nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 01:00:11 -05:00
Code Issues Projects Releases Wiki Activity

new testing framework

Browse Source
This commit is contained in:
olszomal 2021-01-08 13:55:45 +01:00 committed by Michał Trojnara
parent 6edd56bfac
commit f004aa3f48
47 changed files with 1920 additions and 2487 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
tests/recipes/01_sign_pem
View File

@ -1,72 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format. # Sign a file with a certificate and a private key in the PEM format.
# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT # -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=1
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="011. Sign a PE file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="012. Sign a CAB file with the certificate and private key files in the PEM format" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"
verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"
verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="014. Sign a CAT file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_014.cat"
verify_signature "$?" "014" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

100
tests/recipes/02_sign_pass
View File

@ -1,75 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format. # Sign a file with an encrypted private key in the PEM format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=2
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="021. Sign a PE file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \ -pass passme \
-in "test.exe" -out "test_021.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="022. Sign a CAB file with the encrypted private key file in the PEM format" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"
verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"
verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="024. Sign a CAT file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "good.cat" -out "test_024.cat"
verify_signature "$?" "024" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

100
tests/recipes/03_sign_der
View File

@ -1,76 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the DER format. # Sign a file with an encrypted private key in the DER format.
# Requires OpenSSL 1.0.0 or later # Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=3
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the DER format"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="031. Sign a PE file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \ -pass passme \
-in "test.exe" -out "test_031.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="032. Sign a CAB file with the encrypted private key file in the DER format" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"
verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"
verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="034. Sign a CAT file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "good.cat" -out "test_034.cat"
verify_signature "$?" "034" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

102
tests/recipes/04_sign_spc_pvk
View File

@ -1,76 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate file in the SPC format # Sign a file with a certificate in the SPC format
# and the private key file in the Microsoft Private Key (PVK) format. # and a private key in the Microsoft Private Key (PVK) format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=4
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="041. Sign a PE file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \ -pass passme \
-in "test.exe" -out "test_041.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"
verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "sample.msi" -out "test_043.msi"
verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="044. Sign a CAT file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "good.cat" -out "test_044.cat"
verify_signature "$?" "044" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

95
tests/recipes/05_sign_pkcs12
View File

@ -1,74 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container. # Sign a file with a certificate and a key stored in a PKCS#12 container.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=5
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_051.exe" "ex_") filetype=CAB; format_nr=3 ;;
verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \ "exe") filetype=PE; format_nr=4 ;;
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" "ps1")
test_result "$?" "$test_name" filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else else
printf "Test skipped\n" format_nr=7
fi desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container"
printf "\n%03d. %s\n" "$number" "$test_name"
# CAB file
test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \ -pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \ -pass passme \
-in "test.ex_" -out "test_052.ex_" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"
verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# CAT file
test_name="054. Sign a CAT file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "good.cat" -out "test_054.cat"
verify_signature "$?" "054" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

83
tests/recipes/06_test_sha256sum
View File

@ -2,66 +2,33 @@
# Checking SHA256 message digests for 01x-05x tests # Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
res=0 script_path=$(pwd)
skip=0 result=0
test_name="061. Checking SHA256 message digests for 01x-05x tests" test_nr=6
printf "\n%s\n" "$test_name"
if test -s "test.exe" for file in ${script_path}/../logs/sha256sum/*.*
do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 result=1
then cat "sha256sum/$name" >> "results.log"
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi fi
rm -f "sha256sum_exe.log" rm -f "sha256sum/$name"
else test_result "$result" "$number" "$test_name"
skip=$(($skip+1)) done
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test -s "good.cat"
then
if test $(cat "sha256sum_cat.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_cat.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_cat.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 4
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

112
tests/recipes/07_sign_timestamp
View File

@ -1,83 +1,61 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with Authenticode timestamping # Sign a file with Authenticode timestamping
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=7
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="071. Sign a PE file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -in "notsigned/$name" -out "test_$number.$ext"
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2 result=$?
verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_result "$?" "$test_name" printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="072. Sign a CAB file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Sign a file with Authenticode timestamping"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="073. Sign a MSI file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_073.msi"
verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="074. Sign a CAT file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_074.cat"
verify_signature "$?" "074" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

