release 2.1

Signed-off-by: Michal Trojnara <Michal.Trojnara@stunnel.org>
Add timestamp (#60 )
2025-07-03 03:32:47 -05:00 · 2020-10-11 21:33:58 +02:00 · 2020-10-08 08:33:47 +02:00 · 2020-10-04 22:05:28 +02:00 · 2020-10-04 22:05:28 +02:00 · 2020-10-04 22:05:28 +02:00
65 changed files with 7751 additions and 2038 deletions
--- a/.gitignore
+++ b/.gitignore
@ -40,3 +40,7 @@ stamp-h1
 *~
 *.gz
 *.bz2
 **/*.log
 !myapp.exe
 *.pem
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,15 @@
 ### 2.1 (2020-10-11)
 - certificate chain verification support
 - timestamp verification support
 - CRL verification support ("-CRLfile" option)
 - improved CAB signature support
 - nested signatures support
 - user-specified signing time ("-st" option) by vszakats
 - added more tests
 - fixed numerous bugs
 - dropped OpenSSL 1.1.0 support
 ### 2.0 (2018-12-04)
 - orphaned project adopted by Michał Trojnara
--- a/INSTALL.W32.md
+++ b/INSTALL.W32.md
@ -0,0 +1,101 @@
 # osslsigncode Windows install notes
 ### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages:
 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions.
   Once up and running install even mingw-w64-x86_64-gcc, mingw-w64-x86_64-curl, mingw-w64-x86_64-libgsf.
 ```
  pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-curl mingw-w64-x86_64-libgsf
 ```
   mingw-w64-x86_64-openssl and mingw-w64-x86_64-zlib packages are installed with dependencies.
 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
 ```
  cd osslsigncode-folder
  x86_64-w64-mingw32-gcc osslsigncode.c  -o osslsigncode.exe \
    -lcrypto -lssl -lcurl -lgsf-1 -lgobject-2.0 -lglib-2.0 -lxml2 \
    -I 'C:/msys64/mingw64/include/libgsf-1' \
    -I 'C:/msys64/mingw64/include/glib-2.0' \
    -I 'C:/msys64/mingw64/lib/glib-2.0/include' \
    -D 'PACKAGE_STRING="osslsigncode 2.1.0"' \
    -D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
    -D ENABLE_CURL \
    -D WITH_GSF
 ```
 3) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path.
 ```
  path=%path%;c:\msys64\mingw64\bin
  cd osslsigncode-folder
  osslsigncode.exe -v
  osslsigncode 2.1.0, using:
           OpenSSL 1.1.1g  21 Apr 2020
           libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
           libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0 libgsf 1.14.46
 ```
 ### Building OpenSSL, Curl and osslsigncode sources with MSYS2 MinGW 64-bit:
 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions.
   Once up and running install even: perl make autoconf automake libtool pkg-config.
 ```
  pacman -S perl make autoconf automake libtool pkg-config
 ```
   Make sure there are no curl, brotli, libpsl, libidn2 and nghttp2 packages installed:
 ```
  pacman -R mingw-w64-x86_64-curl \
    mingw-w64-x86_64-brotli \
    mingw-w64-x86_64-libpsl \
    mingw-w64-x86_64-libidn2 \
    mingw-w64-x86_64-nghttp2
 ```
   Run "MSYS2 MinGW 64-bit" in the administrator mode.
 2) Build and install OpenSSL.
 ```
  cd openssl-(version)
  ./config --prefix='C:/OpenSSL' --openssldir='C:/OpenSSL'
  make && make install
 ```
 3) Build and install curl.
 ```
  cd curl-(version)
  ./buildconf
  ./configure --prefix='C:/curl' --with-ssl='C:/OpenSSL' \
    --disable-ftp --disable-tftp --disable-file --disable-dict \
    --disable-telnet --disable-imap --disable-smb --disable-smtp \
    --disable-gopher --disable-pop --disable-pop3 --disable-rtsp \
    --disable-ldap --disable-ldaps --disable-unix-sockets --disable-pthreads
  make && make install
 ```
 3) Build 64-bit Windows executables.
 ```
  cd osslsigncode-folder
  x86_64-w64-mingw32-gcc osslsigncode.c -o osslsigncode.exe \
    -L 'C:/OpenSSL/lib/' -lcrypto -lssl \
    -I 'C:/OpenSSL/include/' \
    -L 'C:/curl/lib' -lcurl \
    -I 'C:/curl/include' \
    -D 'PACKAGE_STRING="osslsigncode 2.1.0"' \
    -D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
    -D ENABLE_CURL
 ```
 4) Run "Command prompt" and copy required libraries.
 ```
  cd osslsigncode-folder
  copy C:\OpenSSL\bin\libssl-1_1-x64.dll
  copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll
  copy C:\curl\bin\libcurl-4.dll
  copy C:\msys64\mingw64\bin\zlib1.dll
  osslsigncode.exe -v
  osslsigncode 2.1.0, using:
          OpenSSL 1.1.1g  21 Apr 2020
          libcurl/7.70.0 OpenSSL/1.1.1g zlib/1.2.11
          no libgsf available
 ```
--- a/LICENSE.txt
+++ b/LICENSE.txt
@ -1,7 +1,7 @@
 OpenSSL based Authenticode signing for PE/MSI/Java CAB files.
 Copyright (C) 2005-2014 Per Allansson <pallansson@gmail.com>
-Copyright (C) 2018 Michał Trojnara <Michal.Trojnara@stunnel.org>
+Copyright (C) 2018-2019 Michał Trojnara <Michal.Trojnara@stunnel.org>
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
--- a/README.md
+++ b/README.md
@ -25,15 +25,23 @@ valid signature for a CAB file containing Java files. It supports getting
 the timestamp through a proxy as well. It also supports signature verification,
 removal and extraction.
-## INSTALLATION
+## BUILDING
-The usual way:
+This build technique works on Linux and macOS, if you have the necessary tools installed:
 ```
  ./autogen.sh
  ./configure
  make
  make install
 ```
 * On Linux, (tested on Debian/Ubuntu) you may need `sudo apt-get update && sudo apt-get install build-essential autoconf libtool libssl-dev python3-pkgconfig libcurl4-gnutls-dev`
 * On macOS with Homebrew, you probably need to do these things before autogen.sh and configure:
 ```
  brew install openssl@1.1 automake pkg-config libtool
  export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
 ```
 ## USAGE
 Before you can sign a file you need a Software Publishing
@ -85,6 +93,18 @@ To sign a CAB file containing java class files:
 ```
 Only the 'low' parameter is currently supported.
 If you want to use PKCS11 token, you should indicate PKCS11 engine and module.
 An example of using osslsigncode with SoftHSM:
 ```
  osslsigncode sign \
    -pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \
    -pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \
    -certs <cert-file> \
    -key 'pkcs11:token=softhsm-token;object=key' \
    -in yourapp.exe -out yourapp-signed.exe
 ```
 osslsigncode currently does not support reading certificates from engines.
 You can check that the signed file is correct by right-clicking
 on it in Windows and choose Properties --> Digital Signatures,
 and then choose the signature from the list, and click on
@ -129,7 +149,9 @@ You need the *.p7b and *.der files to use osslsigncode, instead of your
 ## BUGS, QUESTIONS etc.
-Send an email to pallansson@gmail.com
+Check whether your your question or suspected bug was already
 discussed on https://github.com/mtrojnar/osslsigncode/issues.
 Otherwise, open a new issue.
