nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-02 19:22:47 -05:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nhyatt:2.1
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0
...
compare: nhyatt:2.2
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0

48 Commits
2.1 ... 2.2

Author SHA1 Message Date
Michał Trojnara
8c37b00d83 release 2.2 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2021-08-15 21:42:01 +02:00
aesx86
f2559972f3 fix gcc command line 2021-07-06 08:48:43 +02:00
Michał Trojnara
057d38ee76 Additional test dependency checks 2021-06-27 10:10:01 +02:00
Michał Trojnara
ed8ee4194b typo 2021-06-19 12:29:05 +02:00
Michał Trojnara
c64add388b Separate section for bootstrapping 2021-06-13 21:57:09 +02:00
sebaxakerhtc
2912eb054c missing autoconf for MacOS 2021-06-13 20:47:38 +02:00
olszomal
de05123adc update documentation 2021-06-09 23:36:17 +02:00
olszomal
180b352102 tests improvements 2021-06-09 23:36:17 +02:00
olszomal
72de045151 Add the bootstrap file 2021-06-09 23:36:17 +02:00
olszomal
95d77c9b98 help and version commands return code 0 (success) 2021-06-09 23:34:57 +02:00
olszomal
64e7e26eba free up BIO outdata only for MSI files 2021-05-30 22:14:35 +02:00
olszomal
e26a50a618 clarifying comments 2021-05-30 22:13:34 +02:00
olszomal
d2aa35a7f6 verify the content blob with the type set to OCTET STRING 2021-05-30 22:13:34 +02:00
Michał Trojnara
1c175c4339 Merge pull request #90 from olszomal/style 
Handle unsuccessful termination exit(-1)
 2021-05-04 09:40:12 +02:00
olszomal
3dad092be9 Merge branch 'master' into style 2021-05-04 09:20:12 +02:00
olszomal
de0bf341a5 free up the SIGNATURE structure 2021-05-04 09:02:20 +02:00
olszomal
4d5052c3f4 remove trailing newlines 2021-05-04 08:51:07 +02:00
olszomal
04823393f2 renamed options: 
"-untrusted" --> "-TSA-CAfile"
"-CRLuntrusted" --> "-TSA-CRLfile"
 2021-05-04 08:49:39 +02:00
olszomal
cfb897a902 handle unsuccessful termination exit (-1) 2021-04-26 11:35:19 +02:00
olszomal
8b064ca814 sizeof style 2021-04-26 10:48:53 +02:00
egonk
1bdfcc8940 fix crl nullptr crash in read_certfile 2021-04-25 21:59:36 +02:00
olszomal
bcdc5b7030 fixed width integer types 2021-04-25 21:43:00 +02:00
olszomal
3908e874a4 sizeof style 2021-04-25 21:38:57 +02:00
olszomal
a161efdb25 fix buffer overflow 2021-04-25 21:38:57 +02:00
olszomal
b01a2f5cd7 C89 standard compatibility 2021-04-25 21:38:57 +02:00
olszomal
b6e6165782 moral rights 2021-04-25 21:38:57 +02:00
olszomal
9b3697ad76 update changelog 2021-04-25 21:38:57 +02:00
olszomal
758003156e MSI file signing support 
DIFAT sectors are not supported
 2021-04-25 21:38:57 +02:00
olszomal
4f590989ce remove libgsf library dependency 
MSI file verify and remove-signature support
 2021-04-25 21:38:57 +02:00
olszomal
6df4c12624 verify msi metadata 2021-04-25 21:38:57 +02:00
Michał Trojnara
315357f092 Update a dead link in the documentation 
Closes #84
 2021-04-05 20:32:38 +02:00
olszomal
c0d9569c4f disable GSF_CAN_READ_MSI_METADATA 2021-01-11 21:21:02 +01:00
olszomal
352ef49b3a unicode description support 2021-01-11 21:20:18 +01:00
olszomal
f004aa3f48 new testing framework 2021-01-11 21:20:18 +01:00
olszomal
6edd56bfac Print the message digest algorithm from the signer info structure 2021-01-11 21:20:18 +01:00
olszomal
67e4edfe45 Print authenticated attributes: 
- message digest
- signing time
- URL description
- text description
- level of permissions for CAB files
 2021-01-11 21:20:18 +01:00
olszomal
5ad5260351 update copyright year 2021-01-11 21:20:18 +01:00
tdyer
790abf66da update documentation for timestamp server 
- verisign timestamp server is no longer in service
   update docs to point to alternative service
 2021-01-06 21:25:41 +01:00
olszomal
1dc209baa8 fix the default end date and extended key usage for test certificates 2021-01-06 21:24:40 +01:00
olszomal
2f011cfc31 p11engine and p11module need to be orthogonal (independent of each other) 2021-01-06 21:24:05 +01:00
olszomal
e8fe3e934d code simplification 2021-01-06 21:20:56 +01:00
olszomal
f8849b8048 new option -c specifies the catalog file by name 2021-01-06 21:20:56 +01:00
olszomal
86d593f264 Create a MsCtlContent structure to decode the Microsoft MS_CTL_OBJID object 2021-01-06 21:20:56 +01:00
olszomal
5e064233a3 increase the maximum size of supported CAT files 2020-11-10 04:28:43 +01:00
olszomal
fb1bc06440 CAT file tests 2020-11-02 10:11:10 +01:00
olszomal
80d5948eeb CAT files support 2020-11-02 10:11:10 +01:00
olszomal
0d6d0071d3 sort Microsoft and Generic OIDs 2020-11-02 10:11:10 +01:00
Artem Polishchuk
250521e07f fix(tests): swallows the exit code 2020-10-15 18:15:59 +02:00
64 changed files with 4816 additions and 4846 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@ -15,7 +15,10 @@ install-sh
missing
osslsigncode
osslsigncode.o
msi.o
stamp-h1
INSTALL
COPYING
.#*#
.*.bak

