nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

makecerts requirement

Browse Source
This commit is contained in:
olszomal 2020-01-29 19:26:31 +01:00 committed by Michał Trojnara
parent 2bb573219a
commit e7dd72c64d
2 changed files with 165 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
tests/certs/makecerts.sh
View File

@ -1,158 +1,177 @@
#!/bin/sh #!/bin/sh
result=0
test_result() { test_result() {
if [ "$1" == 0 ] if [ "$1" == 0 ]
then then
printf "Succeeded\n" >> "makecerts.log" printf "Succeeded\n" >> "makecerts.log"
else else
printf "Failed\n" >> "makecerts.log" printf "Failed\n" >> "makecerts.log"
fi fi
} }
password=passme make_certs() {
password=passme
result_path=$(pwd) result_path=$(pwd)
cd $(dirname "$0") cd $(dirname "$0")
script_path=$(pwd) script_path=$(pwd)
cd "${result_path}" cd "${result_path}"
mkdir "tmp/" mkdir "tmp/"
# OpenSSL settings # OpenSSL settings
CONF="${script_path}/openssltest.cnf" CONF="${script_path}/openssltest.cnf"
TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
if test -n "$1"; then if test -n "$1"
OPENSSL="$1/bin/openssl" then
LD_LIBRARY_PATH="$1/lib" OPENSSL="$1/bin/openssl"
else LD_LIBRARY_PATH="$1/lib"
else
OPENSSL=openssl
fi
mkdir "demoCA/" 2>> "makecerts.log" 1>&2
touch "demoCA/index.txt"
touch "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
date > "makecerts.log"
$OPENSSL version 2>> "makecerts.log" 1>&2
echo -n "$password" > "password.txt"
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl OPENSSL=openssl
fi CONF="${script_path}/openssltest.cnf"
$OPENSSL req -config $CONF -new -x509 -days 1800 -key demoCA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2'
test_result $?
mkdir "demoCA/" 2>> "makecerts.log" 1>&2 printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
touch "demoCA/index.txt" $OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \
touch "demoCA/index.txt.attr" 2>> "makecerts.log" 1>&2
echo 1000 > "demoCA/serial" test_result $?
date > "makecerts.log" cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
$OPENSSL version 2>> "makecerts.log" 1>&2
echo -n "$password" > "password.txt"
printf "\nGenerate root CA certificate\n" >> "makecerts.log" printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key \ $OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' test_result $?
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssltest.cnf"
$OPENSSL req -config $CONF -new -x509 -days 1800 -key demoCA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2'
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log" printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \ $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \
2>> "makecerts.log" 1>&2 -subj "/C=PL/O=osslsigncode/OU=CA/CN=revoked/emailAddress=revoked@example.com" \
test_result $? 2>> "makecerts.log" 1>&2
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log" $OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
2>> "makecerts.log" 1>&2
$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
2>> "makecerts.log" 1>&2
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log" printf "\nRevoke above certificate\n" >> "makecerts.log"
$OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \ $OPENSSL ca -config $CONF -revoke demoCA/1000.pem \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate a certificate to revoke\n" >> "makecerts.log" printf "\nGenerate CRL file\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \ TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
-subj "/C=PL/O=osslsigncode/OU=CA/CN=revoked/emailAddress=revoked@example.com" \ script_path=$(pwd)
2>> "makecerts.log" 1>&2 OPENSSL=openssl
$OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \ CONF="${script_path}/openssltest.cnf"
2>> "makecerts.log" 1>&2 $OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \ 2>> "makecerts.log" 1>&2'
2>> "makecerts.log" 1>&2
printf "\nRevoke above certificate\n" >> "makecerts.log" printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
$OPENSSL ca -config $CONF -revoke demoCA/1000.pem \ $OPENSSL genrsa -out demoCA/cross.key \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssltest.cnf"
$OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2'
test_result $?
printf "\nGenerate CRL file\n" >> "makecerts.log" printf "\nGenerate code signing certificate\n" >> "makecerts.log"
TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
script_path=$(pwd) -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
OPENSSL=openssl 2>> "makecerts.log" 1>&2
CONF="${script_path}/openssltest.cnf" test_result $?
$OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \ $OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
2>> "makecerts.log" 1>&2' 2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log" printf "\nConvert the key to DER format\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/cross.key \ $OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c ' test_result $?
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssltest.cnf"
$OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=CA@example.com" \
2>> "makecerts.log" 1>&2'
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log" printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \ $OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \ 2>> "makecerts.log" 1>&2
2>> "makecerts.log" 1>&2 test_result $?
test_result $?
$OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the key to DER format\n" >> "makecerts.log" printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \ $OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
test_result $? test_result $?
printf "\nConvert the certificate to DER format\n" >> "makecerts.log" printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
$OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \ $OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \
2>> "makecerts.log" 1>&2 2>> "makecerts.log" 1>&2
test_result $? test_result $?
printf "\nConvert the certificate to SPC format\n" >> "makecerts.log" printf "\nGenerate expired certificate\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \ $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
2>> "makecerts.log" 1>&2 -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=expired/emailAddress=expired@example.com" \
test_result $? 2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log" $OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \ 2>> "makecerts.log" 1>&2
2>> "makecerts.log" 1>&2 test_result $?
test_result $? $OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
2>> "makecerts.log" 1>&2
printf "\nGenerate expired certificate\n" >> "makecerts.log" test_result $?
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=expired/emailAddress=expired@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
2>> "makecerts.log" 1>&2
test_result $?
# copy new files # copy new files
if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/expired.pem ] && [ -s tmp/cert.pem ] && \ if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/expired.pem ] && [ -s tmp/cert.pem ] && \
[ -s tmp/CACertCRL.pem ] && [ -s tmp/revoked.pem ] && \ [ -s tmp/CACertCRL.pem ] && [ -s tmp/revoked.pem ] && [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && \
[ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && \ [ -s tmp/key.der ] && [ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
[ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
then then
cp tmp/* ./ cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated" printf "%s\n" "keys & certificates successfully generated"
printf "%s\n" "./makecerts.sh finished" printf "%s\n" "makecerts.sh finished"
rm -f "makecerts.log" rm -f "makecerts.log"
else else
printf "%s\n" "./makecerts.sh failed" printf "%s\n" "makecerts.sh failed"
printf "%s\n" "error logs ${result_path}/makecerts.log" printf "%s\n" "error logs ${result_path}/makecerts.log"
result=1
fi fi
# remove the working directory # remove the working directory
rm -rf "demoCA/" rm -rf "demoCA/"
rm -rf "tmp/" rm -rf "tmp/"
# restore settings # restore settings
LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
exit $result
}
# Tests requirement
if [ -n "$(command -v faketime)" ]
then
make_certs $1
result=$?
else
printf "%s\n" "faketime not found in \$PATH"
printf "%s\n" "tests skipped, please install faketime package"
result=1
fi
exit $result