 BUT, if you have questions related to generating spc files,
 converting between different formats and so on, *please*
--- a/TODO.md
+++ b/TODO.md
@ -1,8 +1,5 @@
 - signature extraction/removal/verificaton on MSI/CAB files
 - improved signature verification on PE files
 - clean up / untangle code
 - separate timestamping
 - man page
 - remove mmap usage to increase portability
 - tests
 - fix other stuff marked 'XXX'
--- a/configure.ac
+++ b/configure.ac
@ -1,6 +1,6 @@
 AC_PREREQ(2.60)
-AC_INIT([osslsigncode], [1.7.1], [pallansson@gmail.com])
+AC_INIT([osslsigncode], [2.1.0], [Michal.Trojnara@stunnel.org])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_HEADERS([config.h])
 AM_INIT_AUTOMAKE
@ -78,32 +78,32 @@ AC_CHECK_HEADERS([termios.h])
 AC_CHECK_FUNCS(getpass)
 AC_ARG_WITH([gsf],
-        AS_HELP_STRING([--without-gsf], [Ignore presence of libgsf and disable it])
+	AS_HELP_STRING([--without-gsf], [Ignore presence of libgsf and disable it])
 )
 AS_IF([test "x$with_gsf" != "xno"],
-        [PKG_CHECK_MODULES([GSF], [libgsf-1], [have_gsf=yes], [have_gsf=no])],
+	[PKG_CHECK_MODULES([GSF], [libgsf-1], [have_gsf=yes], [have_gsf=no])],
-        [have_gsf=no]
+	[have_gsf=no]
 )
 AS_IF([test "x$have_gsf" = "xyes"],
-        [AC_DEFINE([WITH_GSF], 1, [Have libgsf?])],
+	[AC_DEFINE([WITH_GSF], 1, [Have libgsf?])],
-        [AS_IF([test "x$with_gsf" = "xyes"],
+	[AS_IF([test "x$with_gsf" = "xyes"],
-                [AC_MSG_ERROR([libgsf requested but not found])])]
+		[AC_MSG_ERROR([libgsf requested but not found])])]
 )
 PKG_CHECK_MODULES(
 	[OPENSSL],
-	[libcrypto >= 1.1.0],
+	[libcrypto >= 1.1.1],
 	,
 	[PKG_CHECK_MODULES(
 		[OPENSSL],
-		[openssl >= 1.1.0],
+		[openssl >= 1.1.1],
 		,
 		[AC_CHECK_LIB(
 			[crypto],
-			[RSA_verify],
+			[EVP_MD_CTX_new],
 			[OPENSSL_LIBS="-lcrypto ${SOCKETS_LIBS} ${DL_LIBS}"],
-			[AC_MSG_ERROR([OpenSSL 1.1.0 or later is required. http://www.openssl.org/])],
+			[AC_MSG_ERROR([OpenSSL 1.1.1 or later is required. https://www.openssl.org/])],
 			[${DL_LIBS}]
 		)]
 	)]
@ -132,5 +132,9 @@ fi
 AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
 AC_SUBST([OPTIONAL_LIBCURL_LIBS])
 AC_DEFINE_UNQUOTED([CA_BUNDLE_PATH], ["$(curl-config --ca 2>/dev/null)"], [CA bundle install path])
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT
 # vim: set ts=4 noexpandtab:
--- a/osslsigncode.c
+++ b/osslsigncode.c
--- a/tests/certs/.gitignore
+++ b/tests/certs/.gitignore
@ -0,0 +1,6 @@
 *.der
 *.pem
 *.pvk
 *.p12
 *.spc
 *.txt
--- a/tests/certs/makecerts.sh
+++ b/tests/certs/makecerts.sh
@ -0,0 +1,218 @@
 #!/bin/sh
 result=0
 test_result() {
  if test "$1" -eq 0
    then
      printf "Succeeded\n" >> "makecerts.log"
    else
      printf "Failed\n" >> "makecerts.log"
    fi
 }
 make_certs() {
  password=passme
  result_path=$(pwd)
  cd $(dirname "$0")
  script_path=$(pwd)
  cd "${result_path}"
  mkdir "tmp/"
 # OpenSSL settings
  CONF="${script_path}/openssl_intermediate.cnf"
  TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
  if test -n "$1"
    then
      OPENSSL="$1/bin/openssl"
      LD_LIBRARY_PATH="$1/lib"
    else
      OPENSSL=openssl
    fi
  mkdir "demoCA/" 2>> "makecerts.log" 1>&2
  touch "demoCA/index.txt"
  touch "demoCA/index.txt.attr"
  echo 1000 > "demoCA/serial"
  date > "makecerts.log"
  $OPENSSL version 2>> "makecerts.log" 1>&2
  echo -n "$password" > "password.txt"
  printf "\nGenerate root CA certificate\n" >> "makecerts.log"
  $OPENSSL genrsa -out demoCA/CA.key \
      2>> "makecerts.log" 1>&2
  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
    script_path=$(pwd)
    OPENSSL=openssl
    CONF="${script_path}/openssl_root.cnf"
    $OPENSSL req -config $CONF -new -x509 -days 3600 -key demoCA/CA.key -out tmp/CACert.pem \
        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \
        2>> "makecerts.log" 1>&2'
  test_result $?
  printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log"
  $OPENSSL genrsa -out demoCA/intermediate.key \
        2>> "makecerts.log" 1>&2
    TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
    script_path=$(pwd)
    OPENSSL=openssl
    CONF="${script_path}/openssl_intermediate.cnf"
    $OPENSSL req -config $CONF -new -key demoCA/intermediate.key -out demoCA/intermediate.csr \
        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \
        2>> "makecerts.log" 1>&2'
  test_result $?
  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
    script_path=$(pwd)
    OPENSSL=openssl
    CONF="${script_path}/openssl_root.cnf"
    $OPENSSL ca -config $CONF -batch -in demoCA/intermediate.csr -out demoCA/intermediate.cer \
        2>> "makecerts.log" 1>&2'
  test_result $?
  $OPENSSL x509 -in demoCA/intermediate.cer -out tmp/intermediate.pem \
      2>> "makecerts.log" 1>&2
  printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
  $OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \
      2>> "makecerts.log" 1>&2
  test_result $?
  cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
  printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
  $OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \
      -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \
      2>> "makecerts.log" 1>&2
  $OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
      2>> "makecerts.log" 1>&2
  $OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
      2>> "makecerts.log" 1>&2
  printf "\nRevoke above certificate\n" >> "makecerts.log"
  $OPENSSL ca -config $CONF -revoke demoCA/1001.pem \
      2>> "makecerts.log" 1>&2
  printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log"
  cat tmp/intermediate.pem >> tmp/revoked.pem
  printf "\nGenerate CRL file\n" >> "makecerts.log"
  TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
    script_path=$(pwd)
    OPENSSL=openssl
    CONF="${script_path}/openssl_intermediate.cnf"
    $OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
        2>> "makecerts.log" 1>&2'
  printf "\nConvert revoked certificate to SPC format\n" >> "makecerts.log"
  $OPENSSL crl2pkcs7 -in tmp/CACertCRL.pem -certfile tmp/revoked.pem -outform DER -out tmp/revoked.spc \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
  $OPENSSL genrsa -out demoCA/cross.key \
      2>> "makecerts.log" 1>&2
  TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
    script_path=$(pwd)
    OPENSSL=openssl
    CONF="${script_path}/openssl_intermediate.cnf"
    $OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
       -subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=osslsigncode@example.com" \
       2>> "makecerts.log" 1>&2'
  test_result $?
  printf "\nGenerate code signing certificate\n" >> "makecerts.log"
  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \
      2>> "makecerts.log" 1>&2
  test_result $?
  $OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
      2>> "makecerts.log" 1>&2
  test_result $?
  $OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nConvert the key to DER format\n" >> "makecerts.log"
  $OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nConvert the key to PVK format\n" >> "makecerts.log"
  $OPENSSL rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
  $OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log"
  cat tmp/intermediate.pem >> tmp/cert.pem
  printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
  $OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
  $OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nGenerate expired certificate\n" >> "makecerts.log"
  $OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \
      2>> "makecerts.log" 1>&2
  test_result $?
  $OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
      2>> "makecerts.log" 1>&2
  test_result $?
  $OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
      2>> "makecerts.log" 1>&2
  test_result $?
  printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log"
  cat tmp/intermediate.pem >> tmp/expired.pem
 # copy new files
  if test -s tmp/intermediate.pem -a -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \
      -a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \
      -a -s tmp/cert.pem -a -s tmp/cert.p12 -a -s tmp/cert.der -a -s tmp/cert.spc \
      -a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc
  then
    cp tmp/* ./
    printf "%s\n" "keys & certificates successfully generated"
    printf "%s\n" "makecerts.sh finished"
    rm -f "makecerts.log"
  else
    printf "%s\n" "makecerts.sh failed"
    printf "%s\n" "error logs ${result_path}/makecerts.log"
    result=1
  fi
 # remove the working directory
  rm -rf "demoCA/"
  rm -rf "tmp/"
 # restore settings
  LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
  exit $result
 }
 # Tests requirement
 if test -n "$(command -v faketime)"
  then
    make_certs $1
    result=$?
  else
    printf "%s\n" "faketime not found in \$PATH"
    printf "%s\n" "tests skipped, please install faketime package"
    result=1
  fi
 exit $result
--- a/tests/certs/openssl_intermediate.cnf
+++ b/tests/certs/openssl_intermediate.cnf
@ -0,0 +1,61 @@
 # OpenSSL intermediate CA configuration file
 [ ca ]
 default_ca                      = CA_default
 [ CA_default ]
 # Directory and file locations
 dir                             = .
 certs                           = $dir/demoCA
 crl_dir                         = $dir/demoCA
 new_certs_dir                   = $dir/demoCA
 database                        = $dir/demoCA/index.txt
 serial                          = $dir/demoCA/serial
 private_key                     = $dir/demoCA/intermediate.key
 certificate                     = $dir/tmp/intermediate.pem
 crl_extensions                  = crl_ext
 default_md                      = sha256
 preserve                        = no
 policy                          = policy_loose
 default_startdate               = 180101000000Z
 default_enddate                 = 210101000000Z
 [ req ]
 # Options for the `req` tool
 encrypt_key                     = no
 default_bits                    = 2048
 default_md                      = sha256
 string_mask                     = utf8only
 distinguished_name              = req_distinguished_name
 x509_extensions                 = usr_extensions
 [ crl_ext ]
 # Extension for CRLs
 authorityKeyIdentifier          = keyid:always
 [ usr_extensions ]
 # Extension to add when the -x509 option is used
 basicConstraints                = CA:FALSE
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid, issuer
 extendedKeyUsage                = codeSigning
 [ policy_loose ]
 # Allow the intermediate CA to sign a more diverse range of certificates.
 # See the POLICY FORMAT section of the `ca` man page.
 countryName                     = optional
 stateOrProvinceName             = optional
 localityName                    = optional
 organizationName                = optional
 organizationalUnitName          = optional
 commonName                      = supplied
 emailAddress                    = optional
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
--- a/tests/certs/openssl_root.cnf
+++ b/tests/certs/openssl_root.cnf
@ -0,0 +1,61 @@
 # OpenSSL root CA configuration file
 [ ca ]
 default_ca                      = CA_default
 [ CA_default ]
 # Directory and file locations.
 dir                             = .
