nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

CAT file tests

Browse Source
This commit is contained in:
olszomal 2020-10-30 15:34:39 +01:00 committed by Michał Trojnara
parent 80d5948eeb
commit fb1bc06440
46 changed files with 493 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/recipes/01_sign_pem
View File

@ -53,4 +53,20 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="014. Sign a CAT file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_014.cat"
verify_signature "$?" "014" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/02_sign_pass
View File

@ -55,4 +55,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="024. Sign a CAT file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "good.cat" -out "test_024.cat"
verify_signature "$?" "024" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/03_sign_der
View File

@ -56,4 +56,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="034. Sign a CAT file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "good.cat" -out "test_034.cat"
verify_signature "$?" "034" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/04_sign_spc_pvk
View File

@ -56,4 +56,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="044. Sign a CAT file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "good.cat" -out "test_044.cat"
verify_signature "$?" "044" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/05_sign_pkcs12
View File

@ -54,4 +54,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="054. Sign a CAT file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "good.cat" -out "test_054.cat"
verify_signature "$?" "054" "cat" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

15
tests/recipes/06_test_sha256sum
View File

@ -45,7 +45,20 @@ if test -s "sample.msi"
skip=$(($skip+1))
fi
if test $skip -lt 3
if test -s "good.cat"
then
if test $(cat "sha256sum_cat.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_cat.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_cat.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 4
then
test_result "$res" "$test_name"
else

19
tests/recipes/07_sign_timestamp
View File

@ -61,4 +61,23 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="074. Sign a CAT file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_074.cat"
verify_signature "$?" "074" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

19
tests/recipes/08_sign_rfc3161
View File

@ -65,4 +65,23 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="084. Sign a CAT file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_084.cat"
verify_signature "$?" "084" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

3
tests/recipes/09_sign_page_hashes
View File

@ -26,4 +26,7 @@ if test -s "test.exe"
# MSI file
# Warning: -ph option is only valid for PE files
# CAT file
# Warning: -ph option is only valid for PE files
exit 0

24
tests/recipes/10_sign_blob
View File

@ -15,7 +15,7 @@ if test -s "test.exe"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2
verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -32,7 +32,7 @@ if test -s "test.ex_"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
@ -49,7 +49,25 @@ if test -s "sample.msi"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2
verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB---" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAT file
# The message digest is checked by PKCS7_verify()
test_name="104. Sign a CAT file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_104.cat" 2>> "results.log" 1>&2
verify_signature "$?" "104" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"

3
tests/recipes/11_sign_nest
View File

@ -68,4 +68,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Warning: CAT files do not support nesting
exit 0

17
tests/recipes/12_sign_readpass_pem
View File

@ -55,4 +55,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="124. Sign a CAT file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "good.cat" -out "test_124.cat"
verify_signature "$?" "124" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/13_sign_readpass_pkcs12
View File

@ -56,4 +56,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="134. Sign a CAT file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "good.cat" -out "test_134.cat"
verify_signature "$?" "134" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/14_sign_descryption
View File

@ -55,4 +55,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="144. Sign a CAT file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_144.cat"
verify_signature "$?" "144" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/15_sign_url
View File

@ -56,4 +56,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="154. Sign a CAT file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "good.cat" -out "test_154.cat"
verify_signature "$?" "154" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/16_sign_comm
View File

@ -58,4 +58,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="164. Sign a CAT file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_164.cat"
verify_signature "$?" "164" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

17
tests/recipes/17_sign_crosscertfile
View File

@ -57,4 +57,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="174. Add an additional certificate to the signature block of the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "good.cat" -out "test_174.cat"
verify_signature "$?" "174" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

2
tests/recipes/21_sign_hash_md5
View File

@ -24,4 +24,6 @@ if test -s "test.exe"
# MSI file
# CAT file
exit 0

2
tests/recipes/22_sign_hash_sha1
View File

@ -24,4 +24,6 @@ if test -s "test.exe"
# MSI file
# CAT file
exit 0

2
tests/recipes/23_sign_hash_sha2
View File

@ -24,4 +24,6 @@ if test -s "test.exe"
# MSI file
# CAT file
exit 0

2
tests/recipes/24_sign_hash_sha384
View File

@ -24,4 +24,6 @@ if test -s "test.exe"
# MSI file
# CAT file
exit 0

2
tests/recipes/25_sign_hash_sha512
View File

@ -24,4 +24,6 @@ if test -s "test.exe"
# MSI file
# CAT file
exit 0

3
tests/recipes/26_extract_signature_pem
View File

@ -58,4 +58,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/27_extract_signature_der
View File