112
tests/recipes/08_sign_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with RFC 3161 timestamping # Sign a file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting # An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed # data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by # at a particular moment in time and that it has not changed, even by
@ -7,81 +7,59 @@
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=8
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="081. Sign a PE file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -in "notsigned/$name" -out "test_$number.$ext"
-in "test.exe" -out "test_081.exe" result=$?
verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_result "$?" "$test_name" printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="082. Sign a CAB file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_082.ex_"
verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Sign a file with RFC 3161 timestamping"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="083. Sign a MSI file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_083.msi"
verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="084. Sign a CAT file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_084.cat"
verify_signature "$?" "084" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

43
tests/recipes/09_sign_page_hashes
View File

@ -1,32 +1,33 @@
#!/bin/sh #!/bin/sh
# Generate page hashes for a PE file # Generate page hashes for a file
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=9
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"exe") filetype=PE; format_nr=4 ;;
*) continue ;; # Warning: -ph option is only valid for PE files
esac
number="$test_nr$format_nr"
test_name="Generate page hashes for a $filetype file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="091. Generate page hashes for a PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 -ph \ ../../osslsigncode sign -h sha256 -ph \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
# Warning: -ph option is only valid for PE files "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file done
# Warning: -ph option is only valid for PE files
# CAT file
# Warning: -ph option is only valid for PE files
exit 0 exit 0

101
tests/recipes/10_sign_blob
View File

@ -1,76 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with addUnauthenticatedBlob. # Sign a file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=10
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with addUnauthenticatedBlob"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="101. Sign a PE file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-addUnauthenticatedBlob \ -addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2 -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="102. Sign a CAB file with addUnauthenticatedBlob" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="103. Sign a MSI file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2
verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# The message digest is checked by PKCS7_verify()
test_name="104. Sign a CAT file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_104.cat" 2>> "results.log" 1>&2
verify_signature "$?" "104" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

84
tests/recipes/11_sign_nest
View File

@ -1,74 +1,42 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file twice with the "nest" flag in the second time # Sign a file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one. # in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=11
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="111. Sign a PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-nest \ -nest \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_111_signed.exe" -out "test_111.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
test_name="112. Sign a CAB file with the nest flag" "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
printf "\n%s\n" "$test_name" test_result "$?" "$number" "$test_name"
if test -s "test.ex_" done
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Sign a MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113_signed.msi"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_113_signed.msi" -out "test_113.msi"
verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Warning: CAT files do not support nesting
exit 0 exit 0

97
tests/recipes/12_sign_readpass_pem
View File

@ -1,75 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file. # Sign a file with a PEM key and a password read from password.txt file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=12
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="121. Sign a PE file with the PEM key file and the file with a password" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-readpass "${script_path}/../certs/password.txt" \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_121.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else else
printf "Test skipped\n" format_nr=7
fi desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file"
printf "\n%03d. %s\n" "$number" "$test_name"
# CAB file
test_name="122. Sign a CAB file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-addUnauthenticatedBlob \
-readpass "${script_path}/../certs/password.txt" \ -readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "test.ex_" -out "test_122.ex_" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="123. Sign a MSI file with a PEM key file and the file with a password" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "sample.msi" -out "test_123.msi"
verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# CAT file
test_name="124. Sign a CAT file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "good.cat" -out "test_124.cat"
verify_signature "$?" "124" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

100
tests/recipes/13_sign_readpass_pkcs12
View File

@ -1,76 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container # Sign a file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file. # and a password read from password.txt file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=13
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="131. Sign a PE file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \ -readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \ -pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"
verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"
verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="134. Sign a CAT file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "good.cat" -out "test_134.cat"
verify_signature "$?" "134" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