2
INSTALL.W32.md
View File

@ -12,7 +12,7 @@
2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
```
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c -o osslsigncode.exe \
x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-lcrypto -lssl -lcurl -lgsf-1 -lgobject-2.0 -lglib-2.0 -lxml2 \
-I 'C:/msys64/mingw64/include/libgsf-1' \
-I 'C:/msys64/mingw64/include/glib-2.0' \

6
Makefile.am
View File

@ -8,9 +8,9 @@ MAINTAINERCLEANFILES = \
$(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = .gitignore
AM_CFLAGS = $(GSF_CFLAGS) $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS)
AM_CFLAGS = $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS)
bin_PROGRAMS = osslsigncode
osslsigncode_SOURCES = osslsigncode.c
osslsigncode_LDADD = $(GSF_LIBS) $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS)
osslsigncode_SOURCES = osslsigncode.c msi.c msi.h
osslsigncode_LDADD = $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS)

9
CHANGELOG.md → NEWS.md
View File

@ -1,3 +1,12 @@
### 2.2 (2021.08.15)
- CAT files support (thanks to James McKenzie)
- MSI support rewritten without libgsf dependency, which allows
for handling of all the needed MSI metadata, such as dates
- "-untrusted" option renamed to "-TSA-CAfile"
- "-CRLuntrusted" option renamed to "-TSA-CRLfile"
- numerous bug fixes and improvements
### 2.1 (2020-10-11)
- certificate chain verification support

59
README.md
View File

@ -19,29 +19,55 @@ tool would fail. And, so, osslsigncode was born.
## WHAT CAN IT DO?
It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB and MSI files. It supports
the equivalent of signtool.exe's "-j javasign.dll -jp low", i.e. add a
valid signature for a CAB file containing Java files. It supports getting
the timestamp through a proxy as well. It also supports signature verification,
removal and extraction.
It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB, CAT and MSI files.
It supports the equivalent of signtool.exe's "-j javasign.dll -jp low",
i.e. add a valid signature for a CAB file containing Java files.
It supports getting the timestamp through a proxy as well. It also
supports signature verification, removal and extraction.
## BUILDING
This build technique works on Linux and macOS, if you have the necessary tools installed:
This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems.
See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes.
### Generate the ./configure script
This step is only needed if osslsigncode was cloned from a git repository.
We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead.
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
./autogen.sh
./configure
make
make install
sudo apt update && sudo apt install automake pkg-config
```
* On Linux, (tested on Debian/Ubuntu) you may need `sudo apt-get update && sudo apt-get install build-essential autoconf libtool libssl-dev python3-pkgconfig libcurl4-gnutls-dev`
* On macOS with Homebrew, you probably need to do these things before autogen.sh and configure:
* Install prerequisites on macOS with Homebrew:
```
brew install openssl@1.1 automake pkg-config libtool
brew install automake pkg-config
```
* Generate the ./configure script:
```
./bootstrap
```
### Configure, build and install osslsigncode
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
sudo apt update && sudo apt install build-essential pkg-config libssl-dev libcurl4-openssl-dev
```
* Install prerequisites on macOS with Homebrew:
```
brew install pkg-config openssl@1.1
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
```
* Configure, build and install osslsigncode:
```
./configure && make && sudo make install
```
## USAGE
Before you can sign a file you need a Software Publishing
@ -75,7 +101,7 @@ or if you want to add a timestamp as well:
```
osslsigncode sign -certs <cert-file> -key <key-file> \
-n "Your Application" -i http://www.yourwebsite.com/ \
-t http://timestamp.verisign.com/scripts/timstamp.dll \
-t http://timestamp.digicert.com \
-in yourapp.exe -out yourapp-signed.exe
```
You can use a certificate and key stored in a PKCS#12 container:
@ -99,11 +125,10 @@ An example of using osslsigncode with SoftHSM:
osslsigncode sign \
-pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \
-pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \
-certs <cert-file> \
-pkcs11cert 'pkcs11:token=softhsm-token;object=cert' \
-key 'pkcs11:token=softhsm-token;object=key' \
-in yourapp.exe -out yourapp-signed.exe
```
osslsigncode currently does not support reading certificates from engines.
You can check that the signed file is correct by right-clicking
on it in Windows and choose Properties --> Digital Signatures,
@ -130,7 +155,7 @@ use instead of your *.spc file. It's the same basic thing, in a different format
For your PVK file, you will need to download a little utility called
PVK.EXE. This can currently be downloaded at
http://support.globalsign.net/en/objectsign/PVK.zip
https://www.globalsign.com/support/code-signing/PVK.zip
Run:
```

2
README.unauthblob.md
View File

@ -14,7 +14,7 @@ osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_passwo
```
# Example 2. Timestamp and add blob to signed file
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.verisign.com/scripts/timstamp.dll -in your_signed_file.exe -out out.exe
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe
```
```

1578
autogen.sh
View File

File diff suppressed because it is too large Load Diff

2
bootstrap Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
autoreconf --verbose --install --force

16
configure.ac
View File

@ -1,6 +1,6 @@
AC_PREREQ(2.60)
AC_INIT([osslsigncode], [2.1.0], [Michal.Trojnara@stunnel.org])
AC_INIT([osslsigncode], [2.2.0], [Michal.Trojnara@stunnel.org])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
@ -77,20 +77,6 @@ AC_CHECK_LIB(
AC_CHECK_HEADERS([termios.h])
AC_CHECK_FUNCS(getpass)
AC_ARG_WITH([gsf],
AS_HELP_STRING([--without-gsf], [Ignore presence of libgsf and disable it])
)
AS_IF([test "x$with_gsf" != "xno"],
[PKG_CHECK_MODULES([GSF], [libgsf-1], [have_gsf=yes], [have_gsf=no])],
[have_gsf=no]
)
AS_IF([test "x$have_gsf" = "xyes"],
[AC_DEFINE([WITH_GSF], 1, [Have libgsf?])],
[AS_IF([test "x$with_gsf" = "xyes"],
[AC_MSG_ERROR([libgsf requested but not found])])]
)
PKG_CHECK_MODULES(
[OPENSSL],
[libcrypto >= 1.1.1],

