nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-02 19:22:47 -05:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nhyatt:2.1
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0
...
compare: nhyatt:2.4
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0

162 Commits
2.1 ... 2.4

Author SHA1 Message Date
Michał Trojnara
225a8f78fa release 2.4 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2022-08-02 21:29:07 +02:00
Michał Trojnara
23288f5a00 use the new option name for tests 2022-08-02 21:26:09 +02:00
Michał Trojnara
0e80573c58 limit platforms installing python 2022-08-01 20:59:02 +02:00
Michał Trojnara
8f6d1617eb enable built-in socket module in Python 2022-08-01 20:59:02 +02:00
Michał Trojnara
15185acb0a do not enable EH continuation metadata 2022-08-01 20:59:02 +02:00
Michał Trojnara
703ae70602 static CI build 2022-08-01 20:59:02 +02:00
Michał Trojnara
c59f5dd02c use the first cmake release that passes CI 2022-07-30 20:42:30 +02:00
Michał Trojnara
0a9dcbda6c fix the minimum required cmake 2022-07-30 12:15:50 +02:00
Michał Trojnara
f87618326f explicit cmake source path 2022-07-30 11:43:18 +02:00
Michał Trojnara
80de8e7738 create the build directory for older cmake 2022-07-30 11:37:30 +02:00
Michał Trojnara
306d467a29 try the latest supported version of cmake 2022-07-30 10:28:51 +02:00
Michał Trojnara
d0a958919d autodetect vcpkg 2022-07-30 09:53:16 +02:00
Michał Trojnara
81b58f744d simplify custom builds 2022-07-29 23:06:45 +02:00
Michał Trojnara
8f30bf28e7 set the project language 2022-07-29 19:06:00 +02:00
olszomal
a12b5c0951 suppress check compiler flag messages 2022-07-29 18:42:35 +02:00
olszomal
5bf24b34a2 remove certs directory 2022-07-29 18:42:35 +02:00
olszomal
7871e28141 fix AppleClang linker flags 2022-07-29 18:42:35 +02:00
olszomal
d7daf98db8 improve add compile and linker flags 2022-07-29 18:42:35 +02:00
olszomal
1d0918c84d Squash -Wcast-qual and -Wconversion warnings 2022-07-29 18:42:35 +02:00
olszomal
f42459ff09 Squash -Wwrite-strings warnings: 
simplify PEM_read_certs()
fix setting SpcPeImageData flags
 2022-07-29 18:42:35 +02:00
olszomal
66a6a1ced5 Squash ASN1_STRING_get0_data() returne value warning 2022-07-29 18:42:35 +02:00
olszomal
a44c8decbc Fixed clang -Wembedded-directive warning: 
embedding a directive within macro arguments has undefined behavior
 2022-07-29 18:42:35 +02:00
olszomal
d556fb78dc Add missing static specifiers 2022-07-29 18:42:35 +02:00
Michał Trojnara
4c856f3a1e Additional excludes for Windows installation 2022-07-27 16:56:34 +02:00
Michał Trojnara
1bf5f9a07b Avoid hardcoding DLL names 2022-07-27 16:41:26 +02:00
Michał Trojnara
c930d9aa7a smarter vcpkg cache restore 2022-07-27 10:10:25 +02:00
olszomal
5df8d7c181 enable python3 vcpkg dependence 2022-07-27 09:43:19 +02:00
olszomal
cf20354b91 fix sizeof java_attrs_low 2022-07-27 09:43:19 +02:00
Michał Trojnara
665ecfb64c fix Win32 builds 2022-07-27 09:30:08 +02:00
Michał Trojnara
6430bf0036 rebuild vcpkg cache on vcpkg.json changes 2022-07-26 16:56:00 +02:00
Michał Trojnara
92673b8f00 Add a build status badge 2022-07-26 16:38:08 +02:00
Michał Trojnara
3d0640a2cc CI for Linux/macOS/Windows (#166) 2022-07-26 16:27:46 +02:00
olszomal
28c68aeebf find osslsigncode path 2022-07-22 14:17:59 +02:00
olszomal
26b7d5f617 change makecers.sh mode 2022-07-21 12:21:19 +02:00
olszomal
88bf99dec8 Microsoft Visual Studio install notes 2022-07-21 12:21:19 +02:00
olszomal
757d9c39a4 fix and simplify cmake 2022-07-21 12:21:19 +02:00
olszomal
ce2d586956 Squash applink.c compilation warnings 2022-07-21 12:21:19 +02:00
olszomal
396318dcd1 Find headers 2022-07-21 12:21:19 +02:00
olszomal
24ed108099 Set bash completion 2022-07-21 12:21:19 +02:00
olszomal