100
tests/recipes/14_sign_descryption
View File

@ -1,75 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with a descryption # Sign a file with a descryption.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=14
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a descryption"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="141. Sign a PE file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-n "DESCRYPTION_TEXT" \ -n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="142. Sign a CAB file with a descryption" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"
verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="143. Sign a MSI file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"
verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="144. Sign a CAT file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_144.cat"
verify_signature "$?" "144" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

102
tests/recipes/15_sign_url
View File

@ -1,76 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content # Sign a file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=15
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with specified URL"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="151. Sign a PE file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \ -i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \ -in "notsigned/$name" -out "test_$number.$ext"
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="152. Sign a CAB file with specified URL" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"
verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="153. Sign a MSI file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"
verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="154. Sign a CAT file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "good.cat" -out "test_154.cat"
verify_signature "$?" "154" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

106
tests/recipes/16_sign_comm
View File

@ -1,78 +1,58 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID # Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11" # object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15" # changes default Microsoft Individual Code Signing:
# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16" # "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Microsoft Commercial Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=16
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the common purpose set"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="161. Sign a PE file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-comm \ -comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="162. Sign a CAB file with the common purpose set" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"
verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="163. Sign a MSI file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"
verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="164. Sign a CAT file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_164.cat"
verify_signature "$?" "164" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

102
tests/recipes/17_sign_crosscertfile
View File

@ -1,77 +1,55 @@
#!/bin/sh #!/bin/sh
# Add an additional certificate to the signature block of the PE/CAB/MSI file. # Add an additional certificate to the signature block of the file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification # https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=17
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an additional certificate to the signature block of a $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="171. Add an additional certificate to the signature block of the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \ -ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \ -in "notsigned/$name" -out "test_$number.$ext"
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="172. Add an additional certificate to the signature block of the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"
verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="173. Add an additional certificate to the signature block of the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"
verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="174. Add an additional certificate to the signature block of the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "good.cat" -out "test_174.cat"
verify_signature "$?" "174" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

57
tests/recipes/21_sign_hash_md5
View File

@ -1,29 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with MD5 set of cryptographic hash functions. # Sign a file with MD5 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=21
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h md5 \ ../../osslsigncode sign -h md5 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MD5" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
# MSI file
# CAT file
exit 0 exit 0

57
tests/recipes/22_sign_hash_sha1
View File

@ -1,29 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA1 set of cryptographic hash functions. # Sign a file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=22
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha1 \ ../../osslsigncode sign -h sha1 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
# MSI file
# CAT file
exit 0 exit 0

57
tests/recipes/23_sign_hash_sha2
View File

@ -1,29 +1,52 @@
#!/bin/sh #!/bin/sh
# Signing a PE file with SHA1 set of cryptographic hash functions. # Signing a file with SHA2 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=23
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha2 \ ../../osslsigncode sign -h sha2 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
# MSI file
# CAT file
exit 0 exit 0

57
tests/recipes/24_sign_hash_sha384
View File

@ -1,29 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA384 set of cryptographic hash functions. # Sign a file with SHA384 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=24
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha384 \ ../../osslsigncode sign -h sha384 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
# MSI file
# CAT file
exit 0 exit 0

57
tests/recipes/25_sign_hash_sha512
View File

@ -1,29 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA512 set of cryptographic hash functions. # Sign a file with SHA512 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=25
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
# MSI file
# CAT file
exit 0 exit 0

93
tests/recipes/26_extract_signature_pem
View File

@ -1,64 +1,55 @@
#!/bin/sh #!/bin/sh
# Extract the signature in the PEM format from the PE/CAB/MSI file. # Extract the signature in the PEM format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=26
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Extract the PEM signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="261. Extract the PEM signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_261.exe" && \ -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature \
-in "test_261.exe" -out "sign_pe.pem" -pem \
verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \ -in "test_$number.$ext" -out "sign_$format_nr.pem"
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="262. Extract the PEM signature from the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_262.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_262.ex_" -out "sign_cab.pem"
verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="263. Extract the PEM signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_263.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_263.msi" -out "sign_msi.pem"
verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