1099
msi.c Normal file
View File

File diff suppressed because it is too large Load Diff

206
msi.h Normal file
View File

@ -0,0 +1,206 @@
/*
* MSI file support library
*
* Copyright (C) 2021 Michał Trojnara <Michal.Trojnara@stunnel.org>
* Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
*
* Reference specifications:
* http://en.wikipedia.org/wiki/Compound_File_Binary_Format
* https://msdn.microsoft.com/en-us/library/dd942138.aspx
* https://github.com/microsoft/compoundfilereader
*/
#include <stdint.h>
#include <openssl/safestack.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#define MAXREGSECT 0xfffffffa /* maximum regular sector number */
#define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */
#define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */
#define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */
#define NOSTREAM 0xffffffff /* terminator or empty pointer */
#define FREESECT 0xffffffff /* empty unallocated free sectors */
#define DIR_UNKNOWN 0
#define DIR_STORAGE 1
#define DIR_STREAM 2
#define DIR_ROOT 5
#define RED_COLOR 0
#define BLACK_COLOR 1
#define DIFAT_IN_HEADER 109
#define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */
#define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */
#define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */
#define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */
#define HEADER_CLSID 0x08 /* reserved and unused */
#define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */
#define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */
#define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */
#define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */
#define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */
#define RESERVED 0x22 /* reserved and unused */
#define HEADER_DIR_SECTORS_NUM 0x28
#define HEADER_FAT_SECTORS_NUM 0x2c
#define HEADER_DIR_SECTOR_LOC 0x30
#define HEADER_TRANSACTION 0x34
#define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */
#define HEADER_MINI_FAT_SECTOR_LOC 0x3c
#define HEADER_MINI_FAT_SECTORS_NUM 0x40
#define HEADER_DIFAT_SECTOR_LOC 0x44
#define HEADER_DIFAT_SECTORS_NUM 0x48
#define HEADER_DIFAT 0x4c
#define DIRENT_SIZE 0x80 /* 128 bytes */
#define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */
#define DIRENT_NAME 0x00
#define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */
#define DIRENT_TYPE 0x42
#define DIRENT_COLOUR 0x43
#define DIRENT_LEFT_SIBLING_ID 0x44
#define DIRENT_RIGHT_SIBLING_ID 0x48
#define DIRENT_CHILD_ID 0x4c
#define DIRENT_CLSID 0x50
#define DIRENT_STATE_BITS 0x60
#define DIRENT_CREATE_TIME 0x64
#define DIRENT_MODIFY_TIME 0x6c
#define DIRENT_START_SECTOR_LOC 0x74
#define DIRENT_FILE_SIZE 0x78
#define GET_UINT8_LE(p) ((u_char*)(p))[0]
#define GET_UINT16_LE(p) (((u_char*)(p))[0] | (((u_char*)(p))[1]<<8))
#define GET_UINT32_LE(p) (((u_char*)(p))[0] | (((u_char*)(p))[1]<<8) | \
(((u_char*)(p))[2]<<16) | (((u_char*)(p))[3]<<24))
#define PUT_UINT8_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff;
#define PUT_UINT16_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff
#define PUT_UINT32_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff; \
((u_char*)(p))[2] = ((i)>>16) & 0xff; \
((u_char*)(p))[3] = ((i)>>24) & 0xff
typedef unsigned char u_char;
typedef struct {
u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */
u_char unused_clsid[16]; /* reserved and unused */
uint16_t minorVersion;
uint16_t majorVersion;
uint16_t byteOrder;
uint16_t sectorShift; /* power of 2 */
uint16_t miniSectorShift; /* power of 2 */
u_char reserved[6]; /* reserved and unused */
uint32_t numDirectorySector;
uint32_t numFATSector;
uint32_t firstDirectorySectorLocation;
uint32_t transactionSignatureNumber; /* reserved */
uint32_t miniStreamCutoffSize;
uint32_t firstMiniFATSectorLocation;
uint32_t numMiniFATSector;
uint32_t firstDIFATSectorLocation;
uint32_t numDIFATSector;
uint32_t headerDIFAT[DIFAT_IN_HEADER];
} MSI_FILE_HDR;
typedef struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
uint8_t colorFlag;
uint32_t leftSiblingID;
uint32_t rightSiblingID;
uint32_t childID;
u_char clsid[16];
u_char stateBits[4];
u_char creationTime[8];
u_char modifiedTime[8];
uint32_t startSectorLocation;
u_char size[8];
} MSI_ENTRY;
typedef struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
MSI_ENTRY *entry;
STACK_OF(MSI_DIRENT) *children;
} MSI_DIRENT;
DEFINE_STACK_OF(MSI_DIRENT)
typedef struct {
const u_char *m_buffer;
size_t m_bufferLen;
MSI_FILE_HDR *m_hdr;
size_t m_sectorSize;
size_t m_minisectorSize;
size_t m_miniStreamStartSector;
} MSI_FILE;
typedef struct {
char *header;
char *ministream;
char *minifat;
char *fat;
uint32_t dirtreeLen;
uint32_t miniStreamLen;
uint32_t minifatLen;
uint32_t fatLen;
int ministreamsMemallocCount;
int minifatMemallocCount;
int fatMemallocCount;
int dirtreeSectorsCount;
int minifatSectorsCount;
int fatSectorsCount;
int miniSectorNum;
int sectorNum;
size_t sectorSize;
} MSI_OUT;
static u_char msi_magic[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1
};
static const u_char digital_signature[] = {
0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00,
0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00,
0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00,
0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00,
0x65, 0x00, 0x00, 0x00
};
static const u_char digital_signature_ex[] = {
0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00,
0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00,
0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00,
0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00,
0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00,
0x45, 0x00, 0x78, 0x00, 0x00, 0x00
};
int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, size_t offset, char *buffer, size_t len);
MSI_FILE *msi_file_new(char *buffer, size_t len);
void msi_file_free(MSI_FILE *msi);
MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi);
MSI_DIRENT *msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent);
MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse);
void msi_dirent_free(MSI_DIRENT *dirent);
MSI_FILE_HDR *msi_header_get(MSI_FILE *msi);
int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root);
void msi_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, size_t fileend);
int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen);
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, int len, u_char *p_msiex, int len_msiex, BIO *outdata);