 certs                           = $dir/demoCA
 crl_dir                         = $dir/demoCA
 new_certs_dir                   = $dir/demoCA
 database                        = $dir/demoCA/index.txt
 serial                          = $dir/demoCA/serial
 private_key                     = $dir/demoCA/CA.key
 certificate                     = $dir/tmp/CACert.pem
 crl_extensions                  = crl_ext
 default_md                      = sha256
 preserve                        = no
 policy                          = policy_match
 default_startdate               = 180101000000Z
 default_enddate                 = 260101000000Z
 x509_extensions                 = v3_intermediate_ca
 [ req ]
 # Options for the `req` tool
 encrypt_key                     = no
 default_bits                    = 2048
 default_md                      = sha256
 string_mask                     = utf8only
 x509_extensions                 = ca_extensions
 distinguished_name              = req_distinguished_name
 [ ca_extensions ]
 # Extension to add when the -x509 option is used
 basicConstraints                = critical, CA:true
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer
 keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
 [ v3_intermediate_ca ]
 # Extensions for a typical intermediate CA (`man x509v3_config`)
 basicConstraints                = critical, CA:true, pathlen:0
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer
 keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
 [ policy_match ]
 countryName                     = match
 organizationName                = match
 organizationalUnitName          = optional
 commonName                      = supplied
 emailAddress                    = optional
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
--- a/tests/certs/openssltest.cnf
+++ b/tests/certs/openssltest.cnf
@ -0,0 +1,61 @@
 # OpenSSL root CA configuration file
 [ ca ]
 default_ca                      = CA_default
 [ CA_default ]
 # Directory and file locations.
 dir                             = .
 certs                           = $dir/demoCA
 crl_dir                         = $dir/demoCA
 new_certs_dir                   = $dir/demoCA
 database                        = $dir/demoCA/index.txt
 serial                          = $dir/demoCA/serial
 crl_extensions                  = crl_ext
 default_md                      = sha256
 preserve                        = no
 policy                          = policy_match
 x509_extensions                 = usr_cert
 private_key                     = $dir/demoCA/CA.key
 certificate                     = $dir/tmp/CACert.pem
 default_startdate               = 180101000000Z
 default_enddate                 = 210101000000Z
 [ req ]
 encrypt_key                     = no
 default_bits                    = 2048
 default_md                      = sha256
 string_mask                     = utf8only
 x509_extensions                 = ca_extensions
 distinguished_name              = req_distinguished_name
 [ crl_ext ]
 authorityKeyIdentifier          = keyid:always
 [ usr_cert ]
 basicConstraints                = CA:FALSE
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid, issuer
 extendedKeyUsage                = codeSigning
 [ ca_extensions ]
 basicConstraints                = critical, CA:true
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer
 keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
 [ policy_match ]
 countryName                     = match
 organizationName                = match
 organizationalUnitName          = optional
 commonName                      = supplied
 emailAddress                    = optional
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
--- a/tests/recipes/01_sign_pem
+++ b/tests/recipes/01_sign_pem
@ -0,0 +1,56 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format.
 # -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="011. Sign a PE file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_011.exe"
    verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="012. Sign a CAB file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_012.ex_"
    verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_013.msi"
    verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/02_sign_pass
+++ b/tests/recipes/02_sign_pass
@ -0,0 +1,58 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="021. Sign a PE file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -pass passme \
        -in "test.exe" -out "test_021.exe"
    verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="022. Sign a CAB file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -pass passme \
        -in "test.ex_" -out "test_022.ex_"
    verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -pass passme \
        -in "sample.msi" -out "test_023.msi"
    verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/03_sign_der
+++ b/tests/recipes/03_sign_der
@ -0,0 +1,59 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the encrypted private key file in the DER format.
 # Requires OpenSSL 1.0.0 or later
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="031. Sign a PE file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -pass passme \
        -in "test.exe" -out "test_031.exe"
    verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="032. Sign a CAB file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -pass passme \
        -in "test.ex_" -out "test_032.ex_"
    verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -pass passme \
        -in "sample.msi" -out "test_033.msi"
    verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/04_sign_spc_pvk
+++ b/tests/recipes/04_sign_spc_pvk
@ -0,0 +1,59 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the certificate file in the SPC format
 # and the private key file in the Microsoft Private Key (PVK) format.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="041. Sign a PE file a SPC certificate file and a PVK private key file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
        -pass passme \
        -in "test.exe" -out "test_041.exe"
    verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
        -pass passme \
        -in "test.ex_" -out "test_042.ex_"
    verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
        -pass passme \
        -in "sample.msi" -out "test_043.msi"
    verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/05_sign_pkcs12
+++ b/tests/recipes/05_sign_pkcs12
@ -0,0 +1,57 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
        -in "test.exe" -out "test_051.exe"
    verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -pkcs12 "${script_path}/../certs/cert.p12" \
        -pass passme \
        -in "test.ex_" -out "test_052.ex_"
    verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -pkcs12 "${script_path}/../certs/cert.p12" \
        -pass passme \
        -in "sample.msi" -out "test_053.msi"
    verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/06_test_sha256sum
+++ b/tests/recipes/06_test_sha256sum
@ -0,0 +1,54 @@
 #!/bin/sh
 # Checking SHA256 message digests for 01x-05x tests
 . $(dirname $0)/../test_library
 res=0
 skip=0
 test_name="061. Checking SHA256 message digests for 01x-05x tests"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_exe.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_exe.log"
  else
    skip=$(($skip+1))
  fi
 if test -s "test.ex_"
  then
    if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_ex_.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_ex_.log"
  else
    skip=$(($skip+1))
  fi
 if test -s "sample.msi"
  then
    if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_msi.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_msi.log"
  else
    skip=$(($skip+1))
  fi
 if test $skip -lt 3
  then
    test_result "$res" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/07_sign_timestamp
+++ b/tests/recipes/07_sign_timestamp
@ -0,0 +1,64 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with Authenticode timestamping
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="071. Sign a PE file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2
    verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="072. Sign a CAB file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
    verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="073. Sign a MSI file with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "sample.msi" -out "test_073.msi"
    verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/08_sign_rfc3161
+++ b/tests/recipes/08_sign_rfc3161
@ -0,0 +1,68 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with RFC 3161 timestamping
 # An RFC3161 timestamp server provides an essential function in protecting
 # data records for the long-term. It provides proof that the data existed
 # at a particular moment in time and that it has not changed, even by
 # a single binary bit, since it was notarized and time-stamped.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="081. Sign a PE file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test.exe" -out "test_081.exe"
    verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="082. Sign a CAB file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test.ex_" -out "test_082.ex_"
    verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="083. Sign a MSI file with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "sample.msi" -out "test_083.msi"
    verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/09_sign_page_hashes
+++ b/tests/recipes/09_sign_page_hashes
@ -0,0 +1,29 @@
 #!/bin/sh
 # Generate page hashes for a PE file
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="091. Generate page hashes for a PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 -ph \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_091.exe"
    verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # Warning: -ph option is only valid for PE files
 # MSI file
 # Warning: -ph option is only valid for PE files
 exit 0
--- a/tests/recipes/10_sign_blob
+++ b/tests/recipes/10_sign_blob
@ -0,0 +1,58 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with addUnauthenticatedBlob.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="101. Sign a PE file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -addUnauthenticatedBlob \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2
    verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="102. Sign a CAB file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -addUnauthenticatedBlob \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
    verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="103. Sign a MSI file with addUnauthenticatedBlob"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -addUnauthenticatedBlob \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2
    verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/11_sign_nest
+++ b/tests/recipes/11_sign_nest
@ -0,0 +1,71 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file twice with the "nest" flag in the second time
 # in order to add the new signature instead of replacing the first one.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="111. Sign a PE file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_111_signed.exe"
    ../../osslsigncode sign -h sha512 \
        -nest \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test_111_signed.exe" -out "test_111.exe"
    verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name" 
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="112. Sign a CAB file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_112_signed.ex_"
    ../../osslsigncode sign -h sha512 \
        -nest \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test_112_signed.ex_" -out "test_112.ex_"
    verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="113. Sign a MSI file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_113_signed.msi"
    ../../osslsigncode sign -h sha512 \
        -nest \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test_113_signed.msi" -out "test_113.msi"
    verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/12_sign_readpass_pem
+++ b/tests/recipes/12_sign_readpass_pem
@ -0,0 +1,58 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="121. Sign a PE file with the PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_121.exe"
    verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="122. Sign a CAB file with a PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -in "test.ex_" -out "test_122.ex_"
    verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="123. Sign a MSI file with a PEM key file and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -in "sample.msi" -out "test_123.msi"
    verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/13_sign_readpass_pkcs12
+++ b/tests/recipes/13_sign_readpass_pkcs12
@ -0,0 +1,59 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container
 # and a password read from password.txt file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="131. Sign a PE file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -pkcs12 "${script_path}/../certs/cert.p12" \
        -in "test.exe" -out "test_131.exe"
    verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -pkcs12 "${script_path}/../certs/cert.p12" \
        -in "test.ex_" -out "test_132.ex_"
    verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -readpass "${script_path}/../certs/password.txt" \
        -pkcs12 "${script_path}/../certs/cert.p12" \
        -in "sample.msi" -out "test_133.msi"
    verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/14_sign_descryption
+++ b/tests/recipes/14_sign_descryption
@ -0,0 +1,58 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with a descryption
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="141. Sign a PE file with a descryption"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -n "DESCRYPTION_TEXT" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_141.exe"
    verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="142. Sign a CAB file with a descryption"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -n "DESCRYPTION_TEXT" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_142.ex_"
    verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="143. Sign a MSI file with a descryption"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -n "DESCRYPTION_TEXT" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_143.msi"
    verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/15_sign_url
+++ b/tests/recipes/15_sign_url
@ -0,0 +1,59 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content
 # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="151. Sign a PE file with specified URL"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -i "https://www.osslsigncode.com/" \
        -in "test.exe" -out "test_151.exe"
    verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="152. Sign a CAB file with specified URL"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -i "https://www.osslsigncode.com/" \
        -in "test.ex_" -out "test_152.ex_"
    verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="153. Sign a MSI file with specified URL"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -i "https://www.osslsigncode.com/" \
        -in "sample.msi" -out "test_153.msi"
    verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/16_sign_comm
+++ b/tests/recipes/16_sign_comm
@ -0,0 +1,61 @@
 #!/bin/sh
 # Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID
 # object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
 # changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
 # sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="161. Sign a PE file with the common purpose set"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -comm \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_161.exe"
    verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="162. Sign a CAB file with the common purpose set"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -comm \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_162.ex_"
    verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="163. Sign a MSI file with the common purpose set"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -comm \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_163.msi"
    verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/17_sign_crosscertfile
+++ b/tests/recipes/17_sign_crosscertfile
@ -0,0 +1,60 @@
 #!/bin/sh
 # Add an additional certificate to the signature block of the PE/CAB/MSI file.
 # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
 # https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="171. Add an additional certificate to the signature block of the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ac "${script_path}/../certs/crosscert.pem" \
        -in "test.exe" -out "test_171.exe"
    verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="172. Add an additional certificate to the signature block of the CAB file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ac "${script_path}/../certs/crosscert.pem" \
        -in "test.ex_" -out "test_172.ex_"
    verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="173. Add an additional certificate to the signature block of the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ac "${script_path}/../certs/crosscert.pem" \
        -in "sample.msi" -out "test_173.msi"
    verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/21_sign_hash_md5
+++ b/tests/recipes/21_sign_hash_md5
@ -0,0 +1,27 @@
 #!/bin/sh
 # Sign a PE file with MD5 set of cryptographic hash functions.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h md5 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_211.exe"
    verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # MSI file
 exit 0
--- a/tests/recipes/22_sign_hash_sha1
+++ b/tests/recipes/22_sign_hash_sha1
@ -0,0 +1,27 @@
 #!/bin/sh
 # Sign a PE file with SHA1 set of cryptographic hash functions.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha1 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_221.exe"
    verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # MSI file
 exit 0
--- a/tests/recipes/23_sign_hash_sha2
+++ b/tests/recipes/23_sign_hash_sha2
@ -0,0 +1,27 @@
 #!/bin/sh
 # Signing a PE file with SHA1 set of cryptographic hash functions.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha2 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_231.exe"
    verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # MSI file
 exit 0
--- a/tests/recipes/24_sign_hash_sha384
+++ b/tests/recipes/24_sign_hash_sha384
@ -0,0 +1,27 @@
 #!/bin/sh
 # Sign a PE file with SHA384 set of cryptographic hash functions.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha384 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_241.exe"
    verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # MSI file
 exit 0
--- a/tests/recipes/25_sign_hash_sha512
+++ b/tests/recipes/25_sign_hash_sha512
@ -0,0 +1,27 @@
 #!/bin/sh
 # Sign a PE file with SHA512 set of cryptographic hash functions.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_251.exe"
    verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # MSI file
 exit 0
--- a/tests/recipes/26_extract_signature_pem
+++ b/tests/recipes/26_extract_signature_pem
@ -0,0 +1,61 @@
 #!/bin/sh
 # Extract the signature in the PEM format from the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="261. Extract the PEM signature from the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_261.exe" && \
    ../../osslsigncode extract-signature -pem \
        -in "test_261.exe" -out "sign_pe.pem"
    verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="262. Extract the PEM signature from the CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_262.ex_" && \
    ../../osslsigncode extract-signature -pem \
        -in "test_262.ex_" -out "sign_cab.pem"
    verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="263. Extract the PEM signature from the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_263.msi" && \
    ../../osslsigncode extract-signature -pem \
        -in "test_263.msi" -out "sign_msi.pem"
    verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/27_extract_signature_der
+++ b/tests/recipes/27_extract_signature_der
@ -0,0 +1,61 @@
 #!/bin/sh
 # Extract the signature in the DER format from the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="271. Extract the DER signature from the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_271.exe" && \
    ../../osslsigncode extract-signature \
        -in "test_271.exe" -out "sign_pe.der"
    verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="272. Extract the DER signature from the CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_272.ex_" && \
    ../../osslsigncode extract-signature \
        -in "test_272.ex_" -out "sign_cab.der"
    verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="273. Extract the DER signature from the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha512 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_273.msi" && \
    ../../osslsigncode extract-signature \
        -in "test_273.msi" -out "sign_msi.der"
    verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/31_attach_signature_der
+++ b/tests/recipes/31_attach_signature_der
@ -0,0 +1,58 @@
 #!/bin/sh
 # Attach the DER signature to the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="311. Attach the DER signature to the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_pe.der" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test.exe" -out "test_311.exe"
    verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="312. Attach the DER signature to the CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_cab.der" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test.ex_" -out "test_312.ex_"
    verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="313. Attach the DER signature to the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_msi.der" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "sample.msi" -out "test_313.msi"
    verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/32_attach_signature_pem
+++ b/tests/recipes/32_attach_signature_pem
@ -0,0 +1,58 @@
 #!/bin/sh
 # Attach the PEM signature to the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="321. Attach the PEM signature to the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_pe.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test.exe" -out "test_321.exe"
    verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="322. Attach the PEM signature to the CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_cab.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test.ex_" -out "test_322.ex_"
    verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="323. Attach the PEM signature to the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode attach-signature \
        -sigin "sign_msi.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "sample.msi" -out "test_323.msi"
    verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/33_attach_signed
+++ b/tests/recipes/33_attach_signed
@ -0,0 +1,69 @@
 #!/bin/sh
 # Attach the signature to the signed PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="331. Attach the signature to the signed PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_331_signed.exe"
    ../../osslsigncode attach-signature \
        -sigin "sign_pe.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_331_signed.exe" -out "test_331.exe"
    verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="332. Attach the signature to the signed CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_332_signed.ex_"
    ../../osslsigncode attach-signature \
        -sigin "sign_cab.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_332_signed.ex_" -out "test_332.ex_"
    verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="333. Attach the signature to the signed MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_333_signed.msi"
    ../../osslsigncode attach-signature -sigin "sign_msi.pem" \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_333_signed.msi" -out "test_333.msi"
    verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \
 	"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/34_attach_nest
+++ b/tests/recipes/34_attach_nest
@ -0,0 +1,74 @@
 #!/bin/sh
 # Attach the signature to the signed PE/CAB/MSI file with the "nest" flag
 # in order to attach the new signature instead of replacing the first one.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="341. Attach the signature to the signed PE file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_341_signed.exe"
    ../../osslsigncode attach-signature \
        -sigin "sign_pe.pem" \
        -nest \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_341_signed.exe" -out "test_341.exe"
    verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="342. Attach the signature to the signed CAB file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_342_signed.ex_"
    ../../osslsigncode attach-signature \
        -sigin "sign_cab.pem" \
        -nest \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_342_signed.ex_" -out "test_342.ex_"
    verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="343. Attach the signature to the signed MSI file with the nest flag"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_343_signed.msi"
    ../../osslsigncode attach-signature \
        -sigin "sign_msi.pem" \
        -nest \
        -CAfile "${script_path}/../certs/CACert.pem" \
        -CRLfile "${script_path}/../certs/CACertCRL.pem" \
        -in "test_343_signed.msi" -out "test_343.msi"
    verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/35_remove_signature
+++ b/tests/recipes/35_remove_signature
@ -0,0 +1,61 @@
 #!/bin/sh
 # Remove the signature from the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="351. Remove the signature from the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_351_signed.exe" && \
    ../../osslsigncode remove-signature \
        -in "test_351_signed.exe" -out "test_351.exe"
    verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="352. Remove the signature from the CAB file"
 printf "\n%s\n" "$test_name"
 if [ -s "test.ex_" ]
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_352_signed.ex_" && \
    ../../osslsigncode remove-signature \
        -in "test_352_signed.ex_" -out "test_352.ex_"
    verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="353. Remove the signature from the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_353_signed.msi" && \
    ../../osslsigncode remove-signature \
        -in "test_353_signed.msi" -out "test_353.msi"
    verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/36_varia_sha256sum
+++ b/tests/recipes/36_varia_sha256sum
@ -0,0 +1,55 @@
 #!/bin/sh
 # Checking SHA256 message digests for 31x-33x tests.
 . $(dirname $0)/../test_library
 res=0
 res=0
 skip=0
 test_name="361. Checking SHA256 message digests for 31x-33x tests"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_exe.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_exe.log"
  else
    skip=$(($skip+1))
  fi
 if test -s "test.ex_"
  then
    if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_ex_.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_ex_.log"
  else
    skip=$(($skip+1))
  fi
 if test -s "sample.msi"
  then
    if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
      then
        res=1
        cat "sha256sum_msi.log" >> "results.log"
        printf "Non-unique SHA256 message digests found\n" >> "results.log"
      fi
    rm -f "sha256sum_msi.log"
  else
    skip=$(($skip+1))
  fi
 if test $skip -lt 2
  then
    test_result "$res" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/37_add_signature_timestamp
+++ b/tests/recipes/37_add_signature_timestamp
@ -0,0 +1,70 @@
 #!/bin/sh
 # Add an authenticode timestamp to the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="371. Add an authenticode timestamp to the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_371_signed.exe" && \
    ../../osslsigncode add \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test_371_signed.exe" -out "test_371.exe"
    verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="372. Add an authenticode timestamp to the CAB file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_372_signed.ex_" && \
    ../../osslsigncode add \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test_372_signed.ex_" -out "test_372.ex_"
    verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="373. Add an authenticode timestamp to the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_373_signed.msi" && \
    ../../osslsigncode add \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test_373_signed.msi" -out "test_373.msi"
    verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/38_add_signature_rfc3161
+++ b/tests/recipes/38_add_signature_rfc3161
@ -0,0 +1,70 @@
 #!/bin/sh
 # Add an RFC 3161 timestamp to signed PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="381. Add RFC 3161 timestamp to signed PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_381_signed.exe"
    ../../osslsigncode add \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test_381_signed.exe" -out "test_381.exe"
    verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="382. Add RFC 3161 timestamp to signed CAB file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_382_signed.ex_"
    ../../osslsigncode add \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test_382_signed.ex_" -out "test_382.ex_"
    verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="383. Add RFC 3161 timestamp to signed MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_383_signed.msi"
    ../../osslsigncode add \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test_383_signed.msi" -out "test_383.msi"
    verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/39_add_signature_blob
+++ b/tests/recipes/39_add_signature_blob
@ -0,0 +1,64 @@
 #!/bin/sh
 # Add an unauthenticated blob to the PE/CAB/MSI file.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="391. Add an unauthenticated blob to the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_391_signed.exe"
    ../../osslsigncode add \
        -addUnauthenticatedBlob \
        -in "test_391_signed.exe" -out "test_391.exe"
    verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="392. Add an unauthenticated blob to the CAB file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_392_signed.ex_"
    ../../osslsigncode add \
        -addUnauthenticatedBlob \
        -in "test_392_signed.ex_" -out "test_392.ex_"
    verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="393. Add an unauthenticated blob to the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "sample.msi" -out "test_393_signed.msi"
    ../../osslsigncode add \
        -addUnauthenticatedBlob \
        -in "test_393_signed.msi" -out "test_393.msi"
    verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/40_verify_leaf_hash
+++ b/tests/recipes/40_verify_leaf_hash
@ -0,0 +1,52 @@
 #!/bin/sh
 # Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -in "test.exe" -out "test_401.exe"
    verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -in "test.ex_" -out "test_402.ex_"
    verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
        -in "sample.msi" -out "test_403.msi"
    verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/41_sign_add_msi_dse
+++ b/tests/recipes/41_sign_add_msi_dse
@ -0,0 +1,35 @@
 #!/bin/sh
 # Sign a MSI file with the add-msi-dse option.
 # MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
 # when signing MSI files. In addition to file content, it also hashes some file metadata,
 # specifically file names, file sizes, creation times and modification times.
 # https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 # Warning: -add-msi-dse option is only valid for MSI files
 # CAB file
 # Warning: -add-msi-dse option is only valid for MSI files
 # MSI file
 test_name="411. Sign a MSI file with the add-msi-dse option"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -add-msi-dse \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -pass passme \
        -in "sample.msi" -out "test_411.msi"
    verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/42_sign_jp_low
+++ b/tests/recipes/42_sign_jp_low
@ -0,0 +1,31 @@
 #!/bin/sh
 # Sign a CAB file with "jp low" option
 # https://support.microsoft.com/en-us/help/193877
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 # Warning: -jp option is only valid for CAB files
 # CAB file
 test_name="421. Sign a CAB file with jp low option"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -jp low \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.ex_" -out "test_421.ex_"
    verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 # Warning: -jp option is only valid for CAB files
 exit 0
--- a/tests/recipes/45_verify_fake_pe
+++ b/tests/recipes/45_verify_fake_pe
@ -0,0 +1,30 @@
 #!/bin/sh
 # Verify changed PE file after signing.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="451. Verify changed PE file after signing"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -in "test.exe" -out "test_451.exe"
    verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # Command is not supported for non-PE files
 # MSI file
 # Command is not supported for non-PE files
 exit 0
--- a/tests/recipes/46_verify_timestamp
+++ b/tests/recipes/46_verify_timestamp
@ -0,0 +1,33 @@
 #!/bin/sh
 # Verify changed PE file after signing with Authenticode timestamping.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="461. Verify changed PE file after signing with Authenticode timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -t http://time.certum.pl/ \
        -t http://timestamp.digicert.com/ \
        -verbose \
        -in "test.exe" -out "test_461.exe"
    verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # Command is not supported for non-PE files
 # MSI file
 # Command is not supported for non-PE files
 exit 0
--- a/tests/recipes/47_verify_rfc3161
+++ b/tests/recipes/47_verify_rfc3161
@ -0,0 +1,34 @@
 #!/bin/sh
 # Verify changed PE file after signing with RFC 3161 timestamping.
 . $(dirname $0)/../test_library
 script_path=$(pwd)
 # PE file
 test_name="471. Verify changed PE file after signing with RFC 3161 timestamping"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -verbose \
        -in "test.exe" -out "test_471.exe"
    verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 # Command is not supported for non-PE files
 # MSI file
 # Command is not supported for non-PE files
 exit 0
--- a/tests/recipes/51_verify_time
+++ b/tests/recipes/51_verify_time
@ -0,0 +1,57 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signature after the cert has been expired.
 . $(dirname $0)/../test_library
 # PE file
 test_name="511. Verify PE file signature after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="512. Verify CAB file signature after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="513. Verify MSI file signature after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -in "sample.msi" -out "test_513.msi"'
    verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/52_verify_timestamp
+++ b/tests/recipes/52_verify_timestamp
@ -0,0 +1,66 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired.
 . $(dirname $0)/../test_library
 # PE file
 test_name="521. Verify PE file signature with timestamping after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="523. Verify MSI file signature with timestamping after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "sample.msi" -out "test_523.msi"'
    verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/53_verify_rfc3161
+++ b/tests/recipes/53_verify_rfc3161
@ -0,0 +1,66 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired.
 . $(dirname $0)/../test_library
 # PE file
 test_name="531. Verify PE file signature with RFC3161 after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "sample.msi" -out "test_533.msi"'
    verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/54_verify_expired
+++ b/tests/recipes/54_verify_expired
@ -0,0 +1,66 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signed with the expired cert.
 . $(dirname $0)/../test_library
 # PE file
 test_name="541. Verify PE file signed with the expired cert"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="542. Verify CAB file signed with the expired cert"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="543. Verify MSI file signed with the expired cert"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -t http://time.certum.pl/ \
            -t http://timestamp.digicert.com/ \
            -verbose \
            -in "sample.msi" -out "test_543.msi"'
    verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/55_verify_revoked
+++ b/tests/recipes/55_verify_revoked
@ -0,0 +1,66 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signed with the revoked cert.
