nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

CAB file tests

Browse Source
This commit is contained in:
olszomal 2020-02-21 14:10:21 +01:00
parent 94f5e0c1bf
commit a56aee3c8f
21 changed files with 297 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tests/recipes/11_sign_nest
View File

@ -27,7 +27,25 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Error: -nest option is only valid for PE/MSI files test_name="112. Sign a CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="113. Sign a MSI file with the nest flag" test_name="113. Sign a MSI file with the nest flag"

27
tests/recipes/31_extract_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Extract the signature from the PE/MSI file. # Extract the signature from the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -23,20 +23,35 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="312. Extract the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_312.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_312.ex_" -out "sign_cab.pem"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="312. Extract the signature from the MSI file" test_name="313. Extract the signature from the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_312.msi" && \ -in "sample.msi" -out "test_313.msi" && \
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature -pem \
-in "test_312.msi" -out "sign_msi.pem" -in "test_313.msi" -out "sign_msi.pem"
verify_signature "$?" "312" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

23
tests/recipes/32_attach_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the PE/MSI file. # Attach the signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -21,18 +21,31 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="322. Attach the signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature -sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="322. Attach the signature to the MSI file" test_name="323. Attach the signature to the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then
../../osslsigncode attach-signature -sigin "sign_msi.pem" \ ../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_322.msi" -in "sample.msi" -out "test_323.msi"
verify_signature "$?" "322" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

27
tests/recipes/33_remove_signature
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Remove the signature from the PE/MSI file. # Remove the signature from the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -23,20 +23,35 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="332. Remove the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_332_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "fail" "@2019-09-01 12:00:00" \
"sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="332. Remove the signature from the MSI file" test_name="333. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_332_signed.msi" && \ -in "sample.msi" -out "test_333_signed.msi" && \
../../osslsigncode remove-signature \ ../../osslsigncode remove-signature \
-in "test_332_signed.msi" -out "test_332.msi" -in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "332" "msi" "fail" "@2019-09-01 12:00:00" \ verify_signature "$?" "333" "msi" "fail" "@2019-09-01 12:00:00" \
"sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

15
tests/recipes/35_varia_sha256sum
View File

@ -22,6 +22,21 @@ if test -s "test.exe"
skip=$(($skip+1)) skip=$(($skip+1))
fi fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
else
rm -f test_3[1-4]*[1-2]*.ex_
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi" if test -s "sample.msi"
then then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1

28
tests/recipes/36_add_signature_blob
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Add an unauthenticated blob to the PE/MSI file. # Add an unauthenticated blob to the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="362. Add an unauthenticated blob to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_362_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_362_signed.ex_" -out "test_362.ex_"
verify_signature "$?" "362" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="362. Add an unauthenticated blob to the MSI file" test_name="363. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" if test -s "sample.msi"
then then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_362_signed.msi" -in "sample.msi" -out "test_363_signed.msi"
../../osslsigncode add \ ../../osslsigncode add \
-addUnauthenticatedBlob \ -addUnauthenticatedBlob \
-in "test_362_signed.msi" -out "test_362.msi" -in "test_363_signed.msi" -out "test_363.msi"
verify_signature "$?" "362" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "363" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

28
tests/recipes/37_add_signature_timestamp
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Add an authenticode timestamp to the PE/MSI file. # Add an authenticode timestamp to the PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="372. Add an authenticode timestamp to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="372. Add an authenticode timestamp to the MSI file" test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_372_signed.msi" && \ -in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \ ../../osslsigncode add \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-in "test_372_signed.msi" -out "test_372.msi" -in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "372" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

28
tests/recipes/38_add_signature_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Add an RFC 3161 timestamp to signed PE/MSI file. # Add an RFC 3161 timestamp to signed PE/CAB/MSI file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="382. Add RFC 3161 timestamp to signed CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="382. Add RFC 3161 timestamp to signed MSI file" test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name" printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_382_signed.msi" -in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \ ../../osslsigncode add \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-in "test_382_signed.msi" -out "test_382.msi" -in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "382" "msi" "success" "@2019-09-01 12:00:00" \ verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$test_name"
else else

16
tests/recipes/40_verify_leaf_hash
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/MSI file # Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
@ -20,7 +20,19 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file" test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"

18
tests/recipes/51_verify_time
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Verify PE/MSI file signature after the cert has been expired. # Verify PE/CAB/MSI file signature after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
@ -21,7 +21,21 @@ if test -s "test.exe"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="512. Verify CAB file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="513. Verify MSI file signature after the cert has been expired" test_name="513. Verify MSI file signature after the cert has been expired"

19
tests/recipes/52_verify_timestamp
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Verify PE/MSI file signature with Authenticode timestamping after the cert has been expired. # Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="523. Verify MSI file signature with timestamping after the cert has been expired" test_name="523. Verify MSI file signature with timestamping after the cert has been expired"

19
tests/recipes/53_verify_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Verify PE/MSI file signature with RFC3161 timestamping after the cert has been expired. # Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired" test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"