2620
osslsigncode.c
View File

File diff suppressed because it is too large Load Diff

47
tests/certs/ca-bundle.crt Normal file
View File

@ -0,0 +1,47 @@
# Certum Trusted Network CA
-----BEGIN CERTIFICATE-----
MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
-----END CERTIFICATE-----
# DigiCert Assured ID Root CA
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-----END CERTIFICATE-----

9
tests/certs/openssl_intermediate.cnf
View File

@ -18,7 +18,8 @@ default_md = sha256
preserve = no
policy = policy_loose
default_startdate = 180101000000Z
default_enddate = 210101000000Z
default_enddate = 241231000000Z
x509_extensions = v3_req
[ req ]
# Options for the `req` tool
@ -40,6 +41,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.

87
tests/recipes/01_sign_pem
View File

@ -1,56 +1,53 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format.
# Sign a file with a certificate and a private key in the PEM format.
# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=1
# PE file
test_name="011. Sign a PE file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe"
verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="012. Sign a CAB file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"
verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"
verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/02_sign_pass
View File

@ -1,58 +1,53 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format.
# Sign a file with an encrypted private key in the PEM format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=2
# PE file
test_name="021. Sign a PE file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_021.exe"
verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="022. Sign a CAB file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"
verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"
verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/03_sign_der
View File

@ -1,59 +1,54 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the DER format.
# Sign a file with an encrypted private key in the DER format.
# Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=3
# PE file
test_name="031. Sign a PE file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.exe" -out "test_031.exe"
verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="032. Sign a CAB file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"
verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the DER format"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"
verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

93
tests/recipes/04_sign_spc_pvk
View File

@ -1,59 +1,54 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate file in the SPC format
# and the private key file in the Microsoft Private Key (PVK) format.
# Sign a file with a certificate in the SPC format
# and a private key in the Microsoft Private Key (PVK) format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=4
# PE file
test_name="041. Sign a PE file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.exe" -out "test_041.exe"
verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"
verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "sample.msi" -out "test_043.msi"
verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

90
tests/recipes/05_sign_pkcs12
View File

@ -1,57 +1,53 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container.
# Sign a file with a certificate and a key stored in a PKCS#12 container.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=5
# PE file
test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
-in "test.exe" -out "test_051.exe"
verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"
verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"
verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

70
tests/recipes/06_test_sha256sum
View File

@ -2,53 +2,33 @@
# Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library
res=0
skip=0
test_name="061. Checking SHA256 message digests for 01x-05x tests"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
script_path=$(pwd)
result=0
test_nr=6
for file in ${script_path}/../logs/sha256sum/*.*
do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_exe.log" >> "results.log"
result=1
cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_exe.log"
else
skip=$(($skip+1))
fi
rm -f "sha256sum/$name"
test_result "$result" "$number" "$test_name"
done
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 3
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

97
tests/recipes/07_sign_timestamp
View File

@ -1,64 +1,61 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with Authenticode timestamping
# Sign a file with Authenticode timestamping
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=7
# PE file
test_name="071. Sign a PE file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2
verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
test_name="072. Sign a CAB file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
fi
# MSI file
test_name="073. Sign a MSI file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_073.msi"
verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Sign a file with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

97
tests/recipes/08_sign_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with RFC 3161 timestamping
# Sign a file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by
@ -7,62 +7,59 @@
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=8
# PE file
test_name="081. Sign a PE file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_081.exe"
verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
test_name="082. Sign a CAB file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_082.ex_"
verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
fi
# MSI file
test_name="083. Sign a MSI file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_083.msi"
verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Sign a file with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

44
tests/recipes/09_sign_page_hashes
View File

@ -1,29 +1,33 @@
#!/bin/sh
# Generate page hashes for a PE file
# Generate page hashes for a file
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=9
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"exe") filetype=PE; format_nr=4 ;;
*) continue ;; # Warning: -ph option is only valid for PE files
esac
number="$test_nr$format_nr"
test_name="Generate page hashes for a $filetype file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="091. Generate page hashes for a PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 -ph \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe"
verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# Warning: -ph option is only valid for PE files
# MSI file
# Warning: -ph option is only valid for PE files
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

91
tests/recipes/10_sign_blob
View File

@ -1,58 +1,53 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with addUnauthenticatedBlob.
# Sign a file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=10
# PE file
test_name="101. Sign a PE file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2
verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="102. Sign a CAB file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with addUnauthenticatedBlob"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="103. Sign a MSI file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2
verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

