makecerts requirement

2025-04-05 09:08:04 -05:00 · 2020-01-29 19:26:31 +01:00 · 2020-01-29 19:26:31 +01:00 · e7dd72c64d
commit e7dd72c64d
parent 2bb573219a
2 changed files with 165 additions and 127 deletions
--- a/tests/certs/makecerts.sh
+++ b/tests/certs/makecerts.sh
@ -1,158 +1,177 @@
 #!/bin/sh

+result=0
+
 test_result() {
-if [ "$1" == 0 ]
-  then
-    printf "Succeeded\n" >> "makecerts.log"
-  else
-    printf "Failed\n" >> "makecerts.log"
-  fi
+  if [ "$1" == 0 ]
+    then
+      printf "Succeeded\n" >> "makecerts.log"
+    else
+      printf "Failed\n" >> "makecerts.log"
+    fi
 }

-password=passme
-
-result_path=$(pwd)
-cd $(dirname "$0")
-script_path=$(pwd)
-cd "${result_path}"
-mkdir "tmp/"
+make_certs() {
+  password=passme
+  result_path=$(pwd)
+  cd $(dirname "$0")
+  script_path=$(pwd)
+  cd "${result_path}"
+  mkdir "tmp/"

 # OpenSSL settings
-CONF="${script_path}/openssltest.cnf"
-TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
-if test -n "$1"; then
-    OPENSSL="$1/bin/openssl"
-    LD_LIBRARY_PATH="$1/lib"
-else
+  CONF="${script_path}/openssltest.cnf"
+  TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+  if test -n "$1"
+    then
+      OPENSSL="$1/bin/openssl"
+      LD_LIBRARY_PATH="$1/lib"
+    else
+      OPENSSL=openssl
+    fi
+
+  mkdir "demoCA/" 2>> "makecerts.log" 1>&2
+  touch "demoCA/index.txt"
+  touch "demoCA/index.txt.attr"
+  echo 1000 > "demoCA/serial"
+  date > "makecerts.log"
+  $OPENSSL version 2>> "makecerts.log" 1>&2
+  echo -n "$password" > "password.txt"
+
+  printf "\nGenerate root CA certificate\n" >> "makecerts.log"
+  $OPENSSL genrsa -out demoCA/CA.key \
+      2>> "makecerts.log" 1>&2
+  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
+    script_path=$(pwd)
    OPENSSL=openssl
-fi
+    CONF="${script_path}/openssltest.cnf"
+    $OPENSSL req -config $CONF -new -x509 -days 1800 -key demoCA/CA.key -out tmp/CACert.pem \
+        -subj "/C=PL/O=osslsigncode/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
+        2>> "makecerts.log" 1>&2'
+  test_result $?

-mkdir "demoCA/" 2>> "makecerts.log" 1>&2
-touch "demoCA/index.txt"
-touch "demoCA/index.txt.attr"
-echo 1000 > "demoCA/serial"
-date > "makecerts.log"
-$OPENSSL version 2>> "makecerts.log" 1>&2
-echo -n "$password" > "password.txt"
+  printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
+  $OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \
+      2>> "makecerts.log" 1>&2
+  test_result $?
+  cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"

-printf "\nGenerate root CA certificate\n" >> "makecerts.log"
-$OPENSSL genrsa -out demoCA/CA.key \
-    2>> "makecerts.log" 1>&2
-TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-  script_path=$(pwd)
-  OPENSSL=openssl
-  CONF="${script_path}/openssltest.cnf"
-  $OPENSSL req -config $CONF -new -x509 -days 1800 -key demoCA/CA.key -out tmp/CACert.pem \
-      -subj "/C=PL/O=osslsigncode/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
-      2>> "makecerts.log" 1>&2'
-test_result $?
+  printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
+  $OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
-$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \
-    2>> "makecerts.log" 1>&2
-test_result $?
-cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
+  printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
+  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \
+      -subj "/C=PL/O=osslsigncode/OU=CA/CN=revoked/emailAddress=revoked@example.com" \
+      2>> "makecerts.log" 1>&2
+  $OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
+      2>> "makecerts.log" 1>&2
+  $OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
+      2>> "makecerts.log" 1>&2

-printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
-$OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \
-    2>> "makecerts.log" 1>&2
-test_result $?
+  printf "\nRevoke above certificate\n" >> "makecerts.log"
+  $OPENSSL ca -config $CONF -revoke demoCA/1000.pem \
+      2>> "makecerts.log" 1>&2

-printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
-$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \
-    -subj "/C=PL/O=osslsigncode/OU=CA/CN=revoked/emailAddress=revoked@example.com" \
-    2>> "makecerts.log" 1>&2
-$OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
-    2>> "makecerts.log" 1>&2
-$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
-    2>> "makecerts.log" 1>&2
+  printf "\nGenerate CRL file\n" >> "makecerts.log"
+  TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
+    script_path=$(pwd)
+    OPENSSL=openssl
+    CONF="${script_path}/openssltest.cnf"
+    $OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
+        2>> "makecerts.log" 1>&2'

-printf "\nRevoke above certificate\n" >> "makecerts.log"
-$OPENSSL ca -config $CONF -revoke demoCA/1000.pem \
-    2>> "makecerts.log" 1>&2
+  printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
+  $OPENSSL genrsa -out demoCA/cross.key \
+      2>> "makecerts.log" 1>&2
+  TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
+    script_path=$(pwd)
+    OPENSSL=openssl
+   CONF="${script_path}/openssltest.cnf"
+   $OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
+       -subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=CA@example.com" \
+       2>> "makecerts.log" 1>&2'
+  test_result $?

-printf "\nGenerate CRL file\n" >> "makecerts.log"
-TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
-  script_path=$(pwd)
-  OPENSSL=openssl
-  CONF="${script_path}/openssltest.cnf"
-  $OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
-      2>> "makecerts.log" 1>&2'
+  printf "\nGenerate code signing certificate\n" >> "makecerts.log"
+  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
+      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
+      2>> "makecerts.log" 1>&2
+  test_result $?
+  $OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
+      2>> "makecerts.log" 1>&2
+  test_result $?
+  $OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
-$OPENSSL genrsa -out demoCA/cross.key \
-    2>> "makecerts.log" 1>&2
-TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
-  script_path=$(pwd)
-  OPENSSL=openssl
-  CONF="${script_path}/openssltest.cnf"
-$OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
-    -subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=CA@example.com" \
-    2>> "makecerts.log" 1>&2'
-test_result $?
+  printf "\nConvert the key to DER format\n" >> "makecerts.log"
+  $OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nGenerate code signing certificate\n" >> "makecerts.log"
-$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
-    -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=localhost/emailAddress=osslsigncode@example.com" \
-    2>> "makecerts.log" 1>&2
-test_result $?
-$OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
-    2>> "makecerts.log" 1>&2
-test_result $?
-$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
-    2>> "makecerts.log" 1>&2
-test_result $?
+  printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
+  $OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nConvert the key to DER format\n" >> "makecerts.log"
-$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \
-    2>> "makecerts.log" 1>&2
-test_result $?
+  printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
+  $OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
-$OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
-    2>> "makecerts.log" 1>&2
-test_result $?
+  printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
+  $OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \
+      2>> "makecerts.log" 1>&2
+  test_result $?

-printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
-$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
-    2>> "makecerts.log" 1>&2
-test_result $?
-
-printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
-$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \
-    2>> "makecerts.log" 1>&2
-test_result $?
-
-printf "\nGenerate expired certificate\n" >> "makecerts.log"
-$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
-    -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=expired/emailAddress=expired@example.com" \
-    2>> "makecerts.log" 1>&2
-test_result $?
-$OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
-    2>> "makecerts.log" 1>&2
-test_result $?
-$OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
-    2>> "makecerts.log" 1>&2
-test_result $?
+  printf "\nGenerate expired certificate\n" >> "makecerts.log"
+  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
+      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CA/CN=expired/emailAddress=expired@example.com" \
+      2>> "makecerts.log" 1>&2
+  test_result $?
+  $OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
+      2>> "makecerts.log" 1>&2
+  test_result $?
+  $OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
+      2>> "makecerts.log" 1>&2
+  test_result $?