92
tests/recipes/27_extract_signature_der
View File

@ -1,64 +1,54 @@
#!/bin/sh #!/bin/sh
# Extract the signature in the DER format from the PE/CAB/MSI file. # Extract the signature in the DER format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=27
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Extract the DER signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="271. Extract the DER signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_271.exe" && \ -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature \ ../../osslsigncode extract-signature\
-in "test_271.exe" -out "sign_pe.der" -in "test_$number.$ext" -out "sign_$format_nr.der"
verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="272. Extract the DER signature from the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_272.ex_" && \
../../osslsigncode extract-signature \
-in "test_272.ex_" -out "sign_cab.der"
verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="273. Extract the DER signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_273.msi" && \
../../osslsigncode extract-signature \
-in "test_273.msi" -out "sign_msi.der"
verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

90
tests/recipes/31_attach_signature_der
View File

@ -1,61 +1,57 @@
#!/bin/sh #!/bin/sh
# Attach the DER signature to the PE/CAB/MSI file. # Attach the DER signature to the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=31
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the DER signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="311. Attach the DER signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_pe.der" \ -sigin "sign_$format_nr.der" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_311.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$result" -ne 0; then
else cp "sign_$format_nr.der" "sign_$number.der"
printf "Test skipped\n"
fi fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="312. Attach the DER signature to the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_312.ex_"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="313. Attach the DER signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_313.msi"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

90
tests/recipes/32_attach_signature_pem
View File

@ -1,61 +1,57 @@
#!/bin/sh #!/bin/sh
# Attach the PEM signature to the PE/CAB/MSI file. # Attach the PEM signature to the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=32
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="321. Attach the PEM signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \ -sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_321.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$result" -ne 0; then
else cp "sign_$format_nr.der" "sign_$number.der"
printf "Test skipped\n"
fi fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="322. Attach the PEM signature to the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="323. Attach the PEM signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_323.msi"
verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

97
tests/recipes/33_attach_signed
View File

@ -1,72 +1,57 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file. # Attach the signature to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=33
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="331. Attach the signature to the signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_331_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \ -sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_331_signed.exe" -out "test_331.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="332. Attach the signature to the signed CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_332_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="333. Attach the signature to the signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_333_signed.msi"
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

90
tests/recipes/34_attach_nest
View File

@ -1,77 +1,43 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag # Attach the signature to the signed file with the "nest" flag in order to
# in order to attach the new signature instead of replacing the first one. # attach the new signature instead of replacing the first one.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=34
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="341. Attach the signature to the signed PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_341_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \ -sigin "sign_$format_nr.pem" \
-nest \ -nest \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_341_signed.exe" -out "test_341.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
test_name="342. Attach the signature to the signed CAB file with the nest flag" "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
printf "\n%s\n" "$test_name" test_result "$?" "$number" "$test_name"
if test -s "test.ex_" done
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_342_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_342_signed.ex_" -out "test_342.ex_"
verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="343. Attach the signature to the signed MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_343_signed.msi"
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_343_signed.msi" -out "test_343.msi"
verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

90
tests/recipes/35_remove_signature
View File

@ -1,64 +1,54 @@
#!/bin/sh #!/bin/sh
# Remove the signature from the PE/CAB/MSI file. # Remove the signature from the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=35
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Remove the signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="351. Remove the signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_351_signed.exe" && \ -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode remove-signature \ ../../osslsigncode remove-signature \
-in "test_351_signed.exe" -out "test_351.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="352. Remove the signature from the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_352_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_352_signed.ex_" -out "test_352.ex_"
verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="353. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_353_signed.msi" && \
../../osslsigncode remove-signature \
-in "test_353_signed.msi" -out "test_353.msi"
verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0 exit 0

73
tests/recipes/36_varia_sha256sum
View File

@ -1,55 +1,34 @@
#!/bin/sh #!/bin/sh
# Checking SHA256 message digests for 31x-33x tests. # Checking SHA256 message digests for "extract" and "attach" tests.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
res=0 script_path=$(pwd)
res=0 result=0
skip=0 test_nr=36
test_name="361. Checking SHA256 message digests for 31x-33x tests"
printf "\n%s\n" "$test_name" for file in ${script_path}/../logs/sha256sum/*.*
if test -s "test.exe" do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 result=1
then cat "sha256sum/$name" >> "results.log"
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi fi
rm -f "sha256sum_exe.log" rm -f "sha256sum/$name"
else test_result "$result" "$number" "$test_name"
skip=$(($skip+1)) done
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 2
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

