From f004aa3f48d23079d90ecb177d43309ec105e4ef Mon Sep 17 00:00:00 2001 From: olszomal Date: Fri, 8 Jan 2021 13:55:45 +0100 Subject: [PATCH] new testing framework --- tests/recipes/01_sign_pem | 101 +++++++--------- tests/recipes/02_sign_pass | 106 +++++++--------- tests/recipes/03_sign_der | 106 +++++++--------- tests/recipes/04_sign_spc_pvk | 108 +++++++---------- tests/recipes/05_sign_pkcs12 | 105 +++++++--------- tests/recipes/06_test_sha256sum | 83 ++++--------- tests/recipes/07_sign_timestamp | 116 ++++++++---------- tests/recipes/08_sign_rfc3161 | 116 ++++++++---------- tests/recipes/09_sign_page_hashes | 47 ++++---- tests/recipes/10_sign_blob | 107 +++++++---------- tests/recipes/11_sign_nest | 94 +++++---------- tests/recipes/12_sign_readpass_pem | 107 +++++++---------- tests/recipes/13_sign_readpass_pkcs12 | 106 +++++++--------- tests/recipes/14_sign_descryption | 106 +++++++--------- tests/recipes/15_sign_url | 106 +++++++--------- tests/recipes/16_sign_comm | 112 +++++++---------- tests/recipes/17_sign_crosscertfile | 106 +++++++--------- tests/recipes/21_sign_hash_md5 | 63 ++++++---- tests/recipes/22_sign_hash_sha1 | 63 ++++++---- tests/recipes/23_sign_hash_sha2 | 63 ++++++---- tests/recipes/24_sign_hash_sha384 | 63 ++++++---- tests/recipes/25_sign_hash_sha512 | 63 ++++++---- tests/recipes/26_extract_signature_pem | 101 +++++++--------- tests/recipes/27_extract_signature_der | 100 +++++++--------- tests/recipes/31_attach_signature_der | 98 ++++++++------- tests/recipes/32_attach_signature_pem | 98 ++++++++------- tests/recipes/33_attach_signed | 109 ++++++++--------- tests/recipes/34_attach_nest | 100 +++++----------- tests/recipes/35_remove_signature | 98 +++++++-------- tests/recipes/36_varia_sha256sum | 73 ++++-------- tests/recipes/37_add_signature_timestamp | 126 ++++++++----------- tests/recipes/38_add_signature_rfc3161 | 125 ++++++++----------- tests/recipes/39_add_signature_blob | 115 +++++++----------- tests/recipes/40_verify_leaf_hash | 96 +++++++-------- tests/recipes/41_sign_add_msi_dse | 47 ++++---- tests/recipes/42_sign_jp_low | 50 ++++---- tests/recipes/45_verify_fake_pe | 51 ++++---- tests/recipes/46_verify_timestamp | 56 +++++---- tests/recipes/47_verify_rfc3161 | 53 ++++---- tests/recipes/51_verify_time | 108 +++++++---------- tests/recipes/52_verify_timestamp | 126 ++++++++----------- tests/recipes/53_verify_rfc3161 | 126 ++++++++----------- tests/recipes/54_verify_expired | 126 ++++++++----------- tests/recipes/55_verify_revoked | 126 ++++++++----------- tests/recipes/56_verify_multiple | 146 ++++++++--------------- tests/test_library | 70 +++++------ tests/testall.sh | 36 ++++-- 47 files changed, 1920 insertions(+), 2487 deletions(-) diff --git a/tests/recipes/01_sign_pem b/tests/recipes/01_sign_pem index 9aaf77e..06ad8fe 100644 --- a/tests/recipes/01_sign_pem +++ b/tests/recipes/01_sign_pem @@ -1,72 +1,53 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format. +# Sign a file with a certificate and a private key in the PEM format. # -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=1 -# PE file -test_name="011. Sign a PE file with the certificate and private key files in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_011.exe" - verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="012. Sign a CAB file with the certificate and private key files in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_012.ex_" - verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="013. Sign a MSI file with the certificate and private key files in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_013.msi" - verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="014. Sign a CAT file with the certificate and private key files in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_014.cat" - verify_signature "$?" "014" "cat" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/02_sign_pass b/tests/recipes/02_sign_pass index a31a38c..61121a6 100644 --- a/tests/recipes/02_sign_pass +++ b/tests/recipes/02_sign_pass @@ -1,75 +1,53 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format. +# Sign a file with an encrypted private key in the PEM format. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=2 -# PE file -test_name="021. Sign a PE file with the encrypted private key file in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "test.exe" -out "test_021.exe" - verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="022. Sign a CAB file with the encrypted private key file in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "test.ex_" -out "test_022.ex_" - verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="023. Sign a MSI file with the encrypted private key file in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "sample.msi" -out "test_023.msi" - verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ + -pass passme \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="024. Sign a CAT file with the encrypted private key file in the PEM format" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "good.cat" -out "test_024.cat" - verify_signature "$?" "024" "cat" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/03_sign_der b/tests/recipes/03_sign_der index 7c38e9d..e066ea8 100644 --- a/tests/recipes/03_sign_der +++ b/tests/recipes/03_sign_der @@ -1,76 +1,54 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the encrypted private key file in the DER format. +# Sign a file with an encrypted private key in the DER format. # Requires OpenSSL 1.0.0 or later . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=3 -# PE file -test_name="031. Sign a PE file with the encrypted private key file in the DER format" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -pass passme \ - -in "test.exe" -out "test_031.exe" - verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="032. Sign a CAB file with the encrypted private key file in the DER format" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -pass passme \ - -in "test.ex_" -out "test_032.ex_" - verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with an encrypted private key in the DER format" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="033. Sign a MSI file with the encrypted private key file in the DER format" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -pass passme \ - -in "sample.msi" -out "test_033.msi" - verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ + -pass passme \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="034. Sign a CAT file with the encrypted private key file in the DER format" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -pass passme \ - -in "good.cat" -out "test_034.cat" - verify_signature "$?" "034" "cat" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/04_sign_spc_pvk b/tests/recipes/04_sign_spc_pvk index 5d3364c..2dac29b 100644 --- a/tests/recipes/04_sign_spc_pvk +++ b/tests/recipes/04_sign_spc_pvk @@ -1,76 +1,54 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the certificate file in the SPC format -# and the private key file in the Microsoft Private Key (PVK) format. +# Sign a file with a certificate in the SPC format +# and a private key in the Microsoft Private Key (PVK) format. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=4 -# PE file -test_name="041. Sign a PE file a SPC certificate file and a PVK private key file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ - -pass passme \ - -in "test.exe" -out "test_041.exe" - verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ - -pass passme \ - -in "test.ex_" -out "test_042.ex_" - verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ - -pass passme \ - -in "sample.msi" -out "test_043.msi" - verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ + -pass passme \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="044. Sign a CAT file a SPC certificate file and a PVK private key file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ - -pass passme \ - -in "good.cat" -out "test_044.cat" - verify_signature "$?" "044" "cat" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/05_sign_pkcs12 b/tests/recipes/05_sign_pkcs12 index b57363e..8d98c9f 100644 --- a/tests/recipes/05_sign_pkcs12 +++ b/tests/recipes/05_sign_pkcs12 @@ -1,74 +1,53 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container. +# Sign a file with a certificate and a key stored in a PKCS#12 container. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=5 -# PE file -test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -pkcs12 "${script_path}/../certs/cert.p12" -pass passme \ - -in "test.exe" -out "test_051.exe" - verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -pass passme \ - -in "test.ex_" -out "test_052.ex_" - verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -pass passme \ - -in "sample.msi" -out "test_053.msi" - verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -pkcs12 "${script_path}/../certs/cert.p12" \ + -pass passme \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="054. Sign a CAT file with a certificate and key stored in a PKCS#12 container" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -pass passme \ - -in "good.cat" -out "test_054.cat" - verify_signature "$?" "054" "cat" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/06_test_sha256sum b/tests/recipes/06_test_sha256sum index 631b381..d2b88a8 100644 --- a/tests/recipes/06_test_sha256sum +++ b/tests/recipes/06_test_sha256sum @@ -2,66 +2,33 @@ # Checking SHA256 message digests for 01x-05x tests . $(dirname $0)/../test_library -res=0 -skip=0 -test_name="061. Checking SHA256 message digests for 01x-05x tests" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 +script_path=$(pwd) +result=0 +test_nr=6 + +for file in ${script_path}/../logs/sha256sum/*.