 . $(dirname $0)/../test_library
 # PE file
 test_name="551. Verify PE file signed with the revoked cert"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="552. Verify CAB file signed with the revoked cert"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="553. Verify MSI file signed with the revoked cert"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "sample.msi" -out "test_553.msi"'
    verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/recipes/56_verify_multiple
+++ b/tests/recipes/56_verify_multiple
@ -0,0 +1,99 @@
 #!/bin/sh
 # Verify PE/CAB/MSI file signed with the multiple signature.
 . $(dirname $0)/../test_library
 # PE file
 test_name="561. Verify PE file signed with the multiple signature"
 printf "\n%s\n" "$test_name"
 if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2
        ../../osslsigncode sign -h sha384 \
            -nest \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2
        ../../osslsigncode sign \
            -nest \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2'
    verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # CAB file
 test_name="562. Verify CAB file signed with the multiple signature"
 printf "\n%s\n" "$test_name"
 if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2
        ../../osslsigncode sign -h sha384 \
            -nest \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2
        ../../osslsigncode sign \
            -nest \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2'
    verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 # MSI file
 test_name="563. Verify MSI file signed with the multiple signature"
 printf "\n%s\n" "$test_name"
 if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
  then
    TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
            -in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2
        ../../osslsigncode sign -h sha384 \
            -nest \
            -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2
        ../../osslsigncode sign \
            -nest \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
            -ts http://time.certum.pl/ \
            -ts http://timestamp.digicert.com/ \
            -verbose \
            -in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2'
    verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \
 	"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi
 exit 0
--- a/tests/sources/a
+++ b/tests/sources/a
@ -0,0 +1 @@
 aaa
--- a/tests/sources/b
+++ b/tests/sources/b
@ -0,0 +1 @@
 bbb
--- a/tests/sources/c
+++ b/tests/sources/c
@ -0,0 +1 @@
 ccc
--- a/tests/sources/myapp.c
+++ b/tests/sources/myapp.c
@ -0,0 +1,6 @@
 #include <stdio.h>
 void main(void)
 {
    printf("Hello world!\n");
 }
--- a/tests/sources/sample.wxs
+++ b/tests/sources/sample.wxs
@ -0,0 +1,33 @@
 <?xml version='1.0' encoding='windows-1252'?>
 <!--https://wiki.gnome.org/msitools/HowTo/CreateMSI-->
 <Wix xmlns='http://schemas.microsoft.com/wix/2006/wi'>
  <Product Name='Foobar 1.0' Id='ABCDDCBA-86C7-4D14-AEC0-86416A69ABDE' UpgradeCode='ABCDDCBA-7349-453F-94F6-BCB5110BA4FD'
    Language='1033' Codepage='1252' Version='1.0.0' Manufacturer='Acme Ltd.'>
    <Package Id='*' Keywords='Installer' Description="Acme's Foobar 1.0 Installer"
      Comments='Foobar is a registered trademark of Acme Ltd.' Manufacturer='Acme Ltd.'
      InstallerVersion='100' Languages='1033' Compressed='yes' SummaryCodepage='1252' />
    <Media Id='1' Cabinet='Sample.cab' EmbedCab='yes' DiskPrompt="CD-ROM #1" />
    <Property Id='DiskPrompt' Value="Acme's Foobar 1.0 Installation [1]" />
    <Directory Id='TARGETDIR' Name='SourceDir'>
      <Directory Id='ProgramFilesFolder' Name='PFiles'>
        <Directory Id='Acme' Name='Acme'>
          <Directory Id='INSTALLDIR' Name='Foobar 1.0'>
            <Component Id='MainExecutable' Guid='ABCDDCBA-83F1-4F22-985B-FDB3C8ABD471'>
              <File Id='FoobarEXE' Name='FoobarAppl10.exe' DiskId='1' Source='FoobarAppl10.exe' KeyPath='yes'/>
            </Component>
          </Directory>
        </Directory>
      </Directory>
    </Directory>
    <Feature Id='Complete' Level='1'>
      <ComponentRef Id='MainExecutable' />
    </Feature>
  </Product>
 </Wix>
--- a/tests/test_library
+++ b/tests/test_library
@ -0,0 +1,169 @@
 # this file is a library sourced from recipes/*
 result_path=$(pwd)
 cd $(dirname "$0")/../
 script_path=$(pwd)
 cd "${result_path}"
 test_result() {
 #1 last exit status
 #2 test name
  local result=0
  if test "$1" -eq 0
    then
      printf "%s\n" "Test succeeded"
    else
      printf "%s\n" "Test failed"
      printf "%-80s\t%s\n" "$2" "failed" 1>&3
      result=1
    fi
  return "$result"
 }
 modify_blob() {
 # $1 test number
 # $2 filename extension
 # $3 text searched in a binary file
  local result=0
  initial_blob=$(echo -n "$3" | xxd -p)
  modified_blob=$(echo -n "FAKE" | xxd -p)
  zero_blob="00000000"
  xxd -p -c 1000 "test_$1.$2" | \
      sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
      xxd -p -r > "test_$1_changed.$2"
  ../../osslsigncode verify \
      -CAfile "${script_path}/../certs/CACert.pem" \
      -CRLfile "${script_path}/../certs/CACertCRL.pem" \
      -in "test_$1_changed.$2" 2>> "verify.log" 1>&2
  result=$?
  if test "$result" -ne 0 \
      -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1
    then
      printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
      result=1
    else
      rm -f "test_$1_changed.$2"
    fi
  return "$result"
 }
 search_pattern() {
 # $1 test number
 # $2 filename extension
 # $3 ASCII or HEX "$7 pattern" format
 # $4 pattern searched in a binary file or verify.log
 # $5 modify requirement
  local result=0
  if test "$3" = "ASCII"
    then
      hex_pattern=$(echo -n "$4" | xxd -p)
    else
      hex_pattern=$4
    fi
  if ! grep -q "$4" "verify.log" && \
      ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
    then
      result=1
      printf "Failed: $4 not found\n"
    elif test "$5" = "MODIFY"
      then
        modify_blob "$1" "$2" "$4"
        result=$?
      fi
  return "$result"
 }
 verify_signature() {
 # $1 sign exit code
 # $2 test number
 # $3 filename extension
 # $4 expected result
 # $5 fake time
 # $6 sha256sum requirement
 # $7 ASCII or HEX "$7 pattern" format
 # $8 pattern searched in a binary file or verify.log
 # $9 modify requirement
  local result=0
  printf "" > "verify.log"
  if test "$1" -eq 0
    then
      cp "test_$2.$3" "test_tmp.tmp"
      TZ=GMT faketime -f "$5" /bin/bash -c '
          printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
          script_path=$(pwd)
          ../../osslsigncode verify \
              -CAfile "${script_path}/../certs/CACert.pem" \
              -CRLfile "${script_path}/../certs/CACertCRL.pem" \
              -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
      result=$?
      rm -f "test_tmp.tmp"
      if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
        then
          search_pattern "$2" "$3" "$7" "$8" "$9"
          result=$?
        fi
      if test "$6" = "sha256sum"
        then
          sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
        fi
      if test "$4" = "success" -a "$result" -eq 0
        then
          rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
          rm -f "test_$2_a.$3" "test_$2_b.$3"
          result=0
        elif test "$4" = "fail" -a "$result" -eq 1
          then
            rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
            cat "verify.log" >> "results.log"
            result=0
        else
          cat "verify.log" >> "results.log"
          result=1
        fi
    else
      result=1
    fi
  return "$result"
 }
 verify_leaf_hash() {
 # $1 sign exit code
 # $2 test number
 # $3 filename extension
 # $4 fake time
  local result=0
  printf "" > "verify.log"
  if test "$1" -eq 0
    then
      cp "test_$2.$3" "test_tmp.tmp"
      TZ=GMT faketime -f "$4" /bin/bash -c '
          printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
          script_path=$(pwd)
          ../../osslsigncode verify \
              -CAfile "${script_path}/../certs/CACert.pem" \
              -CRLfile "${script_path}/../certs/CACertCRL.pem" \
              -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
              -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
      result=$?
      rm -f "test_tmp.tmp"
      if test "$result" -eq 0
        then
          rm -f "test_$2.$3"
        else
          cat "verify.log" >> "results.log"
        fi
    else
      result=1
    fi
  return "$result"
 }
--- a/tests/testall.sh
+++ b/tests/testall.sh
@ -0,0 +1,116 @@
 #!/bin/sh
 # mingw64-gcc, gcab, msitools, libgsf, libgsf-devel
 # vim-common, libfaketime packages are required
 result=0
 count=0
 skip=0
 fail=0
 result_path=$(pwd)
 cd $(dirname "$0")
 script_path=$(pwd)
 result_path="${result_path}/logs"
 certs_path="${script_path}/certs"
 make_tests() {
  for plik in ${script_path}/recipes/*
    do
      /bin/sh $plik 3>&1 2>> "results.log" 1>&2
    done
    count=$(grep -c "Test succeeded" "results.log")
  if test $count -ne 0
    then
      skip=$(grep -c "Test skipped" "results.log")
      fail=$(grep -c "Test failed" "results.log")
      printf "%s\n" "testall.sh finished"
      printf "%s\n" "summary: success $count, skip $skip, fail $fail"
    else # no test was done
      result=1
    fi
 }
 rm -rf "${result_path}"
 mkdir "${result_path}"
 cd "${result_path}"
 date > "results.log"
 ../../osslsigncode -v >> "results.log" 2>/dev/null
 cd ${certs_path}
 if test -s CACert.pem -a -s crosscert.pem -a -s expired.pem -a -s cert.pem \
    -a -s CACertCRL.pem -a -s revoked.pem -a -s key.pem -a -s keyp.pem \
    -a -s key.der -a -s cert.der -a -s cert.spc -a -s cert.p12
  then
    printf "%s\n" "keys & certificates path: ${certs_path}"
  else
    ./makecerts.sh $1
    result=$?
