multiple signature test

2025-04-05 01:00:11 -05:00 · 2020-06-12 13:17:16 +02:00 · 2020-06-12 13:17:16 +02:00 · c0d65b2441
commit c0d65b2441
parent 4f71fefb79
2 changed files with 100 additions and 0 deletions
--- a/tests/recipes/56_verify_multiple
+++ b/tests/recipes/56_verify_multiple
@ -0,0 +1,99 @@
+#!/bin/sh
+# Verify PE/CAB/MSI file signed with the multiple signature.
+
+. $(dirname $0)/../test_library
+
+# PE file
+test_name="561. Verify PE file signed with the multiple signature"
+printf "\n%s\n" "$test_name"
+if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
+  then
+    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
+        script_path=$(pwd)
+        ../../osslsigncode sign -h sha256 \
+            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
+            -in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2
+        ../../osslsigncode sign -h sha384 \
+            -nest \
+            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2
+        ../../osslsigncode sign \
+            -nest \
+            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2'
+    verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \
+	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
+    test_result "$?" "$test_name"
+  else
+    printf "Test skipped\n"
+  fi
+
+# CAB file
+test_name="562. Verify CAB file signed with the multiple signature"
+printf "\n%s\n" "$test_name"
+if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
+  then
+    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
+        script_path=$(pwd)
+        ../../osslsigncode sign -h sha256 \
+            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
+            -in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2
+        ../../osslsigncode sign -h sha384 \
+            -nest \
+            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2
+        ../../osslsigncode sign \
+            -nest \
+            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2'
+    verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \
+	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
+    test_result "$?" "$test_name"
+  else
+    printf "Test skipped\n"
+  fi
+
+# MSI file
+test_name="563. Verify MSI file signed with the multiple signature"
+printf "\n%s\n" "$test_name"
+if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
+  then
+    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
+        script_path=$(pwd)
+        ../../osslsigncode sign -h sha256 \
+            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
+            -in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2
+        ../../osslsigncode sign -h sha384 \
+            -nest \
+            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2
+        ../../osslsigncode sign \
+            -nest \
+            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
+            -ts http://time.certum.pl/ \
+            -ts http://timestamp.digicert.com/ \
+            -verbose \
+            -in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2'
+    verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \
+	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
+    test_result "$?" "$test_name"
+  else
+    printf "Test skipped\n"
+  fi
+
+exit 0
--- a/tests/test_library
+++ b/tests/test_library
@ -118,6 +118,7 @@ verify_signature() {
      if test "$4" = "success" -a "$result" -eq 0
        then
          rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
+          rm -f "test_$2_a.$3" "test_$2_b.$3"
          result=0
        elif test "$4" = "fail" -a "$result" -eq 1
          then