diff --git a/tests/recipes/45_verify_fake_pe b/tests/recipes/45_verify_fake_pe new file mode 100644 index 0000000..0e9ce27 --- /dev/null +++ b/tests/recipes/45_verify_fake_pe @@ -0,0 +1,30 @@ +#!/bin/sh +# Verify changed PE file after signing. + + +. $(dirname $0)/../test_library +script_path=$(pwd) + +# PE file +test_name="451. Verify changed PE file after signing" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.exe" -out "test_451.exe" + verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE files + +# MSI file +# Command is not supported for non-PE files + +exit 0 diff --git a/tests/recipes/46_verify_timestamp b/tests/recipes/46_verify_timestamp new file mode 100644 index 0000000..c3ebdb5 --- /dev/null +++ b/tests/recipes/46_verify_timestamp @@ -0,0 +1,31 @@ +#!/bin/sh +# Verify changed PE file after signing with Authenticode timestamping. + + +. $(dirname $0)/../test_library +script_path=$(pwd) + +# PE file +test_name="461. Verify changed PE file after signing with Authenticode timestamping" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "test.exe" -out "test_461.exe" + verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE files + +# MSI file +# Command is not supported for non-PE files + +exit 0 diff --git a/tests/recipes/47_verify_rfc3161 b/tests/recipes/47_verify_rfc3161 new file mode 100755 index 0000000..6157ef5 --- /dev/null +++ b/tests/recipes/47_verify_rfc3161 @@ -0,0 +1,32 @@ +#!/bin/sh +# Verify changed PE file after signing with RFC 3161 timestamping. + + +. $(dirname $0)/../test_library +script_path=$(pwd) + +# PE file +test_name="471. Verify changed PE file after signing with RFC 3161 timestamping" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -in "test.exe" -out "test_471.exe" + verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" + + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE files + +# MSI file +# Command is not supported for non-PE files + +exit 0 diff --git a/tests/recipes/51_verify_time b/tests/recipes/51_verify_time new file mode 100644 index 0000000..252bdd3 --- /dev/null +++ b/tests/recipes/51_verify_time @@ -0,0 +1,43 @@ +#!/bin/sh +# Verify PE/MSI file signature after the cert has been expired. + +. $(dirname $0)/../test_library + +# PE file +test_name="511. Verify PE file signature after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2' + verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE/non-MSI files + +# MSI file +test_name="513. Verify MSI file signature after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "sample.msi" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "sample.msi" -out "test_513.msi"' + verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0 diff --git a/tests/recipes/52_verify_timestamp b/tests/recipes/52_verify_timestamp new file mode 100644 index 0000000..85a20b0 --- /dev/null +++ b/tests/recipes/52_verify_timestamp @@ -0,0 +1,45 @@ +#!/bin/sh +# Verify PE/MSI file signature with Authenticode timestamping after the cert has been expired. + +. $(dirname $0)/../test_library + +# PE file +test_name="521. Verify PE file signature with timestamping after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2' + verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE/non-MSI files + +# MSI file +test_name="523. Verify MSI file signature with timestamping after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "sample.msi" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "sample.msi" -out "test_523.msi"' + verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0 diff --git a/tests/recipes/53_verify_rfc3161 b/tests/recipes/53_verify_rfc3161 new file mode 100644 index 0000000..a75109c --- /dev/null +++ b/tests/recipes/53_verify_rfc3161 @@ -0,0 +1,45 @@ +#!/bin/sh +# Verify PE/MSI file signature with RFC3161 timestamping after the cert has been expired. + +. $(dirname $0)/../test_library + +# PE file +test_name="531. Verify PE file signature with RFC3161 after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2' + verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE/non-MSI files + +# MSI file +test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired" +printf "\n%s\n" "$test_name" +if [ -s "sample.msi" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -in "sample.msi" -out "test_533.msi"' + verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0 diff --git a/tests/recipes/54_verify_expired b/tests/recipes/54_verify_expired new file mode 100644 index 0000000..405b512 --- /dev/null +++ b/tests/recipes/54_verify_expired @@ -0,0 +1,45 @@ +#!/bin/sh +# Verify PE/MSI file signed with the expired cert. + +. $(dirname $0)/../test_library + +# PE file +test_name="541. Verify PE file signed with the expired cert" +printf "\n%s\n" "$test_name" +if [ -s "test.exe" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2' + verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +# CAB file +# Command is not supported for non-PE/non-MSI files + +# MSI file +test_name="543. Verify MSI file signed with the expired cert" +printf "\n%s\n" "$test_name" +if [ -s "sample.msi" ] + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "sample.msi" -out "test_543.msi"' + verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi + +exit 0