 # copy new files
-if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/expired.pem ] && [ -s tmp/cert.pem ] && \
-    [ -s tmp/CACertCRL.pem ] && [ -s tmp/revoked.pem ] && \
-    [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && [ -s tmp/key.der ] && \
-    [ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
+  if [ -s tmp/CACert.pem ] && [ -s tmp/crosscert.pem ] && [ -s tmp/expired.pem ] && [ -s tmp/cert.pem ] && \
+    [ -s tmp/CACertCRL.pem ] && [ -s tmp/revoked.pem ] && [ -s tmp/key.pem ] && [ -s tmp/keyp.pem ] && \
+    [ -s tmp/key.der ] && [ -s tmp/cert.der ] && [ -s tmp/cert.spc ] && [ -s tmp/cert.p12 ]
  then
    cp tmp/* ./
    printf "%s\n" "keys & certificates successfully generated"
-    printf "%s\n" "./makecerts.sh finished"
+    printf "%s\n" "makecerts.sh finished"
    rm -f "makecerts.log"
  else
-    printf "%s\n" "./makecerts.sh failed"
+    printf "%s\n" "makecerts.sh failed"
    printf "%s\n" "error logs ${result_path}/makecerts.log"
+    result=1
  fi

 # remove the working directory
-rm -rf "demoCA/"
-rm -rf "tmp/"
+  rm -rf "demoCA/"
+  rm -rf "tmp/"

 # restore settings
-LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
+  LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
+
+  exit $result
+}
+
+# Tests requirement
+if [ -n "$(command -v faketime)" ]
+  then
+    make_certs $1
+    result=$?
+  else
+    printf "%s\n" "faketime not found in \$PATH"
+    printf "%s\n" "tests skipped, please install faketime package"
+    result=1
+  fi
+
+exit $result
--- a/tests/testall.sh
+++ b/tests/testall.sh
@ -2,7 +2,7 @@
 # mingw64-gcc, gcab, msitools, libgsf, libgsf-devel
 # vim-common, libfaketime packages are required

-result=1
+result=0
 count=0
 skip=0
 fail=0
@ -11,6 +11,7 @@ result_path=$(pwd)
 cd $(dirname "$0")
 script_path=$(pwd)
 result_path="${result_path}/logs"
+certs_path="${script_path}/certs"

 make_tests() {
  for plik in ${script_path}/recipes/*
@ -22,7 +23,7 @@ make_tests() {
    then
      skip=$(grep -c "Test skipped" "results.log")
      fail=$(grep -c "Test failed" "results.log")
-      printf "%s\n" "./newtest.sh finished"
+      printf "%s\n" "testall.sh finished"
      printf "%s\n" "summary: success $count, skip $skip, fail $fail"
    else # no test was done
      result=1
@ -36,6 +37,23 @@ cd "${result_path}"
 date > "results.log"
 ../../osslsigncode -v >> "results.log" 2>/dev/null

+cd ${certs_path}
+if [ -s CACert.pem ] && [ -s crosscert.pem ] && [ -s expired.pem ] && [ -s cert.pem ] && \
+    [ -s CACertCRL.pem ] && [ -s revoked.pem ] && [ -s key.pem ] && [ -s keyp.pem ] && \
+    [ -s key.der ] && [ -s cert.der ] && [ -s cert.spc ] && [ -s cert.p12 ]
+  then
+    printf "%s\n" "keys & certificates path: ${certs_path}"
+  else
+    ./makecerts.sh $1
+    result=$?
+  fi
+cd "${result_path}"
+
+if [ "$result" -ne 0 ]
+  then
+    exit $result
+  fi
+
 # PE and CAB files support
 if [ -n "$(command -v x86_64-w64-mingw32-gcc)" ]
  then
@ -91,4 +109,5 @@ if [ -n "$(command -v faketime)" ]
    printf "%s\n" "faketime not found in \$PATH"
    printf "%s\n" "tests skipped, please install faketime package"
  fi
+
 exit $result