* + do + name="${file##*/}" + case $name in + "cat.log") filetype=CAT; format_nr=1 ;; + "msi.log") filetype=MSI; format_nr=2 ;; + "ex_.log") filetype=CAB; format_nr=3 ;; + "exe.log") filetype=PE; format_nr=4 ;; + "ps1.log") filetype=TXT; format_nr=5 ;; + esac + + number="$test_nr$format_nr" + test_name="Checking SHA256 message digests for a $filetype file test" + printf "\n%03d. %s\n" "$number" "$test_name" + + if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1 then - res=1 - cat "sha256sum_exe.log" >> "results.log" + result=1 + cat "sha256sum/$name" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" fi - rm -f "sha256sum_exe.log" - else - skip=$(($skip+1)) - fi + rm -f "sha256sum/$name" + test_result "$result" "$number" "$test_name" + done -if test -s "test.ex_" - then - if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - res=1 - cat "sha256sum_ex_.log" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum_ex_.log" - else - skip=$(($skip+1)) - fi - -if test -s "sample.msi" - then - if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - res=1 - cat "sha256sum_msi.log" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum_msi.log" - else - skip=$(($skip+1)) - fi - -if test -s "good.cat" - then - if test $(cat "sha256sum_cat.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - res=1 - cat "sha256sum_cat.log" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum_cat.log" - else - skip=$(($skip+1)) - fi - -if test $skip -lt 4 - then - test_result "$res" "$test_name" - else - printf "Test skipped\n" - fi exit 0 diff --git a/tests/recipes/07_sign_timestamp b/tests/recipes/07_sign_timestamp index 05417a2..2428bc8 100644 --- a/tests/recipes/07_sign_timestamp +++ b/tests/recipes/07_sign_timestamp @@ -1,83 +1,61 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with Authenticode timestamping +# Sign a file with Authenticode timestamping . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=7 -# PE file -test_name="071. Sign a PE file with Authenticode timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with Authenticode timestamping" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2 - verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -test_name="072. Sign a CAB file with Authenticode timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2 - verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" - fi - -# MSI file -test_name="073. Sign a MSI file with Authenticode timestamping" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_073.msi" - verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -test_name="074. Sign a CAT file with Authenticode timestamping" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_074.cat" - verify_signature "$?" "074" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Sign a file with Authenticode timestamping" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/08_sign_rfc3161 b/tests/recipes/08_sign_rfc3161 index cd71023..d004a02 100644 --- a/tests/recipes/08_sign_rfc3161 +++ b/tests/recipes/08_sign_rfc3161 @@ -1,5 +1,5 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with RFC 3161 timestamping +# Sign a file with RFC 3161 timestamping # An RFC3161 timestamp server provides an essential function in protecting # data records for the long-term. It provides proof that the data existed # at a particular moment in time and that it has not changed, even by @@ -7,81 +7,59 @@ . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=8 -# PE file -test_name="081. Sign a PE file with RFC 3161 timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with RFC 3161 timestamping" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_081.exe" - verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -test_name="082. Sign a CAB file with RFC 3161 timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_082.ex_" - verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" - fi - -# MSI file -test_name="083. Sign a MSI file with RFC 3161 timestamping" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_083.msi" - verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -test_name="084. Sign a CAT file with RFC 3161 timestamping" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_084.cat" - verify_signature "$?" "084" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Sign a file with RFC 3161 timestamping" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/09_sign_page_hashes b/tests/recipes/09_sign_page_hashes index cb1e3ec..d99881d 100644 --- a/tests/recipes/09_sign_page_hashes +++ b/tests/recipes/09_sign_page_hashes @@ -1,32 +1,33 @@ #!/bin/sh -# Generate page hashes for a PE file +# Generate page hashes for a file . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=9 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "exe") filetype=PE; format_nr=4 ;; + *) continue ;; # Warning: -ph option is only valid for PE files + esac + + number="$test_nr$format_nr" + test_name="Generate page hashes for a $filetype file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="091. Generate page hashes for a PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 -ph \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_091.exe" - verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -# Warning: -ph option is only valid for PE files - -# MSI file -# Warning: -ph option is only valid for PE files - -# CAT file -# Warning: -ph option is only valid for PE files + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/10_sign_blob b/tests/recipes/10_sign_blob index b3fec94..6265b38 100644 --- a/tests/recipes/10_sign_blob +++ b/tests/recipes/10_sign_blob @@ -1,76 +1,53 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with addUnauthenticatedBlob. +# Sign a file with addUnauthenticatedBlob. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=10 -# PE file -test_name="101. Sign a PE file with addUnauthenticatedBlob" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2 - verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="102. Sign a CAB file with addUnauthenticatedBlob" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2 - verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with addUnauthenticatedBlob" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="103. Sign a MSI file with addUnauthenticatedBlob" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2 - verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -addUnauthenticatedBlob \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -# The message digest is checked by PKCS7_verify() -test_name="104. Sign a CAT file with addUnauthenticatedBlob" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -addUnauthenticatedBlob \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_104.cat" 2>> "results.log" 1>&2 - verify_signature "$?" "104" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/11_sign_nest b/tests/recipes/11_sign_nest index 8cddaa6..4b2d94e 100644 --- a/tests/recipes/11_sign_nest +++ b/tests/recipes/11_sign_nest @@ -1,74 +1,42 @@ #!/bin/sh -# Sign a PE/CAB/MSI file twice with the "nest" flag in the second time +# Sign a file twice with the "nest" flag in the second time # in order to add the new signature instead of replacing the first one. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=11 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Warning: CAT files do not support nesting + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Warning: TXT files do not support nesting + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with the nest flag" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="111. Sign a PE file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_111_signed.exe" + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "signed_$number.