89
tests/recipes/11_sign_nest
View File

@ -1,71 +1,42 @@
#!/bin/sh
# Sign a PE/CAB/MSI file twice with the "nest" flag in the second time
# Sign a file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=11
# PE file
test_name="111. Sign a PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111_signed.exe"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_111_signed.exe" -out "test_111.exe"
verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
# CAB file
test_name="112. Sign a CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="113. Sign a MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113_signed.msi"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_113_signed.msi" -out "test_113.msi"
verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

92
tests/recipes/12_sign_readpass_pem
View File

@ -1,58 +1,54 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file.
# Sign a file with a PEM key and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=12
# PE file
test_name="121. Sign a PE file with the PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_121.exe"
verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="122. Sign a CAB file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "test.ex_" -out "test_122.ex_"
verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="123. Sign a MSI file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "sample.msi" -out "test_123.msi"
verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-addUnauthenticatedBlob \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/13_sign_readpass_pkcs12
View File

@ -1,59 +1,54 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container
# Sign a file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=13
# PE file
test_name="131. Sign a PE file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe"
verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"
verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"
verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/14_sign_descryption
View File

@ -1,58 +1,53 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with a descryption
# Sign a file with a descryption.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=14
# PE file
test_name="141. Sign a PE file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe"
verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="142. Sign a CAB file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"
verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a descryption"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="143. Sign a MSI file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"
verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/15_sign_url
View File

@ -1,59 +1,54 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content
# Sign a file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=15
# PE file
test_name="151. Sign a PE file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe"
verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="152. Sign a CAB file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"
verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with specified URL"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="153. Sign a MSI file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"
verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-i "https://www.osslsigncode.com/" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

97
tests/recipes/16_sign_comm
View File

@ -1,61 +1,58 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID
# Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
# changes default Microsoft Individual Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Microsoft Commercial Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=16
# PE file
test_name="161. Sign a PE file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe"
verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="162. Sign a CAB file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"
verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the common purpose set"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="163. Sign a MSI file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"
verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

91
tests/recipes/17_sign_crosscertfile
View File

@ -1,60 +1,55 @@
#!/bin/sh
# Add an additional certificate to the signature block of the PE/CAB/MSI file.
# Add an additional certificate to the signature block of the file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=17
# PE file
test_name="171. Add an additional certificate to the signature block of the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe"
verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="172. Add an additional certificate to the signature block of the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"
verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Add an additional certificate to the signature block of a $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="173. Add an additional certificate to the signature block of the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"
verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-ac "${script_path}/../certs/crosscert.pem" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

61
tests/recipes/21_sign_hash_md5
View File

@ -1,27 +1,52 @@
#!/bin/sh
# Sign a PE file with MD5 set of cryptographic hash functions.
# Sign a file with MD5 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=21
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h md5 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe"
verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# MSI file
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MD5" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

61
tests/recipes/22_sign_hash_sha1
View File

@ -1,27 +1,52 @@
#!/bin/sh
# Sign a PE file with SHA1 set of cryptographic hash functions.
# Sign a file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=22
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha1 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe"
verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# MSI file
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

61
tests/recipes/23_sign_hash_sha2
View File

@ -1,27 +1,52 @@
#!/bin/sh
# Signing a PE file with SHA1 set of cryptographic hash functions.
# Signing a file with SHA2 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=23
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha2 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe"
verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# MSI file
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

61
tests/recipes/24_sign_hash_sha384
View File

@ -1,27 +1,52 @@
#!/bin/sh
# Sign a PE file with SHA384 set of cryptographic hash functions.
# Sign a file with SHA384 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=24
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha384 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe"
verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# MSI file
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

61
tests/recipes/25_sign_hash_sha512
View File

@ -1,27 +1,52 @@
#!/bin/sh
# Sign a PE file with SHA512 set of cryptographic hash functions.
# Sign a file with SHA512 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=25
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe"
verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# MSI file
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

96
tests/recipes/26_extract_signature_pem
View File

@ -1,61 +1,55 @@
#!/bin/sh
# Extract the signature in the PEM format from the PE/CAB/MSI file.
# Extract the signature in the PEM format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=26
# PE file
test_name="261. Extract the PEM signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_261.exe" && \
../../osslsigncode extract-signature -pem \
-in "test_261.exe" -out "sign_pe.pem"
verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="262. Extract the PEM signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_262.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_262.ex_" -out "sign_cab.pem"
verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Extract the PEM signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="263. Extract the PEM signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_263.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_263.msi" -out "sign_msi.pem"
verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature \
-pem \
-in "test_$number.$ext" -out "sign_$format_nr.pem"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

95
tests/recipes/27_extract_signature_der
View File

@ -1,61 +1,54 @@
#!/bin/sh
# Extract the signature in the DER format from the PE/CAB/MSI file.
# Extract the signature in the DER format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=27
# PE file
test_name="271. Extract the DER signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_271.exe" && \
../../osslsigncode extract-signature \
-in "test_271.exe" -out "sign_pe.der"
verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="272. Extract the DER signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_272.ex_" && \
../../osslsigncode extract-signature \
-in "test_272.ex_" -out "sign_cab.der"
verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Extract the DER signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="273. Extract the DER signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_273.msi" && \
../../osslsigncode extract-signature \
-in "test_273.msi" -out "sign_msi.der"
verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature\
-in "test_$number.$ext" -out "sign_$format_nr.der"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

96
tests/recipes/31_attach_signature_der
View File

@ -1,58 +1,58 @@
#!/bin/sh
# Attach the DER signature to the PE/CAB/MSI file.
# Attach the DER signature to the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=31
# PE file
test_name="311. Attach the DER signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \
-sigin "sign_pe.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_311.exe"
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="312. Attach the DER signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_312.ex_"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Attach the DER signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="313. Attach the DER signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_313.msi"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-sigin "sign_$format_nr.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$result" -ne 0; then
cp "sign_$format_nr.der" "sign_$number.der"
fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