23
tests/testall.sh
View File

@ -2,7 +2,7 @@
# mingw64-gcc, gcab, msitools, libgsf, libgsf-devel # mingw64-gcc, gcab, msitools, libgsf, libgsf-devel
# vim-common, libfaketime packages are required # vim-common, libfaketime packages are required
result=1 result=0
count=0 count=0
skip=0 skip=0
fail=0 fail=0
@ -11,6 +11,7 @@ result_path=$(pwd)
cd $(dirname "$0") cd $(dirname "$0")
script_path=$(pwd) script_path=$(pwd)
result_path="${result_path}/logs" result_path="${result_path}/logs"
certs_path="${script_path}/certs"
make_tests() { make_tests() {
for plik in ${script_path}/recipes/* for plik in ${script_path}/recipes/*
@ -22,7 +23,7 @@ make_tests() {
then then
skip=$(grep -c "Test skipped" "results.log") skip=$(grep -c "Test skipped" "results.log")
fail=$(grep -c "Test failed" "results.log") fail=$(grep -c "Test failed" "results.log")
printf "%s\n" "./newtest.sh finished" printf "%s\n" "testall.sh finished"
printf "%s\n" "summary: success $count, skip $skip, fail $fail" printf "%s\n" "summary: success $count, skip $skip, fail $fail"
else # no test was done else # no test was done
result=1 result=1
@ -36,6 +37,23 @@ cd "${result_path}"
date > "results.log" date > "results.log"
../../osslsigncode -v >> "results.log" 2>/dev/null ../../osslsigncode -v >> "results.log" 2>/dev/null
cd ${certs_path}
if [ -s CACert.pem ] && [ -s crosscert.pem ] && [ -s expired.pem ] && [ -s cert.pem ] && \
[ -s CACertCRL.pem ] && [ -s revoked.pem ] && [ -s key.pem ] && [ -s keyp.pem ] && \
[ -s key.der ] && [ -s cert.der ] && [ -s cert.spc ] && [ -s cert.p12 ]
then
printf "%s\n" "keys & certificates path: ${certs_path}"
else
./makecerts.sh $1
result=$?
fi
cd "${result_path}"
if [ "$result" -ne 0 ]
then
exit $result
fi
# PE and CAB files support # PE and CAB files support
if [ -n "$(command -v x86_64-w64-mingw32-gcc)" ] if [ -n "$(command -v x86_64-w64-mingw32-gcc)" ]
then then
@ -91,4 +109,5 @@ if [ -n "$(command -v faketime)" ]
printf "%s\n" "faketime not found in \$PATH" printf "%s\n" "faketime not found in \$PATH"
printf "%s\n" "tests skipped, please install faketime package" printf "%s\n" "tests skipped, please install faketime package"
fi fi
exit $result exit $result