$ext" ../../osslsigncode sign -h sha512 \ - -nest \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test_111_signed.exe" -out "test_111.exe" - verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -nest \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="112. Sign a CAB file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_112_signed.ex_" - ../../osslsigncode sign -h sha512 \ - -nest \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test_112_signed.ex_" -out "test_112.ex_" - verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="113. Sign a MSI file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_113_signed.msi" - ../../osslsigncode sign -h sha512 \ - -nest \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test_113_signed.msi" -out "test_113.msi" - verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Warning: CAT files do not support nesting + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/12_sign_readpass_pem b/tests/recipes/12_sign_readpass_pem index 2363a55..94f73c1 100644 --- a/tests/recipes/12_sign_readpass_pem +++ b/tests/recipes/12_sign_readpass_pem @@ -1,75 +1,54 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file. +# Sign a file with a PEM key and a password read from password.txt file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=12 -# PE file -test_name="121. Sign a PE file with the PEM key file and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_121.exe" - verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="122. Sign a CAB file with a PEM key file and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -in "test.ex_" -out "test_122.ex_" - verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="123. Sign a MSI file with a PEM key file and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -in "sample.msi" -out "test_123.msi" - verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -addUnauthenticatedBlob \ + -readpass "${script_path}/../certs/password.txt" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="124. Sign a CAT file with a PEM key file and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -in "good.cat" -out "test_124.cat" - verify_signature "$?" "124" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/13_sign_readpass_pkcs12 b/tests/recipes/13_sign_readpass_pkcs12 index 4b92580..f958cf6 100644 --- a/tests/recipes/13_sign_readpass_pkcs12 +++ b/tests/recipes/13_sign_readpass_pkcs12 @@ -1,76 +1,54 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container +# Sign a file with the certificate and key stored in a PKCS#12 container # and a password read from password.txt file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=13 -# PE file -test_name="131. Sign a PE file with a PKCS#12 container and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -in "test.exe" -out "test_131.exe" - verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -in "test.ex_" -out "test_132.ex_" - verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -in "sample.msi" -out "test_133.msi" - verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -readpass "${script_path}/../certs/password.txt" \ + -pkcs12 "${script_path}/../certs/cert.p12" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="134. Sign a CAT file with a PKCS#12 container and the file with a password" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -readpass "${script_path}/../certs/password.txt" \ - -pkcs12 "${script_path}/../certs/cert.p12" \ - -in "good.cat" -out "test_134.cat" - verify_signature "$?" "134" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/14_sign_descryption b/tests/recipes/14_sign_descryption index d718ea3..a5e256f 100644 --- a/tests/recipes/14_sign_descryption +++ b/tests/recipes/14_sign_descryption @@ -1,75 +1,53 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with a descryption +# Sign a file with a descryption. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=14 -# PE file -test_name="141. Sign a PE file with a descryption" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -n "DESCRYPTION_TEXT" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_141.exe" - verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="142. Sign a CAB file with a descryption" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -n "DESCRYPTION_TEXT" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_142.ex_" - verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with a descryption" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="143. Sign a MSI file with a descryption" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -n "DESCRYPTION_TEXT" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_143.msi" - verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -n "DESCRYPTION_TEXT" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="144. Sign a CAT file with a descryption" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -n "DESCRYPTION_TEXT" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_144.cat" - verify_signature "$?" "144" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/15_sign_url b/tests/recipes/15_sign_url index f0181c0..31a2f0f 100644 --- a/tests/recipes/15_sign_url +++ b/tests/recipes/15_sign_url @@ -1,76 +1,54 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content +# Sign a file with specified URL for expanded description of the signed content # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=15 -# PE file -test_name="151. Sign a PE file with specified URL" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -i "https://www.osslsigncode.com/" \ - -in "test.exe" -out "test_151.exe" - verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="152. Sign a CAB file with specified URL" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -i "https://www.osslsigncode.com/" \ - -in "test.ex_" -out "test_152.ex_" - verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with specified URL" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="153. Sign a MSI file with specified URL" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -i "https://www.osslsigncode.com/" \ - -in "sample.msi" -out "test_153.msi" - verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -i "https://www.osslsigncode.com/" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="154. Sign a CAT file with specified URL" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -i "https://www.osslsigncode.com/" \ - -in "good.cat" -out "test_154.cat" - verify_signature "$?" "154" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/16_sign_comm b/tests/recipes/16_sign_comm index 108a560..4b2d150 100644 --- a/tests/recipes/16_sign_comm +++ b/tests/recipes/16_sign_comm @@ -1,78 +1,58 @@ #!/bin/sh -# Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID +# Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID # object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11" -# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15" -# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16" +# changes default Microsoft Individual Code Signing: +# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15" +# sets Microsoft Commercial Code Signing: +# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16" . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=16 -# PE file -test_name="161. Sign a PE file with the common purpose set" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -comm \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_161.exe" - verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="162. Sign a CAB file with the common purpose set" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -comm \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_162.ex_" - verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with the common purpose set" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="163. Sign a MSI file with the common purpose set" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -comm \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_163.msi" - verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -comm \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="164. Sign a CAT file with the common purpose set" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -comm \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_164.cat" - verify_signature "$?" "164" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/17_sign_crosscertfile b/tests/recipes/17_sign_crosscertfile index 3f3b6d7..0476311 100644 --- a/tests/recipes/17_sign_crosscertfile +++ b/tests/recipes/17_sign_crosscertfile @@ -1,77 +1,55 @@ #!/bin/sh -# Add an additional certificate to the signature block of the PE/CAB/MSI file. +# Add an additional certificate to the signature block of the file. # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps # https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=17 -# PE file -test_name="171. Add an additional certificate to the signature block of the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ac "${script_path}/../certs/crosscert.pem" \ - -in "test.exe" -out "test_171.exe" - verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="172. Add an additional certificate to the signature block of the CAB file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ac "${script_path}/../certs/crosscert.pem" \ - -in "test.ex_" -out "test_172.ex_" - verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Add an additional certificate to the signature block of a $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="173. Add an additional certificate to the signature block of the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ac "${script_path}/../certs/crosscert.pem" \ - -in "sample.msi" -out "test_173.msi" - verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -ac "${script_path}/../certs/crosscert.pem" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="174. Add an additional certificate to the signature block of the CAT file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ac "${script_path}/../certs/crosscert.pem" \ - -in "good.cat" -out "test_174.cat" - verify_signature "$?" "174" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/21_sign_hash_md5 b/tests/recipes/21_sign_hash_md5 index 2249940..8c56c10 100644 --- a/tests/recipes/21_sign_hash_md5 +++ b/tests/recipes/21_sign_hash_md5 @@ -1,29 +1,52 @@ #!/bin/sh -# Sign a PE file with MD5 set of cryptographic hash functions. +# Sign a file with MD5 set of cryptographic hash functions. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=21 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="211. Sign a PE file with MD5 set of cryptographic hash functions" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h md5 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_211.exe" - verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file - -# MSI file - -# CAT file + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "MD5" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/22_sign_hash_sha1 b/tests/recipes/22_sign_hash_sha1 index ee6d8b4..7c89f68 100644 --- a/tests/recipes/22_sign_hash_sha1 +++ b/tests/recipes/22_sign_hash_sha1 @@ -1,29 +1,52 @@ #!/bin/sh -# Sign a PE file with SHA1 set of cryptographic hash functions. +# Sign a file with SHA1 set of cryptographic hash functions. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=22 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha1 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_221.exe" - verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file - -# MSI file - -# CAT file + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/23_sign_hash_sha2 b/tests/recipes/23_sign_hash_sha2 index cb0cc76..1242c7d 100644 --- a/tests/recipes/23_sign_hash_sha2 +++ b/tests/recipes/23_sign_hash_sha2 @@ -1,29 +1,52 @@ #!/bin/sh -# Signing a PE file with SHA1 set of cryptographic hash functions. +# Signing a file with SHA2 set of cryptographic hash functions. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=23 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha2 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_231.exe" - verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file - -# MSI file - -# CAT file + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/24_sign_hash_sha384 b/tests/recipes/24_sign_hash_sha384 index 38193a7..38fd7dd 100644 --- a/tests/recipes/24_sign_hash_sha384 +++ b/tests/recipes/24_sign_hash_sha384 @@ -1,29 +1,52 @@ #!/bin/sh -# Sign a PE file with SHA384 set of cryptographic hash functions. +# Sign a file with SHA384 set of cryptographic hash functions. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=24 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha384 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_241.exe" - verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file - -# MSI file - -# CAT file + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/25_sign_hash_sha512 b/tests/recipes/25_sign_hash_sha512 index 12f77c6..b267ca4 100644 --- a/tests/recipes/25_sign_hash_sha512 +++ b/tests/recipes/25_sign_hash_sha512 @@ -1,29 +1,52 @@ #!/bin/sh -# Sign a PE file with SHA512 set of cryptographic hash functions. +# Sign a file with SHA512 set of cryptographic hash functions. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=25 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_251.exe" - verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file - -# MSI file - -# CAT file + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/26_extract_signature_pem b/tests/recipes/26_extract_signature_pem index 102ccf3..a47a03b 100644 --- a/tests/recipes/26_extract_signature_pem +++ b/tests/recipes/26_extract_signature_pem @@ -1,64 +1,55 @@ #!/bin/sh -# Extract the signature in the PEM format from the PE/CAB/MSI file. +# Extract the signature in the PEM format. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=26 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Extract the PEM signature from the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="261. Extract the PEM signature from the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_261.exe" && \ - ../../osslsigncode extract-signature -pem \ - -in "test_261.exe" -out "sign_pe.pem" - verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + ../../osslsigncode extract-signature \ + -pem \ + -in "test_$number.$ext" -out "sign_$format_nr.pem" + result=$? -# CAB file -test_name="262. Extract the PEM signature from the CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_262.ex_" && \ - ../../osslsigncode extract-signature -pem \ - -in "test_262.ex_" -out "sign_cab.pem" - verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="263. Extract the PEM signature from the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_263.msi" && \ - ../../osslsigncode extract-signature -pem \ - -in "test_263.msi" -out "sign_msi.pem" - verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/27_extract_signature_der b/tests/recipes/27_extract_signature_der index bb9e139..216429a 100644 --- a/tests/recipes/27_extract_signature_der +++ b/tests/recipes/27_extract_signature_der @@ -1,64 +1,54 @@ #!/bin/sh -# Extract the signature in the DER format from the PE/CAB/MSI file. +# Extract the signature in the DER format. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=27 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Extract the DER signature from the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="271. Extract the DER signature from the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_271.exe" && \ - ../../osslsigncode extract-signature \ - -in "test_271.exe" -out "sign_pe.der" - verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + ../../osslsigncode extract-signature\ + -in "test_$number.$ext" -out "sign_$format_nr.der" + result=$? -# CAB file -test_name="272. Extract the DER signature from the CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_272.ex_" && \ - ../../osslsigncode extract-signature \ - -in "test_272.ex_" -out "sign_cab.der" - verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="273. Extract the DER signature from the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha512 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_273.msi" && \ - ../../osslsigncode extract-signature \ - -in "test_273.msi" -out "sign_msi.der" - verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/31_attach_signature_der b/tests/recipes/31_attach_signature_der index 8e86959..37a0477 100644 --- a/tests/recipes/31_attach_signature_der +++ b/tests/recipes/31_attach_signature_der @@ -1,61 +1,57 @@ #!/bin/sh -# Attach the DER signature to the PE/CAB/MSI file. +# Attach the DER signature to the file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=31 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Attach the DER signature to the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="311. Attach the DER signature to the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode attach-signature \ - -sigin "sign_pe.der" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test.exe" -out "test_311.exe" - verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -sigin "sign_$format_nr.der" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -test_name="312. Attach the DER signature to the CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode attach-signature \ - -sigin "sign_cab.der" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test.ex_" -out "test_312.ex_" - verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$result" -ne 0; then + cp "sign_$format_nr.der" "sign_$number.der" + fi -# MSI file -test_name="313. Attach the DER signature to the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode attach-signature \ - -sigin "sign_msi.der" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "sample.msi" -out "test_313.msi" - verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/32_attach_signature_pem b/tests/recipes/32_attach_signature_pem index 0415341..3f98628 100644 --- a/tests/recipes/32_attach_signature_pem +++ b/tests/recipes/32_attach_signature_pem @@ -1,61 +1,57 @@ #!/bin/sh -# Attach the PEM signature to the PE/CAB/MSI file. +# Attach the PEM signature to the file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=32 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Attach the PEM signature to the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="321. Attach the PEM signature to the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode attach-signature \ - -sigin "sign_pe.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test.exe" -out "test_321.exe" - verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -sigin "sign_$format_nr.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -test_name="322. Attach the PEM signature to the CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode attach-signature \ - -sigin "sign_cab.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test.ex_" -out "test_322.ex_" - verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$result" -ne 0; then + cp "sign_$format_nr.der" "sign_$number.der" + fi -# MSI file -test_name="323. Attach the PEM signature to the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode attach-signature \ - -sigin "sign_msi.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "sample.msi" -out "test_323.msi" - verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/33_attach_signed b/tests/recipes/33_attach_signed index 2f19337..c5f3c50 100644 --- a/tests/recipes/33_attach_signed +++ b/tests/recipes/33_attach_signed @@ -1,72 +1,57 @@ #!/bin/sh -# Attach the signature to the signed PE/CAB/MSI file. +# Attach the signature to the signed file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=33 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Attach the PEM signature to the signed $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="331. Attach the signature to the signed PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_331_signed.exe" + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "signed_$number.