  fi
 cd "${result_path}"
 if test "$result" -ne 0
  then
    exit $result
  fi
 # PE files support
 if test -n "$(command -v x86_64-w64-mingw32-gcc)"
  then
    x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2
  else
    printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
    printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
  fi
 # CAB files support
 if test -n "$(command -v gcab)"
  then
    gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
  else
    printf "%s\n" "gcab not found in \$PATH"
    printf "%s\n" "tests for CAB files skipped, please install gcab package"
  fi
 # MSI files support
 if grep -q "no libgsf available" "results.log"
  then
    printf "%s\n" "signing MSI files requires libgsf/libgsf-devel packages and reconfiguration osslsigncode"
  else
    if test -n "$(command -v wixl)"
      then
        touch FoobarAppl10.exe
        cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
        wixl -v "sample.wxs" 2>> "results.log" 1>&2
      else
        printf "%s\n" "wixl not found in \$PATH"
        printf "%s\n" "tests for MSI files skipped, please install msitools package"
      fi
  fi
 # Timestamping support
 if grep -q "no libcurl available" "results.log"
  then
    printf "%s\n" "configure --with-curl is required for timestamping support"
  fi
 # Tests requirements
 if test -n "$(command -v faketime)"
  then
    if test -n "$(command -v xxd)"
      then
        make_tests
        result=$?
        rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
        rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der"
        rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
      else
        printf "%s\n" "xxd not found in \$PATH"
        printf "%s\n" "tests skipped, please install vim-common package"
      fi
  else
    printf "%s\n" "faketime not found in \$PATH"
    printf "%s\n" "tests skipped, please install faketime package"
  fi
 exit $result
Author	SHA1	Message	Date
Michal Trojnara	6ef01c935a	release 2.1 Signed-off-by: Michal Trojnara <Michal.Trojnara@stunnel.org>	2020-10-11 21:33:58 +02:00
olszomal	f336130c0d	Add timestamp (#60 ) * make authenticode timestamping override any previous timestamp * simplify add_timestamp()	2020-10-08 08:33:47 +02:00
olszomal	28904e8d1a	fix memory leak	2020-10-04 22:05:28 +02:00
olszomal	85b0eb6fa0	improve maketest	2020-10-04 22:05:28 +02:00
olszomal	858e9031f0	find the signer's certificate in the certificate chain	2020-10-04 22:05:28 +02:00
olszomal	fe028d12f4	additional CRLs (supplied as part of a PKCS#7 structure) support	2020-10-04 22:05:28 +02:00
olszomal	0bb54d9f51	new option -pkcs11cert identifies a certificate in the token fix and simplify read_crypto_params()	2020-10-04 22:05:28 +02:00
olszomal	ddb2dc7b15	fix MSI memory leaks	2020-09-12 14:07:10 +02:00
olszomal	36708d0ee5	fix get_clrdp_url()	2020-09-12 14:07:10 +02:00
olszomal	0f6e0e8523	remove deprecated functions	2020-09-12 14:07:10 +02:00
olszomal	4fa102b5d1	output format	2020-08-22 20:00:58 +02:00
Michał Trojnara	01b3fb5b54	Merge pull request #56 from olszomal/crl Fix timestamp and CRL verification	2020-08-02 20:26:38 +02:00
olszomal	548c78e212	print CRL distribution point	2020-07-24 14:14:00 +02:00
olszomal	44a773401c	set the certificate expiration date for CRL verification tests	2020-07-24 14:00:49 +02:00
olszomal	8f56f3d620	fix CRL verification	2020-07-24 14:00:18 +02:00
olszomal	5433770ce5	timestamp verification	2020-07-09 10:25:00 +02:00
olszomal	3b21e54900	code simplification	2020-07-08 22:16:50 +02:00
olszomal	2f5e336b89	new feature: multiple nested signature	2020-07-08 22:16:50 +02:00
olszomal	ff796106ad	verify multiple nested signatures	2020-07-08 22:16:50 +02:00
olszomal	293d92b0b0	fixed MSI memory leak	2020-07-08 22:16:50 +02:00
olszomal	9be7753a8f	fix error handling	2020-07-08 22:16:50 +02:00
olszomal	c0d65b2441	multiple signature test	2020-07-08 22:16:50 +02:00
olszomal	4f71fefb79	sign with multiple signature	2020-07-08 22:16:50 +02:00
olszomal	cfaa37108d	Convert PKCS7 countersignature into CMS_ContentInfo structure	2020-06-21 19:47:34 +02:00
olszomal	e4295cc00c	fixed memory leaks	2020-06-21 19:46:03 +02:00
olszomal	48dc052540	initialize crypto params	2020-06-21 19:46:03 +02:00
Michal Trojnara	7dd36a5c24	Initial change log for 2.1 release	2020-06-07 18:34:49 +02:00
Michal Trojnara	0c9f53d30c	Simplified ASN1_GetTimeT() This commit also drops support for OpenSSL 1.1.0 (end of life for that release was August 31, 2018).	2020-06-07 17:54:10 +02:00
olszomal	772a878182	CMS structure support	2020-06-07 17:31:10 +02:00
Matt Hauck	1670a07089	Finalize pkcs11 engine In order to properly finalize the pkcs11 module, we need to call ENGINE_finish on the pkcs11 `ENGINE*` object.	2020-06-03 09:49:03 +02:00
Michał Trojnara	cf331d0064	Merge pull request #41 from olszomal/tests Improved tests	2020-05-18 08:06:21 +02:00
Michał Trojnara	826df059d1	Merge pull request #39 from olszomal/windows Windows support	2020-05-18 08:05:44 +02:00
olszomal	6cb3ae863e	print timestamp error	2020-05-08 14:26:27 +02:00
olszomal	8aaa8faf5c	enable the verbose option for the add command	2020-05-07 10:54:01 +02:00
olszomal	2c919cce9f	more TSA servers in tests	2020-05-07 10:43:57 +02:00
olszomal	8d78e07528	Windows install notes	2020-05-05 14:58:49 +02:00
olszomal	56a1413cb5	how to use PKCS11 token	2020-05-05 14:48:48 +02:00
olszomal	82afda3ef9	msi support for Windows	2020-04-22 10:26:32 +02:00
olszomal	dfad489090	CAfile/untrusted file must exist to verify the signature	2020-04-17 15:41:33 +02:00
olszomal	c786ca873c	don't overwrite an existing file	2020-04-17 14:48:32 +02:00
Michal Trojnara	3b9ce00901	Typo	2020-04-16 15:36:46 +02:00
Michal Trojnara	8cafe0a102	Windows workaround for the #9 fix	2020-04-16 14:24:09 +02:00
Michał Trojnara	146b79bd04	Merge pull request #38 from olszomal/cabfiles Code cleanup	2020-04-11 11:19:03 +02:00
olszomal	e59e922d32	last merge error - X509_PURPOSE_ANY	2020-04-09 10:45:25 +02:00
olszomal	e2f984f5c9	attach DER signature	2020-04-08 14:21:53 +02:00
olszomal	cafa23819b	more memory leaks fixed	2020-04-07 15:49:00 +02:00
olszomal	235448d839	fixed memory leaks	2020-04-03 15:12:43 +02:00
olszomal	077783aa2a	signer extended key usage XKU_CODE_SIGN	2020-04-03 12:31:59 +02:00
olszomal	7c39f73ff6	memory cleanup	2020-04-03 11:44:56 +02:00
olszomal	1e4681980f	print osslsigncode version and usage	2020-04-02 12:18:37 +02:00
olszomal	26d35cee40	C89 standard compatibility	2020-04-02 12:03:06 +02:00
olszomal	a79c0c6426	is_indirect_data_signature()	2020-04-01 13:25:58 +02:00
olszomal	3ae025a133	code cleaning	2020-03-31 12:55:09 +02:00
olszomal	6383166189	enable MsiDigitalSignatureEx	2020-03-27 15:00:47 +01:00
olszomal	0692db5ed3	resolved merge conflict by incorporating both suggestions	2020-03-27 14:28:04 +01:00
olszomal	ee2d65d354	msi_calc_MsiDigitalSignatureEx() with GSF_PARAMS struct	2020-03-27 14:04:14 +01:00
olszomal	3635d586fb	create pkcs7 object and prepare file to sign	2020-03-27 13:51:59 +01:00
Michał Trojnara	2830ab5795	Merge pull request #36 from olszomal/cabverify CAB files support - Extracting, attaching, removing and verifying the signature - Signing with the nested signature - Enable tests for CAB files	2020-03-27 06:24:48 +01:00
olszomal	ee17261eaf	resolved merge conflict	2020-03-26 11:24:24 +01:00
olszomal	77493d5cde	input options and input file header validation	2020-03-26 10:38:02 +01:00
olszomal	cdd2a23bf1	check attached data	2020-03-26 09:16:18 +01:00
olszomal	20236fb677	Verification purpose and nested signature (#35 ) - Require "Code Signing" extended key usage for authenticode verification. - Only check for the X509_PURPOSE_CRL_SIGN purpose in CRL verification. - Only require one valid signature for a nested signature.	2020-03-25 21:00:47 +01:00
olszomal	18b19cbe5d	Update additional data size	2020-03-25 14:06:36 +01:00