96
tests/recipes/32_attach_signature_pem
View File

@ -1,58 +1,58 @@
#!/bin/sh
# Attach the PEM signature to the PE/CAB/MSI file.
# Attach the PEM signature to the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=32
# PE file
test_name="321. Attach the PEM signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_321.exe"
verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="322. Attach the PEM signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="323. Attach the PEM signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_323.msi"
verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$result" -ne 0; then
cp "sign_$format_nr.der" "sign_$number.der"
fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

107
tests/recipes/33_attach_signed
View File

@ -1,69 +1,58 @@
#!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file.
# Attach the signature to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=33
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="331. Attach the signature to the signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_331_signed.exe"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_331_signed.exe" -out "test_331.exe"
verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
# CAB file
test_name="332. Attach the signature to the signed CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_332_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="333. Attach the signature to the signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_333_signed.msi"
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

96
tests/recipes/34_attach_nest
View File

@ -1,74 +1,44 @@
#!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag
# in order to attach the new signature instead of replacing the first one.
# Attach the signature to the signed file with the "nest" flag in order to
# attach the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=34
# PE file
test_name="341. Attach the signature to the signed PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_341_signed.exe"
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_341_signed.exe" -out "test_341.exe"
verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
# CAB file
test_name="342. Attach the signature to the signed CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_342_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_342_signed.ex_" -out "test_342.ex_"
verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="343. Attach the signature to the signed MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_343_signed.msi"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_343_signed.msi" -out "test_343.msi"
verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-sigin "sign_$format_nr.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

93
tests/recipes/35_remove_signature
View File

@ -1,61 +1,54 @@
#!/bin/sh
# Remove the signature from the PE/CAB/MSI file.
# Remove the signature from the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=35
# PE file
test_name="351. Remove the signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_351_signed.exe" && \
../../osslsigncode remove-signature \
-in "test_351_signed.exe" -out "test_351.exe"
verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="352. Remove the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_352_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_352_signed.ex_" -out "test_352.ex_"
verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Remove the signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="353. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_353_signed.msi" && \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode remove-signature \
-in "test_353_signed.msi" -out "test_353.msi"
verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

73
tests/recipes/36_varia_sha256sum
View File

@ -1,55 +1,34 @@
#!/bin/sh
# Checking SHA256 message digests for 31x-33x tests.
# Checking SHA256 message digests for "extract" and "attach" tests.
. $(dirname $0)/../test_library
res=0
res=0
skip=0
test_name="361. Checking SHA256 message digests for 31x-33x tests"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
script_path=$(pwd)
result=0
test_nr=36
for file in ${script_path}/../logs/sha256sum/*.*
do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_exe.log" >> "results.log"
result=1
cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_exe.log"
else
skip=$(($skip+1))
fi
rm -f "sha256sum/$name"
test_result "$result" "$number" "$test_name"
done
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 2
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

104
tests/recipes/37_add_signature_timestamp
View File

@ -1,70 +1,64 @@
#!/bin/sh
# Add an authenticode timestamp to the PE/CAB/MSI file.
# Add an authenticode timestamp to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=37
# PE file
test_name="371. Add an authenticode timestamp to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_371_signed.exe" && \
../../osslsigncode add \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_371_signed.exe" -out "test_371.exe"
verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
# CAB file
test_name="372. Add an authenticode timestamp to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
fi
# MSI file
test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the signed file"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

104
tests/recipes/38_add_signature_rfc3161
View File

@ -1,70 +1,64 @@
#!/bin/sh
# Add an RFC 3161 timestamp to signed PE/CAB/MSI file.
# Add a RFC 3161 timestamp to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=38
# PE file
test_name="381. Add RFC 3161 timestamp to signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_381_signed.exe"
../../osslsigncode add \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_381_signed.exe" -out "test_381.exe"
verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
# CAB file
test_name="382. Add RFC 3161 timestamp to signed CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
fi
# MSI file
test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the signed file"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

97
tests/recipes/39_add_signature_blob
View File

@ -1,64 +1,55 @@
#!/bin/sh
# Add an unauthenticated blob to the PE/CAB/MSI file.
# Add an unauthenticated blob to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=39
# PE file
test_name="391. Add an unauthenticated blob to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_391_signed.exe"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_391_signed.exe" -out "test_391.exe"
verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="392. Add an unauthenticated blob to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_392_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_392_signed.ex_" -out "test_392.ex_"
verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Add an unauthenticated blob to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="393. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_393_signed.msi"
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_393_signed.msi" -out "test_393.msi"
verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-addUnauthenticatedBlob \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

83
tests/recipes/40_verify_leaf_hash
View File

@ -1,52 +1,51 @@
#!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file
# Compare the leaf certificate hash against specified SHA256 message digest for the file
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=40
# PE file
test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_401.exe"
verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "sample.msi" -out "test_403.msi"
verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

46
tests/recipes/41_sign_add_msi_dse
View File

@ -7,29 +7,35 @@
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=41
# PE file
# Warning: -add-msi-dse option is only valid for MSI files
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"msi") filetype=MSI; format_nr=2 ;;
"ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files
esac
# CAB file
# Warning: -add-msi-dse option is only valid for MSI files
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the add-msi-dse option"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="411. Sign a MSI file with the add-msi-dse option"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"
verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

47
tests/recipes/42_sign_jp_low
View File

@ -1,31 +1,38 @@
#!/bin/sh
# Sign a CAB file with "jp low" option
# Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files
# https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=42
# PE file
# Warning: -jp option is only valid for CAB files
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -jp option is only valid for CAB files
"msi") continue;; # Warning: -jp option is only valid for CAB files
"ex_") filetype=CAB; format_nr=3 ;;
"exe") continue;; # Warning: -jp option is only valid for CAB files
"ps1") continue;; # Warning: -jp option is only valid for CAB files
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the jp low option"
printf "\n%03d. %s\n" "$number" "$test_name"
# CAB file
test_name="421. Sign a CAB file with jp low option"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_421.ex_"
verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# MSI file
# Warning: -jp option is only valid for CAB files
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