$ext" ../../osslsigncode attach-signature \ - -sigin "sign_pe.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_331_signed.exe" -out "test_331.exe" - verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -sigin "sign_$format_nr.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="332. Attach the signature to the signed CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_332_signed.ex_" - ../../osslsigncode attach-signature \ - -sigin "sign_cab.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_332_signed.ex_" -out "test_332.ex_" - verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="333. Attach the signature to the signed MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_333_signed.msi" - ../../osslsigncode attach-signature -sigin "sign_msi.pem" \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_333_signed.msi" -out "test_333.msi" - verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \ - "sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/34_attach_nest b/tests/recipes/34_attach_nest index 414b427..5725b44 100644 --- a/tests/recipes/34_attach_nest +++ b/tests/recipes/34_attach_nest @@ -1,77 +1,43 @@ #!/bin/sh -# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag -# in order to attach the new signature instead of replacing the first one. +# Attach the signature to the signed file with the "nest" flag in order to +# attach the new signature instead of replacing the first one. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=34 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Warning: CAT files do not support nesting + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Warning: TXT files do not support nesting + esac + + number="$test_nr$format_nr" + test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="341. Attach the signature to the signed PE file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_341_signed.exe" + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "signed_$number.$ext" ../../osslsigncode attach-signature \ - -sigin "sign_pe.pem" \ - -nest \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_341_signed.exe" -out "test_341.exe" - verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -sigin "sign_$format_nr.pem" \ + -nest \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="342. Attach the signature to the signed CAB file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_342_signed.ex_" - ../../osslsigncode attach-signature \ - -sigin "sign_cab.pem" \ - -nest \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_342_signed.ex_" -out "test_342.ex_" - verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="343. Attach the signature to the signed MSI file with the nest flag" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_343_signed.msi" - ../../osslsigncode attach-signature \ - -sigin "sign_msi.pem" \ - -nest \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_343_signed.msi" -out "test_343.msi" - verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/35_remove_signature b/tests/recipes/35_remove_signature index 612c074..8d8a063 100644 --- a/tests/recipes/35_remove_signature +++ b/tests/recipes/35_remove_signature @@ -1,64 +1,54 @@ #!/bin/sh -# Remove the signature from the PE/CAB/MSI file. +# Remove the signature from the file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=35 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Unsupported command + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Remove the signature from the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="351. Remove the signature from the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_351_signed.exe" && \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "signed_$number.$ext" ../../osslsigncode remove-signature \ - -in "test_351_signed.exe" -out "test_351.exe" - verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="352. Remove the signature from the CAB file" -printf "\n%s\n" "$test_name" -if [ -s "test.ex_" ] - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_352_signed.ex_" && \ - ../../osslsigncode remove-signature \ - -in "test_352_signed.ex_" -out "test_352.ex_" - verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="353. Remove the signature from the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_353_signed.msi" && \ - ../../osslsigncode remove-signature \ - -in "test_353_signed.msi" -out "test_353.msi" - verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Unsupported command + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/36_varia_sha256sum b/tests/recipes/36_varia_sha256sum index 89a4f6c..e24988d 100644 --- a/tests/recipes/36_varia_sha256sum +++ b/tests/recipes/36_varia_sha256sum @@ -1,55 +1,34 @@ #!/bin/sh -# Checking SHA256 message digests for 31x-33x tests. +# Checking SHA256 message digests for "extract" and "attach" tests. . $(dirname $0)/../test_library -res=0 -res=0 -skip=0 -test_name="361. Checking SHA256 message digests for 31x-33x tests" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 +script_path=$(pwd) +result=0 +test_nr=36 + +for file in ${script_path}/../logs/sha256sum/*.* + do + name="${file##*/}" + case $name in + "cat.log") filetype=CAT; format_nr=1 ;; + "msi.log") filetype=MSI; format_nr=2 ;; + "ex_.log") filetype=CAB; format_nr=3 ;; + "exe.log") filetype=PE; format_nr=4 ;; + "ps1.log") filetype=TXT; format_nr=5 ;; + esac + + number="$test_nr$format_nr" + test_name="Checking SHA256 message digests for a $filetype file test" + printf "\n%03d. %s\n" "$number" "$test_name" + + if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1 then - res=1 - cat "sha256sum_exe.log" >> "results.log" + result=1 + cat "sha256sum/$name" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log" fi - rm -f "sha256sum_exe.log" - else - skip=$(($skip+1)) - fi + rm -f "sha256sum/$name" + test_result "$result" "$number" "$test_name" + done -if test -s "test.ex_" - then - if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - res=1 - cat "sha256sum_ex_.log" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum_ex_.log" - else - skip=$(($skip+1)) - fi - -if test -s "sample.msi" - then - if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 - then - res=1 - cat "sha256sum_msi.log" >> "results.log" - printf "Non-unique SHA256 message digests found\n" >> "results.log" - fi - rm -f "sha256sum_msi.log" - else - skip=$(($skip+1)) - fi - -if test $skip -lt 2 - then - test_result "$res" "$test_name" - else - printf "Test skipped\n" - fi exit 0 diff --git a/tests/recipes/37_add_signature_timestamp b/tests/recipes/37_add_signature_timestamp index 46f3641..06c392b 100644 --- a/tests/recipes/37_add_signature_timestamp +++ b/tests/recipes/37_add_signature_timestamp @@ -1,92 +1,64 @@ #!/bin/sh -# Add an authenticode timestamp to the PE/CAB/MSI file. +# Add an authenticode timestamp to the signed file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=37 -# PE file -test_name="371. Add an authenticode timestamp to the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Add an authenticode timestamp to the $filetype$desc signed file" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_371_signed.exe" && \ - ../../osslsigncode add \ + -in "notsigned/$name" -out "signed_$number.$ext" + ../../osslsigncode add \ -t http://time.certum.pl/ \ -t http://timestamp.digicert.com/ \ -verbose \ - -in "test_371_signed.exe" -out "test_371.exe" - verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="372. Add an authenticode timestamp to the CAB file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_372_signed.ex_" && \ - ../../osslsigncode add \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test_372_signed.ex_" -out "test_372.ex_" - verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Add an authenticode timestamp to the signed file" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi -# MSI file -test_name="373. Add an authenticode timestamp to the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_373_signed.msi" && \ - ../../osslsigncode add \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test_373_signed.msi" -out "test_373.msi" - verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -test_name="374. Add an authenticode timestamp to the CAT file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_374_signed.cat" && \ - ../../osslsigncode add \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test_374_signed.cat" -out "test_374.cat" - verify_signature "$?" "374" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - - exit 0 diff --git a/tests/recipes/38_add_signature_rfc3161 b/tests/recipes/38_add_signature_rfc3161 index aee5d65..1cdbb55 100644 --- a/tests/recipes/38_add_signature_rfc3161 +++ b/tests/recipes/38_add_signature_rfc3161 @@ -1,91 +1,64 @@ #!/bin/sh -# Add an RFC 3161 timestamp to signed PE/CAB/MSI file. +# Add a RFC 3161 timestamp to the signed file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=38 -# PE file -test_name="381. Add RFC 3161 timestamp to signed PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac + + number="$test_nr$format_nr" + test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_381_signed.exe" - ../../osslsigncode add \ + -in "notsigned/$name" -out "signed_$number.