118
tests/recipes/37_add_signature_timestamp
View File

@ -1,92 +1,64 @@
#!/bin/sh #!/bin/sh
# Add an authenticode timestamp to the PE/CAB/MSI file. # Add an authenticode timestamp to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=37
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="371. Add an authenticode timestamp to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_371_signed.exe" && \ -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_371_signed.exe" -out "test_371.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="372. Add an authenticode timestamp to the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# MSI file
test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the signed file"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# CAT file
test_name="374. Add an authenticode timestamp to the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_374_signed.cat" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_374_signed.cat" -out "test_374.cat"
verify_signature "$?" "374" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

119
tests/recipes/38_add_signature_rfc3161
View File

@ -1,91 +1,64 @@
#!/bin/sh #!/bin/sh
# Add an RFC 3161 timestamp to signed PE/CAB/MSI file. # Add a RFC 3161 timestamp to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=38
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="381. Add RFC 3161 timestamp to signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_381_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_381_signed.exe" -out "test_381.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="382. Add RFC 3161 timestamp to signed CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the signed file"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="384. Add RFC 3161 timestamp to signed CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_384_signed.cat"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_384_signed.cat" -out "test_384.cat"
verify_signature "$?" "384" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

109
tests/recipes/39_add_signature_blob
View File

@ -1,84 +1,55 @@
#!/bin/sh #!/bin/sh
# Add an unauthenticated blob to the PE/CAB/MSI file. # Add an unauthenticated blob to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=39
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an unauthenticated blob to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="391. Add an unauthenticated blob to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_391_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-addUnauthenticatedBlob \ -addUnauthenticatedBlob \
-in "test_391_signed.exe" -out "test_391.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="392. Add an unauthenticated blob to the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_392_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_392_signed.ex_" -out "test_392.ex_"
verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
fi "UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY"
test_result "$?" "$number" "$test_name"
# MSI file
test_name="393. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_393_signed.msi"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_393_signed.msi" -out "test_393.msi"
verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# The message digest is checked by PKCS7_verify()
test_name="394. Add an unauthenticated blob to the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_394_signed.cat"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_394_signed.cat" -out "test_394.cat"
verify_signature "$?" "394" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

92
tests/recipes/40_verify_leaf_hash
View File

@ -1,67 +1,51 @@
#!/bin/sh #!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file # Compare the leaf certificate hash against specified SHA256 message digest for the file
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=40
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_401.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00" result=$?
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00"
fi test_result "$?" "$number" "$test_name"
# MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "sample.msi" -out "test_403.msi"
verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="404. Compare the leaf certificate hash against specified SHA256 message digest for the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "good.cat" -out "test_404.cat"
verify_leaf_hash "$?" "404" "cat" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
done
exit 0 exit 0

43
tests/recipes/41_sign_add_msi_dse
View File

@ -7,32 +7,35 @@
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=41
# PE file for file in ${script_path}/../logs/notsigned/*.*
# Warning: -add-msi-dse option is only valid for MSI files do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"msi") filetype=MSI; format_nr=2 ;;
"ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files
esac
# CAB file number="$test_nr$format_nr"
# Warning: -add-msi-dse option is only valid for MSI files test_name="Sign a $filetype$desc file with the add-msi-dse option"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="411. Sign a MSI file with the add-msi-dse option"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-add-msi-dse \ -add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-pass passme \ -in "notsigned/$name" -out "test_$number.$ext"
-in "sample.msi" -out "test_411.msi" result=$?
verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
# Warning: -add-msi-dse option is only valid for MSI files "UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0 exit 0