48
tests/recipes/45_verify_fake_pe
View File

@ -1,30 +1,36 @@
#!/bin/sh
# Verify changed PE file after signing.
# Verify changed file after signing.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=45
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="451. Verify changed PE file after signing"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_451.exe"
verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
exit 0

53
tests/recipes/46_verify_timestamp
View File

@ -1,33 +1,46 @@
#!/bin/sh
# Verify changed PE file after signing with Authenticode timestamping.
# Verify changed file after signing with Authenticode timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=46
# PE file
test_name="461. Verify changed PE file after signing with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_461.exe"
verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

50
tests/recipes/47_verify_rfc3161
View File

@ -1,34 +1,46 @@
#!/bin/sh
# Verify changed PE file after signing with RFC 3161 timestamping.
# Verify changed file after signing with RFC 3161 timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=47
# PE file
test_name="471. Verify changed PE file after signing with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_471.exe"
verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
test_result "$?" "$test_name"
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

93
tests/recipes/51_verify_time
View File

@ -1,57 +1,52 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature after the cert has been expired.
# Verify a file signed after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=51
# PE file
test_name="511. Verify PE file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="512. Verify CAB file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify $filetype$desc file signed after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="513. Verify MSI file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_513.msi"'
verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

108
tests/recipes/52_verify_timestamp
View File

@ -1,66 +1,62 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired.
# Verify a file signed with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=52
# PE file
test_name="521. Verify PE file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="523. Verify MSI file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_523.msi"'
verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

108
tests/recipes/53_verify_rfc3161
View File

@ -1,66 +1,62 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired.
# Verify a file signed with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=53
# PE file
test_name="531. Verify PE file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_533.msi"'
verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

108
tests/recipes/54_verify_expired
View File

@ -1,66 +1,62 @@
#!/bin/sh
# Verify PE/CAB/MSI file signed with the expired cert.
# Verify a file signed with the expired cert.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=54
# PE file
test_name="541. Verify PE file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="542. Verify CAB file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the expired cert"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="543. Verify MSI file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_543.msi"'
verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the expired cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

108
tests/recipes/55_verify_revoked
View File

@ -1,66 +1,62 @@
#!/bin/sh
# Verify PE/CAB/MSI file signed with the revoked cert.
# Verify a file signed with the revoked cert.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=55
# PE file
test_name="551. Verify PE file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file
test_name="552. Verify CAB file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the revoked cert"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="553. Verify MSI file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_553.msi"'
verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the revoked cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

139
tests/recipes/56_verify_multiple
View File

@ -1,99 +1,60 @@
#!/bin/sh
# Verify PE/CAB/MSI file signed with the multiple signature.
# Verify a file signed with the multiple signature.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=56
# PE file
test_name="561. Verify PE file signed with the multiple signature"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
# CAB file
test_name="562. Verify CAB file signed with the multiple signature"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the multiple signature"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="563. Verify MSI file signed with the multiple signature"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2'
verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-verbose \
-in "notsigned/$name" -out "signed1_$number.$ext"
../../osslsigncode sign -h sha384 \
-st "1556668800" \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "signed1_$number.$ext" -out "signed2_$number.$ext"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "signed2_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
else
printf "Test skipped\n"
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the multiple signature"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

BIN
tests/sources/good.cat Executable file
View File

Binary file not shown.

2
tests/sources/myapp.c
View File

@ -2,5 +2,5 @@
void main(void)
{
printf("Hello world!\n");
printf("Hello world!");
}

73
tests/test_library
View File

@ -7,7 +7,8 @@ cd "${result_path}"
test_result() {
#1 last exit status
#2 test name
#2 test number
#3 test name
local result=0
@ -16,7 +17,7 @@ test_result() {
printf "%s\n" "Test succeeded"
else
printf "%s\n" "Test failed"
printf "%-80s\t%s\n" "$2" "failed" 1>&3
printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3
result=1
fi
return "$result"
@ -32,21 +33,25 @@ modify_blob() {
initial_blob=$(echo -n "$3" | xxd -p)
modified_blob=$(echo -n "FAKE" | xxd -p)
zero_blob="00000000"
xxd -p -c 1000 "test_$1.$2" | \
sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
xxd -p -r > "test_$1_changed.$2"
xxd -p -r > "changed_$1.$2"
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_$1_changed.$2" 2>> "verify.log" 1>&2
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "changed_$1.$2" 2>> "verify.log" 1>&2
result=$?
if test "$result" -ne 0 \
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1
then
printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
result=1
else
rm -f "test_$1_changed.$2"
rm -f "changed_$1.$2"
fi
return "$result"
@ -55,29 +60,19 @@ modify_blob() {
search_pattern() {
# $1 test number
# $2 filename extension
# $3 ASCII or HEX "$7 pattern" format
# $4 pattern searched in a binary file or verify.log
# $5 modify requirement
# $3 pattern searched in a binary file or verify.log
local result=0
if test "$3" = "ASCII"
if ! grep -q "$3" "verify.log"
then
hex_pattern=$(echo -n "$4" | xxd -p)
else
hex_pattern=$4
hex_pattern=$(echo -n "$3" | xxd -p)
if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
then
result=1
printf "Failed: $3 not found\n"
fi
fi
if ! grep -q "$4" "verify.log" && \
! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
then
result=1
printf "Failed: $4 not found\n"
elif test "$5" = "MODIFY"
then
modify_blob "$1" "$2" "$4"
result=$?
fi
return "$result"
}
@ -88,11 +83,11 @@ verify_signature() {
# $4 expected result
# $5 fake time
# $6 sha256sum requirement
# $7 ASCII or HEX "$7 pattern" format
# $8 pattern searched in a binary file or verify.log
# $9 modify requirement
# $7 pattern searched in the verify.log file
# $8 modify requirement
local result=0
printf "" > "verify.log"
if test "$1" -eq 0
then
@ -103,26 +98,35 @@ verify_signature() {
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN"
then
search_pattern "$2" "$3" "$7" "$8" "$9"
search_pattern "$2" "$3" "$7"
result=$?
fi
if test "$result" -eq 0 -a "$8" = "MODIFY"
then
modify_blob "$2" "$3" "$7"
result=$?
fi
if test "$6" = "sha256sum"
then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2
sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2
fi
if test "$4" = "success" -a "$result" -eq 0
then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
rm -f "test_$2_a.$3" "test_$2_b.$3"
result=0
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
elif test "$4" = "fail" -a "$result" -eq 1
then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3"
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "changed_$2.$3"
cat "verify.log" >> "results.log"
result=0
else
@ -152,6 +156,7 @@ verify_leaf_hash() {
../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?