$ext" + ../../osslsigncode add \ -ts http://time.certum.pl/ \ -ts http://timestamp.digicert.com/ \ -verbose \ - -in "test_381_signed.exe" -out "test_381.exe" - verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAB file -test_name="382. Add RFC 3161 timestamp to signed CAB file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_382_signed.ex_" - ../../osslsigncode add \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_382_signed.ex_" -out "test_382.ex_" - verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" - fi - -# MSI file -test_name="383. Add RFC 3161 timestamp to signed MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_383_signed.msi" - ../../osslsigncode add \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_383_signed.msi" -out "test_383.msi" - verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -test_name="384. Add RFC 3161 timestamp to signed CAT file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_384_signed.cat" - ../../osslsigncode add \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_384_signed.cat" -out "test_384.cat" - verify_signature "$?" "384" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Add a RFC 3161 timestamp to the signed file" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/39_add_signature_blob b/tests/recipes/39_add_signature_blob index bfaa0ad..d8e1fed 100644 --- a/tests/recipes/39_add_signature_blob +++ b/tests/recipes/39_add_signature_blob @@ -1,84 +1,55 @@ #!/bin/sh -# Add an unauthenticated blob to the PE/CAB/MSI file. +# Add an unauthenticated blob to the signed file. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=39 -# PE file -test_name="391. Add an unauthenticated blob to the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_391_signed.exe" - ../../osslsigncode add \ - -addUnauthenticatedBlob \ - -in "test_391_signed.exe" -out "test_391.exe" - verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="392. Add an unauthenticated blob to the CAB file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_392_signed.ex_" - ../../osslsigncode add \ - -addUnauthenticatedBlob \ - -in "test_392_signed.ex_" -out "test_392.ex_" - verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Add an unauthenticated blob to the $filetype$desc signed file" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="393. Add an unauthenticated blob to the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_393_signed.msi" + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "signed_$number.$ext" ../../osslsigncode add \ - -addUnauthenticatedBlob \ - -in "test_393_signed.msi" -out "test_393.msi" - verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -addUnauthenticatedBlob \ + -in "signed_$number.$ext" -out "test_$number.$ext" + result=$? -# CAT file -# The message digest is checked by PKCS7_verify() -test_name="394. Add an unauthenticated blob to the CAT file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_394_signed.cat" - ../../osslsigncode add \ - -addUnauthenticatedBlob \ - -in "test_394_signed.cat" -out "test_394.cat" - verify_signature "$?" "394" "cat" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/40_verify_leaf_hash b/tests/recipes/40_verify_leaf_hash index c7e1b1f..b3e9dda 100644 --- a/tests/recipes/40_verify_leaf_hash +++ b/tests/recipes/40_verify_leaf_hash @@ -1,67 +1,51 @@ #!/bin/sh -# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file +# Compare the leaf certificate hash against specified SHA256 message digest for the file . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=40 -# PE file -test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -in "test.exe" -out "test_401.exe" - verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -in "test.ex_" -out "test_402.ex_" - verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -in "sample.msi" -out "test_403.msi" - verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="404. Compare the leaf certificate hash against specified SHA256 message digest for the CAT file" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ - -in "good.cat" -out "test_404.cat" - verify_leaf_hash "$?" "404" "cat" "@2019-05-01 00:00:00" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/41_sign_add_msi_dse b/tests/recipes/41_sign_add_msi_dse index 6d18f14..5b7be24 100644 --- a/tests/recipes/41_sign_add_msi_dse +++ b/tests/recipes/41_sign_add_msi_dse @@ -7,32 +7,35 @@ . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=41 -# PE file -# Warning: -add-msi-dse option is only valid for MSI files +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files + "msi") filetype=MSI; format_nr=2 ;; + "ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files + "exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files + "ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files + esac -# CAB file -# Warning: -add-msi-dse option is only valid for MSI files + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with the add-msi-dse option" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="411. Sign a MSI file with the add-msi-dse option" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -add-msi-dse \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ - -pass passme \ - -in "sample.msi" -out "test_411.msi" - verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -add-msi-dse \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -# Warning: -add-msi-dse option is only valid for MSI files + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/42_sign_jp_low b/tests/recipes/42_sign_jp_low index 5fd5064..12f7192 100644 --- a/tests/recipes/42_sign_jp_low +++ b/tests/recipes/42_sign_jp_low @@ -1,34 +1,38 @@ #!/bin/sh -# Sign a CAB file with "jp low" option +# Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files # https://support.microsoft.com/en-us/help/193877 . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=42 -# PE file -# Warning: -jp option is only valid for CAB files +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Warning: -jp option is only valid for CAB files + "msi") continue;; # Warning: -jp option is only valid for CAB files + "ex_") filetype=CAB; format_nr=3 ;; + "exe") continue;; # Warning: -jp option is only valid for CAB files + "ps1") continue;; # Warning: -jp option is only valid for CAB files + esac + + number="$test_nr$format_nr" + test_name="Sign a $filetype$desc file with the jp low option" + printf "\n%03d. %s\n" "$number" "$test_name" -# CAB file -test_name="421. Sign a CAB file with jp low option" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -jp low \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_421.ex_" - verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -jp low \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# MSI file -# Warning: -jp option is only valid for CAB files - -# CAT file -# Warning: -jp option is only valid for CAB files + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/45_verify_fake_pe b/tests/recipes/45_verify_fake_pe index 4e1e576..3c329c8 100644 --- a/tests/recipes/45_verify_fake_pe +++ b/tests/recipes/45_verify_fake_pe @@ -1,33 +1,36 @@ #!/bin/sh -# Verify changed PE file after signing. - +# Verify changed file after signing. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=45 + +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Test is not supported for non-PE files + "msi") continue;; # Test is not supported for non-PE files + "ex_") continue;; # Test is not supported for non-PE files + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Test is not supported for non-PE files + esac + + number="$test_nr$format_nr" + test_name="Verify changed $filetype$desc file after signing" + printf "\n%03d. %s\n" "$number" "$test_name" -# PE file -test_name="451. Verify changed PE file after signing" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_451.exe" - verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAB file -# Command is not supported for non-PE files - -# MSI file -# Command is not supported for non-PE files - -# CAT file -# Command is not supported for non-PE files + verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Hello world!" "MODIFY" + test_result "$?" "$number" "$test_name" + done exit 0 diff --git a/tests/recipes/46_verify_timestamp b/tests/recipes/46_verify_timestamp index 618377e..0279b30 100644 --- a/tests/recipes/46_verify_timestamp +++ b/tests/recipes/46_verify_timestamp @@ -1,36 +1,46 @@ #!/bin/sh -# Verify changed PE file after signing with Authenticode timestamping. - +# Verify changed file after signing with Authenticode timestamping. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=46 -# PE file -test_name="461. Verify changed PE file after signing with Authenticode timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ - -st "1556668800" \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Test is not supported for non-PE files + "msi") continue;; # Test is not supported for non-PE files + "ex_") continue;; # Test is not supported for non-PE files + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Test is not supported for non-PE files + esac + + number="$test_nr$format_nr" + test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -t http://time.certum.pl/ \ -t http://timestamp.digicert.com/ \ -verbose \ - -in "test.exe" -out "test_461.exe" - verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" - test_result "$?" "$test_name" + -in "notsigned/$name" -out "test_$number.