@ -58,4 +58,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/31_attach_signature_der
View File

@ -55,4 +55,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/32_attach_signature_pem
View File

@ -55,4 +55,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/33_attach_signed
View File

@ -66,4 +66,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/34_attach_nest
View File

@ -71,4 +71,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

3
tests/recipes/35_remove_signature
View File

@ -58,4 +58,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Unsupported command
exit 0

22
tests/recipes/37_add_signature_timestamp
View File

@ -67,4 +67,26 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="374. Add an authenticode timestamp to the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_374_signed.cat" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_374_signed.cat" -out "test_374.cat"
verify_signature "$?" "374" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

21
tests/recipes/38_add_signature_rfc3161
View File

@ -67,4 +67,25 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="384. Add RFC 3161 timestamp to signed CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_384_signed.cat"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_384_signed.cat" -out "test_384.cat"
verify_signature "$?" "384" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

20
tests/recipes/39_add_signature_blob
View File

@ -61,4 +61,24 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# The message digest is checked by PKCS7_verify()
test_name="394. Add an unauthenticated blob to the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_394_signed.cat"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_394_signed.cat" -out "test_394.cat"
verify_signature "$?" "394" "cat" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

15
tests/recipes/40_verify_leaf_hash
View File

@ -49,4 +49,19 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="404. Compare the leaf certificate hash against specified SHA256 message digest for the CAT file"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "good.cat" -out "test_404.cat"
verify_leaf_hash "$?" "404" "cat" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

3
tests/recipes/41_sign_add_msi_dse
View File

@ -32,4 +32,7 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
# Warning: -add-msi-dse option is only valid for MSI files
exit 0

3
tests/recipes/42_sign_jp_low
View File

@ -28,4 +28,7 @@ if test -s "test.ex_"
# MSI file
# Warning: -jp option is only valid for CAB files
# CAT file
# Warning: -jp option is only valid for CAB files
exit 0

3
tests/recipes/45_verify_fake_pe
View File

@ -27,4 +27,7 @@ if test -s "test.exe"
# MSI file
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0

3
tests/recipes/46_verify_timestamp
View File

@ -30,4 +30,7 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
# MSI file
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0

3
tests/recipes/47_verify_rfc3161
View File

@ -31,4 +31,7 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
# MSI file
# Command is not supported for non-PE files
# CAT file
# Command is not supported for non-PE files
exit 0

17
tests/recipes/51_verify_time
View File

@ -54,4 +54,21 @@ if test -s "sample.msi"
printf "Test skipped\n"
fi
# CAT file
test_name="514. Verify CAT file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "good.cat"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "good.cat" -out "test_514.cat"'
verify_signature "$?" "514" "cat" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

20
tests/recipes/52_verify_timestamp
View File

@ -63,4 +63,24 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="524. Verify CAT file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_524.cat"'
verify_signature "$?" "524" "cat" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

20
tests/recipes/53_verify_rfc3161
View File

@ -63,4 +63,24 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="534. Verify CAT file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_534.cat"'
verify_signature "$?" "534" "cat" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

20
tests/recipes/54_verify_expired
View File

@ -63,4 +63,24 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="544. Verify CAT file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_544.cat"'
verify_signature "$?" "544" "cat" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

20
tests/recipes/55_verify_revoked
View File

@ -63,4 +63,24 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
test_name="554. Verify CAT file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "good.cat" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "good.cat" -out "test_554.cat"'
verify_signature "$?" "554" "cat" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

3
tests/recipes/56_verify_multiple
View File

@ -96,4 +96,7 @@ if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
printf "Test skipped\n"
fi
# CAT file
# Warning: CAT files do not support nesting
exit 0

BIN
tests/sources/good.cat Executable file
View File

Binary file not shown.

5
tests/testall.sh
View File

@ -88,6 +88,9 @@ if grep -q "no libgsf available" "results.log"
fi
fi
# CAT files support
cp "../sources/good.cat" "good.cat"
# Timestamping support
if grep -q "no libcurl available" "results.log"
then
@ -101,7 +104,7 @@ if test -n "$(command -v faketime)"
then
make_tests
result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" "good.cat"
rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der"
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
else