19
tests/recipes/54_verify_expired
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Verify PE/MSI file signed with the expired cert. # Verify PE/CAB/MSI file signed with the expired cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="542. Verify CAB file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="543. Verify MSI file signed with the expired cert" test_name="543. Verify MSI file signed with the expired cert"

19
tests/recipes/55_verify_revoked
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Verify PE/MSI file signed with the revoked cert. # Verify PE/CAB/MSI file signed with the revoked cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
fi fi
# CAB file # CAB file
# Command is not supported for non-PE/non-MSI files test_name="552. Verify CAB file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file # MSI file
test_name="553. Verify MSI file signed with the revoked cert" test_name="553. Verify MSI file signed with the revoked cert"

1
tests/sources/a Normal file
View File

@ -0,0 +1 @@
aaa

1
tests/sources/b Normal file
View File

@ -0,0 +1 @@
bbb

1
tests/sources/c Normal file
View File

@ -0,0 +1 @@
ccc

0
tests/myapp.c → tests/sources/myapp.c
View File

0
tests/sample.wxs → tests/sources/sample.wxs
View File

61
tests/test_library
View File

@ -74,13 +74,8 @@ search_pattern() {
printf "Failed: $4 not found\n" printf "Failed: $4 not found\n"
elif test "$5" = "MODIFY" elif test "$5" = "MODIFY"
then then
if test "$2" != "ex_" modify_blob "$1" "$2" "$4"
then result=$?
modify_blob "$1" "$2" "$4"
result=$?
else
printf "MODIFY is not supported for CAB files\n"
fi
fi fi
return "$result" return "$result"
@ -101,21 +96,16 @@ verify_signature() {
printf "" > "verify.log" printf "" > "verify.log"
if test "$1" -eq 0 if test "$1" -eq 0
then then
if test "$3" != "ex_" cp "test_$2.$3" "test_tmp.tmp"
then TZ=GMT faketime -f "$5" /bin/bash -c '
cp "test_$2.$3" "test_tmp.tmp" printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
TZ=GMT faketime -f "$5" /bin/bash -c ' script_path=$(pwd)
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" ../../osslsigncode verify \
script_path=$(pwd) -CAfile "${script_path}/../certs/CACert.pem" \
../../osslsigncode verify \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ result=$?
-in "test_tmp.tmp" 2>> "verify.log" 1>&2' rm -f "test_tmp.tmp"
result=$?
rm -f "test_tmp.tmp"
else
printf "VERIFY is not supported for CAB files\n"
fi
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN" if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
then then
search_pattern "$2" "$3" "$7" "$8" "$9" search_pattern "$2" "$3" "$7" "$8" "$9"
@ -159,22 +149,17 @@ verify_leaf_hash() {
printf "" > "verify.log" printf "" > "verify.log"
if test "$1" -eq 0 if test "$1" -eq 0
then then
if test "$3" != "ex_" cp "test_$2.$3" "test_tmp.tmp"
then TZ=GMT faketime -f "$4" /bin/bash -c '
cp "test_$2.$3" "test_tmp.tmp" printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
TZ=GMT faketime -f "$4" /bin/bash -c ' script_path=$(pwd)
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" ../../osslsigncode verify \
script_path=$(pwd) -CAfile "${script_path}/../certs/CACert.pem" \
../../osslsigncode verify \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ result=$?
-in "test_tmp.tmp" 2>> "verify.log" 1>&2' rm -f "test_tmp.tmp"
result=$?
rm -f "test_tmp.tmp"
else
printf "VERIFY is not supported for CAB files\n"
fi
if test "$result" -eq 0 if test "$result" -eq 0
then then
rm -f "test_$2.$3" rm -f "test_$2.$3"

24
tests/testall.sh
View File

@ -54,22 +54,24 @@ if test "$result" -ne 0
exit $result exit $result
fi fi
# PE and CAB files support # PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)" if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then then
x86_64-w64-mingw32-gcc "../myapp.c" -o "test.exe" 2>> "results.log" 1>&2 x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2
if test -n "$(command -v gcab)"
then
gcab -c "test.ex_" "test.exe" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
fi
else else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
fi fi
# CAB files support
if test -n "$(command -v gcab)"
then
gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
fi
# MSI files support # MSI files support
if grep -q "no libgsf available" "results.log" if grep -q "no libgsf available" "results.log"
then then
@ -78,7 +80,7 @@ if grep -q "no libgsf available" "results.log"
if test -n "$(command -v wixl)" if test -n "$(command -v wixl)"
then then
touch FoobarAppl10.exe touch FoobarAppl10.exe
cp "../sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2 wixl -v "sample.wxs" 2>> "results.log" 1>&2
else else
printf "%s\n" "wixl not found in \$PATH" printf "%s\n" "wixl not found in \$PATH"
@ -100,7 +102,7 @@ if test -n "$(command -v faketime)"
make_tests make_tests
result=$? result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "sign_pe.pem" "sign_msi.pem" "verify.log" rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
else else
printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package" printf "%s\n" "tests skipped, please install vim-common package"