="382. Add RFC 3161 timestamp to signed MSI file"
test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_382_signed.msi"
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-in "test_382_signed.msi" -out "test_382.msi"
verify_signature "$?" "382" "msi" "success" "@2019-09-01 12:00:00" \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else

16
tests/recipes/40_verify_leaf_hash
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/MSI file
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file
. $(dirname $0)/../test_library
script_path=$(pwd)
@ -20,7 +20,19 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"

18
tests/recipes/51_verify_time
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Verify PE/MSI file signature after the cert has been expired.
# Verify PE/CAB/MSI file signature after the cert has been expired.
. $(dirname $0)/../test_library
@ -21,7 +21,21 @@ if test -s "test.exe"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="512. Verify CAB file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="513. Verify MSI file signature after the cert has been expired"

19
tests/recipes/52_verify_timestamp
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Verify PE/MSI file signature with Authenticode timestamping after the cert has been expired.
# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="523. Verify MSI file signature with timestamping after the cert has been expired"

19
tests/recipes/53_verify_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Verify PE/MSI file signature with RFC3161 timestamping after the cert has been expired.
# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"

19
tests/recipes/54_verify_expired
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Verify PE/MSI file signed with the expired cert.
# Verify PE/CAB/MSI file signed with the expired cert.
. $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="542. Verify CAB file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="543. Verify MSI file signed with the expired cert"

19
tests/recipes/55_verify_revoked
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Verify PE/MSI file signed with the revoked cert.
# Verify PE/CAB/MSI file signed with the revoked cert.
. $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi
# CAB file
# Command is not supported for non-PE/non-MSI files
test_name="552. Verify CAB file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="553. Verify MSI file signed with the revoked cert"

1
tests/sources/a Normal file
View File

@ -0,0 +1 @@
aaa

1
tests/sources/b Normal file
View File

@ -0,0 +1 @@
bbb

1
tests/sources/c Normal file
View File

@ -0,0 +1 @@
ccc

0
tests/myapp.c → tests/sources/myapp.c
View File

0
tests/sample.wxs → tests/sources/sample.wxs
View File

61
tests/test_library
View File

@ -74,13 +74,8 @@ search_pattern() {
printf "Failed: $4 not found\n"
elif test "$5" = "MODIFY"
then
if test "$2" != "ex_"
then
modify_blob "$1" "$2" "$4"
result=$?
else
printf "MODIFY is not supported for CAB files\n"
fi
modify_blob "$1" "$2" "$4"
result=$?
fi
return "$result"
@ -101,21 +96,16 @@ verify_signature() {
printf "" > "verify.log"
if test "$1" -eq 0
then
if test "$3" != "ex_"
then
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$5" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
else
printf "VERIFY is not supported for CAB files\n"
fi
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$5" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
then
search_pattern "$2" "$3" "$7" "$8" "$9"
@ -159,22 +149,17 @@ verify_leaf_hash() {
printf "" > "verify.log"
if test "$1" -eq 0
then
if test "$3" != "ex_"
then
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$4" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
else
printf "VERIFY is not supported for CAB files\n"
fi
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$4" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
if test "$result" -eq 0
then
rm -f "test_$2.$3"

24
tests/testall.sh
View File

@ -54,22 +54,24 @@ if test "$result" -ne 0
exit $result
fi
# PE and CAB files support
# PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then
x86_64-w64-mingw32-gcc "../myapp.c" -o "test.exe" 2>> "results.log" 1>&2
if test -n "$(command -v gcab)"
then
gcab -c "test.ex_" "test.exe" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
fi
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2
else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
fi
# CAB files support
if test -n "$(command -v gcab)"
then
gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
fi
# MSI files support
if grep -q "no libgsf available" "results.log"
then
@ -78,7 +80,7 @@ if grep -q "no libgsf available" "results.log"
if test -n "$(command -v wixl)"
then
touch FoobarAppl10.exe
cp "../sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2
else
printf "%s\n" "wixl not found in \$PATH"
@ -100,7 +102,7 @@ if test -n "$(command -v faketime)"
make_tests
result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "sign_pe.pem" "sign_msi.pem" "verify.log"
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
else
printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package"