44
tests/recipes/42_sign_jp_low
View File

@ -1,34 +1,38 @@
#!/bin/sh #!/bin/sh
# Sign a CAB file with "jp low" option # Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files
# https://support.microsoft.com/en-us/help/193877 # https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=42
# PE file for file in ${script_path}/../logs/notsigned/*.*
# Warning: -jp option is only valid for CAB files do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -jp option is only valid for CAB files
"msi") continue;; # Warning: -jp option is only valid for CAB files
"ex_") filetype=CAB; format_nr=3 ;;
"exe") continue;; # Warning: -jp option is only valid for CAB files
"ps1") continue;; # Warning: -jp option is only valid for CAB files
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the jp low option"
printf "\n%03d. %s\n" "$number" "$test_name"
# CAB file
test_name="421. Sign a CAB file with jp low option"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-jp low \ -jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_421.ex_" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
# Warning: -jp option is only valid for CAB files "UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# CAT file done
# Warning: -jp option is only valid for CAB files
exit 0 exit 0

47
tests/recipes/45_verify_fake_pe
View File

@ -1,33 +1,36 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing. # Verify changed file after signing.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=45
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="451. Verify changed PE file after signing"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_451.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
# Command is not supported for non-PE files "UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
# MSI file done
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0 exit 0

52
tests/recipes/46_verify_timestamp
View File

@ -1,36 +1,46 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing with Authenticode timestamping. # Verify changed file after signing with Authenticode timestamping.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=46
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="461. Verify changed PE file after signing with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_461.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0 exit 0

51
tests/recipes/47_verify_rfc3161
View File

@ -1,37 +1,46 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing with RFC 3161 timestamping. # Verify changed file after signing with RFC 3161 timestamping.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=47
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="471. Verify changed PE file after signing with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_471.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0 exit 0

98
tests/recipes/51_verify_time
View File

@ -1,74 +1,52 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature after the cert has been expired. # Verify a file signed after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=51
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="511. Verify PE file signature after the cert has been expired" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' case $ext in
script_path=$(pwd) "cat") filetype=CAT; format_nr=1 ;;
../../osslsigncode sign -h sha256 \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2' "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else else
printf "Test skipped\n" format_nr=7
fi desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="512. Verify CAB file signature after the cert has been expired" test_name="Verify $filetype$desc file signed after the cert has been expired"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="513. Verify MSI file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_513.msi"' -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="514. Verify CAT file signature after the cert has been expired" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "good.cat"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_514.cat"'
verify_signature "$?" "514" "cat" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
exit 0 exit 0

118
tests/recipes/52_verify_timestamp
View File

@ -1,86 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired. # Verify a file signed with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=52
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="521. Verify PE file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2' -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Verify a file signed with Authenticode after the cert has been expired"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="523. Verify MSI file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_523.msi"'
verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="524. Verify CAT file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_524.cat"'
verify_signature "$?" "524" "cat" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

118
tests/recipes/53_verify_rfc3161
View File

@ -1,86 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired. # Verify a file signed with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=53
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="531. Verify PE file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2' -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Verify a file signed with RFC3161 after the cert has been expired"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_533.msi"'
verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="534. Verify CAT file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_534.cat"'
verify_signature "$?" "534" "cat" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

128
tests/recipes/54_verify_expired
View File

@ -1,86 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the expired cert. # Verify a file signed with the expired cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=54
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="541. Verify PE file signed with the expired cert" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-t http://time.certum.pl/ \ "ex_") filetype=CAB; format_nr=3 ;;
-t http://timestamp.digicert.com/ \ "exe") filetype=PE; format_nr=4 ;;
-verbose \ "ps1")
-in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2' filetype=TXT
verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else else
printf "Test skipped\n" format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the expired cert"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="542. Verify CAB file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Verify a file signed with the expired cert"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="543. Verify MSI file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_543.msi"'
verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="544. Verify CAT file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_544.cat"'
verify_signature "$?" "544" "cat" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