$ext" + result=$? + + verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Hello world!" "MODIFY" + test_result "$?" "$number" "$test_name" + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify changed file after signing with Authenticode timestamping" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi -# CAB file -# Command is not supported for non-PE files - -# MSI file -# Command is not supported for non-PE files - -# CAT file -# Command is not supported for non-PE files - exit 0 diff --git a/tests/recipes/47_verify_rfc3161 b/tests/recipes/47_verify_rfc3161 index 0dc1fc5..fb4daa9 100755 --- a/tests/recipes/47_verify_rfc3161 +++ b/tests/recipes/47_verify_rfc3161 @@ -1,37 +1,46 @@ #!/bin/sh -# Verify changed PE file after signing with RFC 3161 timestamping. - +# Verify changed file after signing with RFC 3161 timestamping. . $(dirname $0)/../test_library script_path=$(pwd) +test_nr=47 -# PE file -test_name="471. Verify changed PE file after signing with RFC 3161 timestamping" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - ../../osslsigncode sign -h sha256 \ +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Test is not supported for non-PE files + "msi") continue;; # Test is not supported for non-PE files + "ex_") continue;; # Test is not supported for non-PE files + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Test is not supported for non-PE files + esac + + number="$test_nr$format_nr" + test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ts http://time.certum.pl/ \ -ts http://timestamp.digicert.com/ \ -verbose \ - -in "test.exe" -out "test_471.exe" - verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY" + -in "notsigned/$name" -out "test_$number.$ext" + result=$? - test_result "$?" "$test_name" + verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "Hello world!" "MODIFY" + test_result "$?" "$number" "$test_name" + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify changed file after signing with RFC 3161 timestamping" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi -# CAB file -# Command is not supported for non-PE files - -# MSI file -# Command is not supported for non-PE files - -# CAT file -# Command is not supported for non-PE files - exit 0 diff --git a/tests/recipes/51_verify_time b/tests/recipes/51_verify_time index 49e15a9..8d17ce6 100644 --- a/tests/recipes/51_verify_time +++ b/tests/recipes/51_verify_time @@ -1,74 +1,52 @@ #!/bin/sh -# Verify PE/CAB/MSI file signature after the cert has been expired. +# Verify a file signed after the cert has been expired. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=51 -# PE file -test_name="511. Verify PE file signature after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.exe" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="512. Verify CAB file signature after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Verify $filetype$desc file signed after the cert has been expired" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="513. Verify MSI file signature after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_513.msi"' - verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="514. Verify CAT file signature after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "good.cat" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "good.cat" -out "test_514.cat"' - verify_signature "$?" "514" "cat" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done exit 0 diff --git a/tests/recipes/52_verify_timestamp b/tests/recipes/52_verify_timestamp index cae51ac..f8ecc57 100644 --- a/tests/recipes/52_verify_timestamp +++ b/tests/recipes/52_verify_timestamp @@ -1,86 +1,62 @@ #!/bin/sh -# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired. +# Verify a file signed with Authenticode timestamping after the cert has been expired. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=52 -# PE file -test_name="521. Verify PE file signature with timestamping after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="522. Verify CAB file signature with timestamping after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="523. Verify MSI file signature with timestamping after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_523.msi"' - verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="524. Verify CAT file signature with timestamping after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_524.cat"' - verify_signature "$?" "524" "cat" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify a file signed with Authenticode after the cert has been expired" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/53_verify_rfc3161 b/tests/recipes/53_verify_rfc3161 index e9e37b2..1a75992 100644 --- a/tests/recipes/53_verify_rfc3161 +++ b/tests/recipes/53_verify_rfc3161 @@ -1,86 +1,62 @@ #!/bin/sh -# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired. +# Verify a file signed with RFC3161 timestamping after the cert has been expired. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=53 -# PE file -test_name="531. Verify PE file signature with RFC3161 after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_533.msi"' - verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="534. Verify CAT file signature with RFC3161 after the cert has been expired" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_534.cat"' - verify_signature "$?" "534" "cat" "success" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify a file signed with RFC3161 after the cert has been expired" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/54_verify_expired b/tests/recipes/54_verify_expired index ea1e1df..1d315ae 100644 --- a/tests/recipes/54_verify_expired +++ b/tests/recipes/54_verify_expired @@ -1,86 +1,62 @@ #!/bin/sh -# Verify PE/CAB/MSI file signed with the expired cert. +# Verify a file signed with the expired cert. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=54 -# PE file -test_name="541. Verify PE file signed with the expired cert" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="542. Verify CAB file signed with the expired cert" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Verify a $filetype$desc file signed with the expired cert" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="543. Verify MSI file signed with the expired cert" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_543.msi"' - verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="544. Verify CAT file signed with the expired cert" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -t http://time.certum.pl/ \ - -t http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_544.cat"' - verify_signature "$?" "544" "cat" "fail" "@2025-01-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify a file signed with the expired cert" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/55_verify_revoked b/tests/recipes/55_verify_revoked index b063aeb..526af24 100644 --- a/tests/recipes/55_verify_revoked +++ b/tests/recipes/55_verify_revoked @@ -1,86 +1,62 @@ #!/bin/sh -# Verify PE/CAB/MSI file signed with the revoked cert. +# Verify a file signed with the revoked cert. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=55 -# PE file -test_name="551. Verify PE file signed with the revoked cert" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") filetype=CAT; format_nr=1 ;; + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") + filetype=TXT + if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then + format_nr=5 + desc=" UTF-16LE(BOM)" + elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then + format_nr=6 + desc=" UTF-8(BOM)" + else + format_nr=7 + desc=" UTF-8" + fi ;; + esac -# CAB file -test_name="552. Verify CAB file signed with the revoked cert" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + number="$test_nr$format_nr" + test_name="Verify a $filetype$desc file signed with the revoked cert" + printf "\n%03d. %s\n" "$number" "$test_name" -# MSI file -test_name="553. Verify MSI file signed with the revoked cert" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "sample.msi" -out "test_553.msi"' - verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ + -in "notsigned/$name" -out "test_$number.$ext" + result=$? -# CAT file -test_name="554. Verify CAT file signed with the revoked cert" -printf "\n%s\n" "$test_name" -if test -s "good.cat" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "good.cat" -out "test_554.cat"' - verify_signature "$?" "554" "cat" "fail" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" - test_result "$?" "$test_name" + if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then + printf "%s\n" "Compare file prefix failed" + test_result "1" "$number" "$test_name" + else + verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + fi + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify a file signed with the revoked cert" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi exit 0 diff --git a/tests/recipes/56_verify_multiple b/tests/recipes/56_verify_multiple index bea80c4..745b947 100644 --- a/tests/recipes/56_verify_multiple +++ b/tests/recipes/56_verify_multiple @@ -1,102 +1,60 @@ #!