39
tests/testall.sh
View File

@ -33,6 +33,7 @@ make_tests() {
rm -rf "${result_path}"
mkdir "${result_path}"
cd "${result_path}"
mkdir "notsigned" "sha256sum"
date > "results.log"
../../osslsigncode -v >> "results.log" 2>/dev/null
@ -57,7 +58,7 @@ if test "$result" -ne 0
# PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2
else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
@ -66,7 +67,7 @@ if test -n "$(command -v x86_64-w64-mingw32-gcc)"
# CAB files support
if test -n "$(command -v gcab)"
then
gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
@ -80,14 +81,36 @@ if grep -q "no libgsf available" "results.log"
if test -n "$(command -v wixl)"
then
touch FoobarAppl10.exe
cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2
cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2
wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2
rm -f "notsigned/sample.wxs"
rm -f "FoobarAppl10.exe"
else
printf "%s\n" "wixl not found in \$PATH"
printf "%s\n" "tests for MSI files skipped, please install msitools package"
printf "%s\n" "tests for MSI files skipped, please install wixl or msitools package depending on your OS"
fi
fi
# CAT files support
if test -s "../sources/good.cat"
then
cp "../sources/good.cat" "notsigned/good.cat"
fi
# TXT files support
if test -s "../sources/utf8.ps1"
then
cp "../sources/utf8.ps1" "notsigned/utf8.ps1"
fi
if test -s "../sources/utf8bom.ps1"
then
cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1"
fi
if test -s "../sources/utf16le.ps1"
then
cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1"
fi
# Timestamping support
if grep -q "no libcurl available" "results.log"
then
@ -101,9 +124,9 @@ if test -n "$(command -v faketime)"
then
make_tests
result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe"
rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der"
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log"
rm -r -f "notsigned/" "sha256sum/"
rm -f sign_[1-9].pem sign_[1-9].der
rm -f "verify.log"
else
printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package"

44
tests/testsign.sh
View File

@ -1,5 +1,11 @@
#!/bin/sh
if [ -z "$(command -v keytool)" ]; then
printf "%s\n" "keytool was not found in the \$PATH"
printf "%s\n" "Please install the default-jre-headless package"
exit 1
fi
rm -f putty*.exe
PUTTY_URL="http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe"
@ -14,7 +20,12 @@ fi
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
keytool -genkey \
-alias selfsigned -keysize 2048 -keyalg RSA -keypass passme -storepass passme -keystore key.ks << EOF
-alias selfsigned \
-keysize 2048 \
-keyalg RSA \
-keypass passme \
-storepass passme \
-keystore key.ks << EOF
John Doe
ACME In
ACME
@ -24,11 +35,17 @@ SE
yes
EOF
echo "Converting key/cert to PKCS12 container"
keytool -importkeystore \
-srckeystore key.ks -srcstoretype JKS -srckeypass passme -srcstorepass passme -srcalias selfsigned \
-destkeystore key.p12 -deststoretype PKCS12 -destkeypass passme -deststorepass passme
-srckeystore key.ks \
-srcstoretype JKS \
-srckeypass passme \
-srcstorepass passme \
-srcalias selfsigned \
-destkeystore key.p12 \
-deststoretype PKCS12 \
-destkeypass passme \
-deststorepass passme
rm -f key.ks
@ -46,7 +63,7 @@ openssl pkcs12 -in key.p12 -passin pass:passme -nokeys -out cert.pem
echo "Converting cert to SPC format"
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc
make -C ..
../osslsigncode sign -spc cert.spc -key key.pem putty.exe putty1.exe
../osslsigncode sign -certs cert.spc -key keyp.pem -pass passme putty.exe putty2.exe
../osslsigncode sign -certs cert.pem -key keyp.pem -pass passme putty.exe putty3.exe
@ -56,19 +73,18 @@ openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
echo ""
echo ""
echo
check=`sha1sum putty[1-9]*.exe | cut -d' ' -f1 | uniq | wc -l`
cmp putty1.exe putty2.exe && \
cmp putty2.exe putty3.exe && \
cmp putty3.exe putty4.exe && \
cmp putty4.exe putty5.exe && \
cmp putty5.exe putty6.exe
cmp putty2.exe putty3.exe && \
cmp putty3.exe putty4.exe && \
cmp putty4.exe putty5.exe && \
cmp putty5.exe putty6.exe
if [ $? -ne 0 ]; then
echo "Failure is not an option."
echo "Failure is not an option."
exit 1
else
echo "Yes, it works."
echo "Yes, it works."
fi