118
tests/recipes/55_verify_revoked
View File

@ -1,86 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the revoked cert. # Verify a file signed with the revoked cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=55
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the revoked cert"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="551. Verify PE file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2' -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else else
printf "Test skipped\n" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi fi
done
# CAB file
test_name="552. Verify CAB file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Verify a file signed with the revoked cert"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="553. Verify MSI file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_553.msi"'
verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
test_name="554. Verify CAT file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_554.cat"'
verify_signature "$?" "554" "cat" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

122
tests/recipes/56_verify_multiple
View File

@ -1,102 +1,60 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the multiple signature. # Verify a file signed with the multiple signature.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=56
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the multiple signature"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="561. Verify PE file signed with the multiple signature"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2 -verbose \
-in "notsigned/$name" -out "signed1_$number.$ext"
../../osslsigncode sign -h sha384 \ ../../osslsigncode sign -h sha384 \
-st "1556668800" \
-nest \ -nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -t http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2 -in "signed1_$number.$ext" -out "signed2_$number.$ext"
../../osslsigncode sign \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \
-nest \ -nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2' -in "signed2_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
test_name="562. Verify CAB file signed with the multiple signature" "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
printf "\n%s\n" "$test_name" test_result "$?" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" done
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the multiple signature"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# MSI file
test_name="563. Verify MSI file signed with the multiple signature"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2'
verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# Warning: CAT files do not support nesting
exit 0 exit 0

66
tests/test_library
View File

@ -7,7 +7,8 @@ cd "${result_path}"
test_result() { test_result() {
#1 last exit status #1 last exit status
#2 test name #2 test number
#3 test name
local result=0 local result=0
@ -16,7 +17,7 @@ test_result() {
printf "%s\n" "Test succeeded" printf "%s\n" "Test succeeded"
else else
printf "%s\n" "Test failed" printf "%s\n" "Test failed"
printf "%-80s\t%s\n" "$2" "failed" 1>&3 printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3
result=1 result=1
fi fi
return "$result" return "$result"
@ -32,21 +33,24 @@ modify_blob() {
initial_blob=$(echo -n "$3" | xxd -p) initial_blob=$(echo -n "$3" | xxd -p)
modified_blob=$(echo -n "FAKE" | xxd -p) modified_blob=$(echo -n "FAKE" | xxd -p)
zero_blob="00000000" zero_blob="00000000"
xxd -p -c 1000 "test_$1.$2" | \ xxd -p -c 1000 "test_$1.$2" | \
sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \ sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
xxd -p -r > "test_$1_changed.$2" xxd -p -r > "changed_$1.$2"
../../osslsigncode verify \ ../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_$1_changed.$2" 2>> "verify.log" 1>&2 -in "changed_$1.$2" 2>> "verify.log" 1>&2
result=$? result=$?
if test "$result" -ne 0 \ if test "$result" -ne 0 \
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1
then then
printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2 printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
result=1 result=1
else else
rm -f "test_$1_changed.$2" rm -f "changed_$1.$2"
fi fi
return "$result" return "$result"
@ -55,29 +59,19 @@ modify_blob() {
search_pattern() { search_pattern() {
# $1 test number # $1 test number
# $2 filename extension # $2 filename extension
# $3 ASCII or HEX "$7 pattern" format # $3 pattern searched in a binary file or verify.log
# $4 pattern searched in a binary file or verify.log
# $5 modify requirement
local result=0 local result=0
if test "$3" = "ASCII" if ! grep -q "$3" "verify.log"
then then
hex_pattern=$(echo -n "$4" | xxd -p) hex_pattern=$(echo -n "$3" | xxd -p)
else if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
hex_pattern=$4
fi
if ! grep -q "$4" "verify.log" && \
! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
then then
result=1 result=1
printf "Failed: $4 not found\n" printf "Failed: $3 not found\n"
elif test "$5" = "MODIFY" fi
then
modify_blob "$1" "$2" "$4"
result=$?
fi fi
return "$result" return "$result"
} }
@ -88,11 +82,11 @@ verify_signature() {
# $4 expected result # $4 expected result
# $5 fake time # $5 fake time
# $6 sha256sum requirement # $6 sha256sum requirement
# $7 ASCII or HEX "$7 pattern" format # $7 pattern searched in the verify.log file
# $8 pattern searched in a binary file or verify.log # $8 modify requirement
# $9 modify requirement
local result=0 local result=0
printf "" > "verify.log" printf "" > "verify.log"
if test "$1" -eq 0 if test "$1" -eq 0
then then
@ -106,23 +100,31 @@ verify_signature() {
-in "test_tmp.tmp" 2>> "verify.log" 1>&2' -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$? result=$?
rm -f "test_tmp.tmp" rm -f "test_tmp.tmp"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN"
then then
search_pattern "$2" "$3" "$7" "$8" "$9" search_pattern "$2" "$3" "$7"
result=$? result=$?
fi fi
if test "$result" -eq 0 -a "$8" == "MODIFY"
then
modify_blob "$2" "$3" "$7"
result=$?
fi
if test "$6" = "sha256sum" if test "$6" = "sha256sum"
then then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2 sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2
fi fi
if test "$4" = "success" -a "$result" -eq 0 if test "$4" = "success" -a "$result" -eq 0
then then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "test_$2_a.$3" "test_$2_b.$3"
result=0
elif test "$4" = "fail" -a "$result" -eq 1 elif test "$4" = "fail" -a "$result" -eq 1
then then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "changed_$2.$3"
cat "verify.log" >> "results.log" cat "verify.log" >> "results.log"
result=0 result=0
else else