olszomal	e570907a59	Append signature to outfile	2020-03-25 13:52:08 +01:00
olszomal	9f6af8becb	set_indirect_data_blob()	2020-03-24 14:44:03 +01:00
olszomal	b7f0461311	page hash verification	2020-03-24 14:04:37 +01:00
olszomal	1715a02cd8	get_indirect_data_blob() with options and header structures	2020-03-24 13:59:38 +01:00
olszomal	536cf9670b	get_file_type()	2020-03-17 11:17:45 +01:00
olszomal	0f35d25791	CRYPTO_PARAMS struct	2020-03-17 11:01:37 +01:00
olszomal	f93bdc0f98	nturl/ntsurl GLOBAL_OPTIONS related to turl/tsurl	2020-03-16 14:41:21 +01:00
olszomal	6e46f71e69	main_configure()	2020-03-16 14:20:02 +01:00
olszomal	5e0f6e17a9	GLOBAL_OPTIONS struct	2020-03-16 10:32:39 +01:00
olszomal	1281dbccf1	read certificate and key	2020-03-13 12:19:42 +01:00
olszomal	9e670ea7a0	read_password	2020-03-12 15:36:40 +01:00
olszomal	29b138a667	create_new_signature()	2020-03-12 15:03:36 +01:00
olszomal	e7f0577bf3	set_signing_bob	2020-03-12 14:13:26 +01:00
olszomal	f0050d6033	MSI Digital Signatures support	2020-03-12 13:35:30 +01:00
olszomal	ccde20f8e2	FILE_HEADER struct for CAB header support	2020-03-11 09:25:27 +01:00
olszomal	787933ef53	verify_pe_header()	2020-03-10 13:26:20 +01:00
olszomal	7cd0e9d581	add jp/purpose/desc/url attribute functions	2020-03-04 15:35:48 +01:00
olszomal	889679e080	attach_sigfile()	2020-03-04 14:34:51 +01:00
olszomal	47e9a2299b	attach-signature tests	2020-03-04 13:31:54 +01:00
olszomal	150d14b57c	modify and verify CAB header	2020-03-04 13:28:46 +01:00
olszomal	73cf4e9540	attach to CAB file fixed some improvements for PE files	2020-02-21 16:26:53 +01:00
olszomal	a56aee3c8f	CAB file tests	2020-02-21 14:10:21 +01:00
olszomal	94f5e0c1bf	CAB file support	2020-02-21 14:07:15 +01:00
olszomal	6bcb95e8fa	file format fixes	2020-02-19 10:47:29 +01:00
olszomal	7fcf08ad75	CA bundle install path detection (#32 )	2020-02-04 22:44:58 +01:00
olszomal	e7dd72c64d	makecerts requirement	2020-01-30 07:09:15 +01:00
Michal Trojnara	2bb573219a	Fix invocation without arguments Closes #29	2020-01-25 18:41:47 +01:00
olszomal	7366df707d	Help (#27 )	2020-01-25 08:37:11 +01:00
olszomal	49f25a1914	CRL support with new CRLfile global option (#28 )	2020-01-25 08:25:48 +01:00
olszomal	98910f675a	check libcurl availability	2019-12-28 20:34:13 +01:00
olszomal	5b9f65d2f2	more tests requirements	2019-12-28 20:34:13 +01:00
olszomal	7f6ec7607f	ifdef ENABLE_CURL mistake	2019-12-28 20:34:13 +01:00
olszomal	d36a10bf09	tests improvements	2019-12-28 20:34:13 +01:00
olszomal	a77ed9c9e1	new verify tests	2019-12-28 20:34:13 +01:00
olszomal	3c45de910f	new test library	2019-12-28 20:34:13 +01:00
olszomal	5c0a181436	tests requirements	2019-12-28 20:34:13 +01:00
olszomal	1af321be77	make certs with faketime	2019-12-28 20:34:13 +01:00
olszomal	311f5af395	signature verification	2019-12-28 20:34:13 +01:00
Michał Trojnara	2ffa5a9d69	Signing Time code refactoring - Code simplification. - Support for the -st option while timestamps are enabled. - Fix for a NULL pointer dereference.	2019-09-10 23:03:35 +02:00
Viktor Szakats	5c51cab171	reword comment	2019-09-10 22:09:45 +02:00
Viktor Szakats	c72434aa08	add option to override non-trusted time in signature By default the non-trusted time embedded in the signature is the current time of the machine. This means that adding a signature prevents from creating reproducible/deterministic binaries. This patch resolves that by introducing the -st <unix-time> option where a custom time can be supplied and which will be used in the signature. By using a point in time bound to the package (e.g. release date or timestamp of a specific file in the source package - or just 0 to suppress the current time), it makes it possible to create signed binaries with reproducible/deterministic, IOW identical signatures, regardless of when the build was done. It also makes osslsigncode behaviour closer to signtool.exe, which by default creates deterministic signatures (by include no non-trusted time at all.) The patch has been used live for the last year to build curl-for-win binaries: https://github.com/curl/curl-for-win/blob/master/osslsigncode.patch It also resolves this osslsigncode bug: https://sourceforge.net/p/osslsigncode/bugs/8/#a59a	2019-09-10 22:09:45 +02:00
olszomal	18810b7e0b	change test for add-msi-dse option	2019-07-28 14:19:08 +02:00
olszomal	b512aa534c	some options warnings	2019-07-28 14:19:08 +02:00
olszomal	de4e85f35a	remove jp_medium and jp_high tests	2019-07-28 14:19:08 +02:00
olszomal	97b7002547	required packages	2019-07-28 14:15:23 +02:00
Randy Fay	dc0b2d7273	Improve build instructions for osslsigncode, fixes #12 (#15 ) fixes #12 * Switch to using PKG_CONFIG_PATH instead of LDFLAGS and CPPFLAGS	2019-07-28 14:11:53 +02:00
Michał Trojnara	764fec5bd1	Fix password tests	2019-07-20 14:38:12 +02:00
Michał Trojnara	f39ac9caee	Fixed "add" tests The "add" command was never supposed to copy a signature. See `afd5c5177d` for details.	2019-07-20 14:17:41 +02:00
Michał Trojnara	1121713d48	Typo	2019-07-20 13:53:50 +02:00
olszomal	00290bc363	Test improvements (#14 ) * removed pvk keys tests * new 11_sign_nest test * improved verify_signature() * new tests of timestamping with the add command	2019-07-20 12:54:46 +02:00
olszomal	62e8ffd0c9	allow timestamping with the add command	2019-07-20 12:51:23 +02:00
Michał Trojnara	891887a974	Never overwrite or unlink an existing file Fixes #9 The code uses the "x" file access mode flag introduced by the C11 standard (ISO/IEC 9899:2011). It may be unsupported on Windows.	2019-07-13 15:25:41 +02:00
olszomal	3645ba7357	New tests for osslsigncode (#11 )	2019-07-13 11:41:03 +02:00
Michał Trojnara	4c44cfdd76	Fix double free	2019-07-11 20:20:47 +02:00
Jemmy Wang	6c8ec4427a	Fix segmentation fault	2019-07-01 22:02:17 +02:00
Jemmy Wang	c740b097df	Fix SpcPageHashLink generation The orginal code handles ASN1_SET improperly, which results in INVALID page hash SpcLink. This commit fixes the bug. osslsigncode can now generate valid signatures with -ph (page hash) option.	2019-07-01 22:02:17 +02:00
Reimar Döffinger	0bea1ac8f6	Ensure variable is initialized. It seem unnecessarily risky to leave it uninitialized when PKCS7_free is called on it unconditionally at the end of the function.	2019-04-25 00:02:33 +02:00
Michał Trojnara	12966f611a	Consistent DO_EXIT_n interface	2019-04-24 06:54:44 +02:00
Reimar Döffinger	044861b323	Make -pkcs11engine option optional. (#5 ) If not specified, load all builtin engines, most likely the pkcs11 one will be among them. This makes the pkcs11module option much easier to use in the most common use-cases.	2019-04-24 06:47:53 +02:00
Michał Trojnara	bed25dcb7d	Error formatting fixes closes #3	2019-04-24 06:17:31 +02:00
Reimar Döffinger	8c82f76905	Remove unused Authenticode object IDs.	2019-04-23 22:55:57 +02:00
barrybingo	342518fcbe	Minorfixes (#2 ) Replace legacy function	2019-04-02 13:52:25 +02:00
Michał Trojnara	fe08daaa4f	use OpenSSL memory allocation	2018-12-09 23:30:20 +01:00
Michał Trojnara	5a01658434	use tohex() for bin2hex conversion	2018-12-09 23:05:13 +01:00
Michał Trojnara	d007c03bb6	signed/unsigned conversion fixes	2018-12-09 22:51:15 +01:00
Michał Trojnara	a935479e7f	fixed a few typos	2018-12-08 22:06:36 +01:00
Michał Trojnara	db559c4769	code simplification Avoid re-implementing common library functions.	2018-12-08 21:55:15 +01:00
Michał Trojnara	693ac8c476	new bug reporting procedure	2018-12-08 17:07:25 +01:00
Michał Trojnara	2e9113cd41	code deduplication and cleanup	2018-12-08 16:56:29 +01:00
Michał Trojnara	a7c624d0a9	fixed OpenSSL 1.1 check to fail with OpenSSL 1.0 closes #1	2018-12-08 09:55:04 +01:00
Michał Trojnara	c9396c4be9	configure.ac indentation	2018-12-08 09:49:11 +01:00
Michał Trojnara	6da2a23d1f	version number bump	2018-12-05 23:02:08 +01:00
Michał Trojnara	642a290343	more consistent code formatting and indentation	2018-12-05 22:59:41 +01:00