/bin/sh -# Verify PE/CAB/MSI file signed with the multiple signature. +# Verify a file signed with the multiple signature. . $(dirname $0)/../test_library +script_path=$(pwd) +test_nr=56 -# PE file -test_name="561. Verify PE file signed with the multiple signature" -printf "\n%s\n" "$test_name" -if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2 - ../../osslsigncode sign -h sha384 \ - -nest \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2 - ../../osslsigncode sign \ - -nest \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2' - verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$test_name" +if ! grep -q "no libcurl available" "results.log"; then + for file in ${script_path}/../logs/notsigned/*.* + do + name="${file##*/}" + ext="${file##*.}" + desc="" + case $ext in + "cat") continue;; # Warning: CAT files do not support nesting + "msi") filetype=MSI; format_nr=2 ;; + "ex_") filetype=CAB; format_nr=3 ;; + "exe") filetype=PE; format_nr=4 ;; + "ps1") continue;; # Warning: TXT files do not support nesting + esac + + number="$test_nr$format_nr" + test_name="Verify a $filetype$desc file signed with the multiple signature" + printf "\n%03d. %s\n" "$number" "$test_name" + + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ + -verbose \ + -in "notsigned/$name" -out "signed1_$number.$ext" + ../../osslsigncode sign -h sha384 \ + -st "1556668800" \ + -nest \ + -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -t http://timestamp.digicert.com/ \ + -verbose \ + -in "signed1_$number.$ext" -out "signed2_$number.$ext" + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -nest \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -ts http://timestamp.digicert.com/ \ + -verbose \ + -in "signed2_$number.$ext" -out "test_$number.$ext" + result=$? + + verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN" + test_result "$?" "$number" "$test_name" + done else - printf "Test skipped\n" + format_nr=0 + number="$test_nr$format_nr" + test_name="Verify a file signed with the multiple signature" + printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name" fi -# CAB file -test_name="562. Verify CAB file signed with the multiple signature" -printf "\n%s\n" "$test_name" -if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2 - ../../osslsigncode sign -h sha384 \ - -nest \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2 - ../../osslsigncode sign \ - -nest \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2' - verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# MSI file -test_name="563. Verify MSI file signed with the multiple signature" -printf "\n%s\n" "$test_name" -if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" - then - TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - ../../osslsigncode sign -h sha256 \ - -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2 - ../../osslsigncode sign -h sha384 \ - -nest \ - -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2 - ../../osslsigncode sign \ - -nest \ - -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -ts http://time.certum.pl/ \ - -ts http://timestamp.digicert.com/ \ - -verbose \ - -in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2' - verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \ - "UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN" - test_result "$?" "$test_name" - else - printf "Test skipped\n" - fi - -# CAT file -# Warning: CAT files do not support nesting - exit 0 diff --git a/tests/test_library b/tests/test_library index bcf7e39..b3b9b4b 100755 --- a/tests/test_library +++ b/tests/test_library @@ -7,7 +7,8 @@ cd "${result_path}" test_result() { #1 last exit status -#2 test name +#2 test number +#3 test name local result=0 @@ -16,7 +17,7 @@ test_result() { printf "%s\n" "Test succeeded" else printf "%s\n" "Test failed" - printf "%-80s\t%s\n" "$2" "failed" 1>&3 + printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3 result=1 fi return "$result" @@ -32,21 +33,24 @@ modify_blob() { initial_blob=$(echo -n "$3" | xxd -p) modified_blob=$(echo -n "FAKE" | xxd -p) zero_blob="00000000" + xxd -p -c 1000 "test_$1.$2" | \ sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \ - xxd -p -r > "test_$1_changed.$2" + xxd -p -r > "changed_$1.$2" + ../../osslsigncode verify \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_$1_changed.$2" 2>> "verify.log" 1>&2 + -in "changed_$1.$2" 2>> "verify.log" 1>&2 result=$? + if test "$result" -ne 0 \ - -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 + -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1 then printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2 result=1 else - rm -f "test_$1_changed.$2" + rm -f "changed_$1.$2" fi return "$result" @@ -55,29 +59,19 @@ modify_blob() { search_pattern() { # $1 test number # $2 filename extension -# $3 ASCII or HEX "$7 pattern" format -# $4 pattern searched in a binary file or verify.log -# $5 modify requirement +# $3 pattern searched in a binary file or verify.log local result=0 - if test "$3" = "ASCII" + if ! grep -q "$3" "verify.log" then - hex_pattern=$(echo -n "$4" | xxd -p) - else - hex_pattern=$4 + hex_pattern=$(echo -n "$3" | xxd -p) + if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2 + then + result=1 + printf "Failed: $3 not found\n" + fi fi - if ! grep -q "$4" "verify.log" && \ - ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2 - then - result=1 - printf "Failed: $4 not found\n" - elif test "$5" = "MODIFY" - then - modify_blob "$1" "$2" "$4" - result=$? - fi - return "$result" } @@ -88,11 +82,11 @@ verify_signature() { # $4 expected result # $5 fake time # $6 sha256sum requirement -# $7 ASCII or HEX "$7 pattern" format -# $8 pattern searched in a binary file or verify.log -# $9 modify requirement +# $7 pattern searched in the verify.log file +# $8 modify requirement local result=0 + printf "" > "verify.log" if test "$1" -eq 0 then @@ -106,23 +100,31 @@ verify_signature() { -in "test_tmp.tmp" 2>> "verify.log" 1>&2' result=$? rm -f "test_tmp.tmp" - if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN" + + if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" then - search_pattern "$2" "$3" "$7" "$8" "$9" + search_pattern "$2" "$3" "$7" result=$? fi + + if test "$result" -eq 0 -a "$8" == "MODIFY" + then + modify_blob "$2" "$3" "$7" + result=$? + fi + if test "$6" = "sha256sum" then - sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2 + sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2 fi + if test "$4" = "success" -a "$result" -eq 0 then - rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" - rm -f "test_$2_a.$3" "test_$2_b.$3" - result=0 + rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3" elif test "$4" = "fail" -a "$result" -eq 1 then - rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" + rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3" + rm -f "changed_$2.$3" cat "verify.log" >> "results.log" result=0 else diff --git a/tests/testall.sh b/tests/testall.sh index 34b4efa..21895ad 100755 --- a/tests/testall.sh +++ b/tests/testall.sh @@ -33,6 +33,7 @@ make_tests() { rm -rf "${result_path}" mkdir "${result_path}" cd "${result_path}" +mkdir "notsigned" "sha256sum" date > "results.log" ../../osslsigncode -v >> "results.log" 2>/dev/null @@ -57,7 +58,7 @@ if test "$result" -ne 0 # PE files support if test -n "$(command -v x86_64-w64-mingw32-gcc)" then - x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2 + x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2 else printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" @@ -66,7 +67,7 @@ if test -n "$(command -v x86_64-w64-mingw32-gcc)" # CAB files support if test -n "$(command -v gcab)" then - gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 + gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 else printf "%s\n" "gcab not found in \$PATH" printf "%s\n" "tests for CAB files skipped, please install gcab package" @@ -80,8 +81,10 @@ if grep -q "no libgsf available" "results.log" if test -n "$(command -v wixl)" then touch FoobarAppl10.exe - cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 - wixl -v "sample.wxs" 2>> "results.log" 1>&2 + cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2 + wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2 + rm -f "notsigned/sample.wxs" + rm -f "FoobarAppl10.exe" else printf "%s\n" "wixl not found in \$PATH" printf "%s\n" "tests for MSI files skipped, please install msitools package" @@ -89,7 +92,24 @@ if grep -q "no libgsf available" "results.log" fi # CAT files support -cp "../sources/good.cat" "good.cat" +if test -s "../sources/good.cat" + then + cp "../sources/good.cat" "notsigned/good.cat" + fi + +# TXT files support +if test -s "../sources/utf8.ps1" + then + cp "../sources/utf8.ps1" "notsigned/utf8.ps1" + fi +if test -s "../sources/utf8bom.ps1" + then + cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1" + fi +if test -s "../sources/utf16le.ps1" + then + cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1" + fi # Timestamping support if grep -q "no libcurl available" "results.log" @@ -104,9 +124,9 @@ if test -n "$(command -v faketime)" then make_tests result=$? - rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" "good.cat" - rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der" - rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log" + rm -r -f "notsigned/" "sha256sum/" + rm -f sign_[1-9].pem sign_[1-9].der + rm -f "verify.log" else printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "tests skipped, please install vim-common package"