36
tests/testall.sh
View File

@ -33,6 +33,7 @@ make_tests() {
rm -rf "${result_path}" rm -rf "${result_path}"
mkdir "${result_path}" mkdir "${result_path}"
cd "${result_path}" cd "${result_path}"
mkdir "notsigned" "sha256sum"
date > "results.log" date > "results.log"
../../osslsigncode -v >> "results.log" 2>/dev/null ../../osslsigncode -v >> "results.log" 2>/dev/null
@ -57,7 +58,7 @@ if test "$result" -ne 0
# PE files support # PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)" if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then then
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2 x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2
else else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
@ -66,7 +67,7 @@ if test -n "$(command -v x86_64-w64-mingw32-gcc)"
# CAB files support # CAB files support
if test -n "$(command -v gcab)" if test -n "$(command -v gcab)"
then then
gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else else
printf "%s\n" "gcab not found in \$PATH" printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package" printf "%s\n" "tests for CAB files skipped, please install gcab package"
@ -80,8 +81,10 @@ if grep -q "no libgsf available" "results.log"
if test -n "$(command -v wixl)" if test -n "$(command -v wixl)"
then then
touch FoobarAppl10.exe touch FoobarAppl10.exe
cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2 wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2
rm -f "notsigned/sample.wxs"
rm -f "FoobarAppl10.exe"
else else
printf "%s\n" "wixl not found in \$PATH" printf "%s\n" "wixl not found in \$PATH"
printf "%s\n" "tests for MSI files skipped, please install msitools package" printf "%s\n" "tests for MSI files skipped, please install msitools package"
@ -89,7 +92,24 @@ if grep -q "no libgsf available" "results.log"
fi fi
# CAT files support # CAT files support
cp "../sources/good.cat" "good.cat" if test -s "../sources/good.cat"
then
cp "../sources/good.cat" "notsigned/good.cat"
fi
# TXT files support
if test -s "../sources/utf8.ps1"
then
cp "../sources/utf8.ps1" "notsigned/utf8.ps1"
fi
if test -s "../sources/utf8bom.ps1"
then
cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1"
fi
if test -s "../sources/utf16le.ps1"
then
cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1"
fi
# Timestamping support # Timestamping support
if grep -q "no libcurl available" "results.log" if grep -q "no libcurl available" "results.log"
@ -104,9 +124,9 @@ if test -n "$(command -v faketime)"
then then
make_tests make_tests
result=$? result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" "good.cat" rm -r -f "notsigned/" "sha256sum/"
rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der" rm -f sign_[1-9].pem sign_[1-9].der
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log" rm -f "verify.log"
else else
printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package" printf "%s\n" "tests skipped, please install vim-common package"