nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Merge pull request #41 from olszomal/tests

Browse Source 
Improved tests
This commit is contained in:
Michał Trojnara 2020-05-18 08:06:21 +02:00 committed by GitHub
commit cf331d0064
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 70 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
osslsigncode.c
View File

@ -1005,6 +1005,7 @@ static void usage(const char *argv0, const char *cmd)
printf("%12s[ -t <timestampurl> [ -t ... ] [ -p <proxy> ] [ -noverifypeer ]\n", "");
printf("%12s[ -ts <timestampurl> [ -ts ... ] [ -p <proxy> ] [ -noverifypeer ] ]\n", "");
#endif /* ENABLE_CURL */
printf("%12s[ -verbose ]\n", "");
printf("%12s[ -in ] <infile> [ -out ] <outfile>\n\n", "");
}
if (on_list(cmd, cmds_attach)) {
@ -1083,7 +1084,7 @@ static void help_for(const char *argv0, const char *cmd)
const char *cmds_ts[] = {"add", "sign", NULL};
#endif /* ENABLE_CURL */
const char *cmds_untrusted[] = {"attach-signature", "verify", NULL};
const char *cmds_verbose[] = {"sign", "verify", NULL};
const char *cmds_verbose[] = {"add", "sign", "verify", NULL};
if (on_list(cmd, cmds_all)) {
printf("osslsigncode is a small tool that implements part of the functionality of the Microsoft\n");
@ -1649,7 +1650,7 @@ static int verify_leaf_hash(X509 *leaf, const char *leafhash)
/* compare the provided hash against the computed hash */
if (memcmp(mdbuf, cmdbuf, EVP_MD_size(md))) {
tohex(cmdbuf, hexbuf, EVP_MD_size(md));
printf("Hash value mismatch: %s computed\n", hexbuf);
printf("\nHash value mismatch: %s computed\n", hexbuf);
ret = 1;
goto out;
}
@ -4844,7 +4845,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS
options->addBlob = 1;
} else if ((*cmd == CMD_SIGN || *cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) {
options->nest = 1;
} else if ((*cmd == CMD_SIGN || *cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) {
} else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) {
options->verbose = 1;
#ifdef WITH_GSF
} else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-add-msi-dse")) {

12
tests/recipes/07_sign_timestamp
View File

@ -13,9 +13,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2
verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -30,9 +32,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -47,9 +51,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_073.msi"
verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

12
tests/recipes/08_sign_rfc3161
View File

@ -17,9 +17,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_081.exe"
verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_082.ex_"
verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -51,9 +55,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_083.msi"
verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

4
tests/recipes/12_sign_readpass_pem
View File

@ -29,7 +29,7 @@ if test -s "test.ex_"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "test.ex_" -out "test_122.ex_"
verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
@ -46,7 +46,7 @@ if test -s "sample.msi"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "sample.msi" -out "test_123.msi"
verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"

12
tests/recipes/37_add_signature_timestamp
View File

@ -15,9 +15,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-in "test.exe" -out "test_371_signed.exe" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_371_signed.exe" -out "test_371.exe"
verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -53,9 +57,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

12
tests/recipes/38_add_signature_rfc3161
View File

@ -15,9 +15,11 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-in "test.exe" -out "test_381_signed.exe"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_381_signed.exe" -out "test_381.exe"
verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -34,9 +36,11 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -53,9 +57,11 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

2
tests/recipes/46_verify_timestamp
View File

@ -14,6 +14,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_461.exe"
verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"

2
tests/recipes/47_verify_rfc3161
View File

@ -14,6 +14,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_471.exe"
verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"

6
tests/recipes/52_verify_timestamp
View File

@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_523.msi"'
verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"

6
tests/recipes/53_verify_rfc3161
View File

@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_533.msi"'
verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"

6
tests/recipes/54_verify_expired
View File

@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_543.msi"'
verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"

6
tests/recipes/55_verify_revoked
View File

@ -13,6 +13,8 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -31,6 +33,8 @@ if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
@ -49,6 +53,8 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_553.msi"'
verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"