7b29b45348 Set compiler and linker flags 2022-07-21 12:21:19 +02:00
olszomal
6b3450ada8 add test certificates 2022-07-21 12:21:19 +02:00
olszomal
ac3e8e5221 improve tests 2022-07-21 12:21:19 +02:00
Michał Trojnara
99400d92d6 add vcpkg.json 2022-07-18 11:38:29 +02:00
mtrojnar
b63b023c5c add 64-bit Windows targets 2022-07-17 07:48:33 +02:00
Michał Trojnara
6ffe7fa0de add faketime to ci dependencies 2022-07-16 23:22:03 +02:00
Michał Trojnara
b7d4c72756 Create ci.yml 2022-07-16 23:18:14 +02:00
mtrojnar
fb19651926 re-enable tests/install/dist on Unix 2022-07-16 21:55:04 +02:00
mtrojnar
213ea27f99 setup default 32-bit targets for MSVC 2022-07-16 21:23:48 +02:00
mtrojnar
a19d77a8a7 MSVC fixes and workarounds 2022-07-16 21:10:56 +02:00
Michał Trojnara
6a873c3a49 simplify cmake 2022-07-16 20:01:11 +02:00
fanquake
a892c50147 doc: CMAKE_C_STANDARD is C not C++ 2022-07-15 21:17:01 +02:00
olszomal
95615faf1d check PE file size 2022-07-15 21:16:07 +02:00
olszomal
860e8d6f4e cmake3 note 2022-06-20 12:13:00 +02:00
olszomal
60fe5d15fe use CMake instead of Makefile 2022-05-25 20:27:21 +02:00
olszomal
b96717506c RFC3161 section-4.3 comment 2022-04-12 11:41:27 +02:00
olszomal
157bb78a6e fix sprintf_s error stack corruption 2022-04-12 11:41:27 +02:00
olszomal
4396c451eb Revert "use a memory allocation instead of a static variable to fix sprintf_s error stack corruption" 
This reverts commit fb59d92f3c.
 2022-04-12 11:41:27 +02:00
olszomal
40bd33ee01 fix Windows build with MSVC compiler 2022-04-12 11:41:27 +02:00
olszomal
d7ae7c90f9 Revert "fix Windows build with MSVC compiler" 
This reverts commit 78220c144c.
 2022-04-12 11:41:27 +02:00
olszomal
247a82232c windows read password from file 2022-04-12 11:41:27 +02:00
olszomal
3a84987107 use a memory allocation instead of a static variable to fix sprintf_s error stack corruption 2022-04-12 11:41:27 +02:00
olszomal
afda3cc810 remove zlib dependency 2022-04-12 11:41:27 +02:00
olszomal
44eeeb1515 updated NEWS.md 2022-04-12 11:41:27 +02:00
olszomal
1c523ed616 disable verification of the Timestamp Server signature 2022-04-12 11:41:27 +02:00
olszomal
8ba94fafd9 user-specified signing and/or verifying time (-time option) 2022-04-12 11:41:27 +02:00
olszomal
82185eef18 enable "-h {md5,sha1,sha2(56),sha384,sha512}" option for "attach -signature" and "add" commands 
enable "-require-leaf-hash" option for "attach-signature" command
 2022-04-12 11:41:27 +02:00
olszomal
bec2ae2eed fix Windows build with MSVC compiler 2022-04-12 11:41:27 +02:00
olszomal
c5c23cefac more verbose timestamp response status info 2022-04-12 11:41:27 +02:00
olszomal
4c1b972f9e set the default message digest to sha256 2022-04-12 11:41:27 +02:00
Jon Turney
1bd9a87e2f Don't '#include <windows.h>' on Cygwin 
On Cygwin, don't '#include <windows.h>', so WIN32 isn't defined, so we
don't end up trying to use various MSVC functions, which don't exist in
our C runtime library.

The whole point of the Cygwin C runtime library is to try to look like
POSIX, so we always want the POSIX code in those pre-processor
conditionals.
 2022-04-10 18:00:36 +02:00
olszomal
65d17836ab disable the confusing error created while searching for the certificate 2022-04-10 17:46:30 +02:00
Dirk Müller
6a1a884f3c Add license declarations to dist tarball 
This is GPLv3, we should include the license in the sources.
 2022-04-10 17:29:24 +02:00
Michał Trojnara
98308f2e0a remove PVK conversion notes from README.md 
This is no longer needed since release 1.5, which added native support
for PVK keys.
 2022-03-06 21:57:43 +01:00
Michał Trojnara
da4413d0c7 move unauth blob documentation to README.md 
Removed dead links and references to a fork that was merged long time
ago.
 2022-03-06 21:46:47 +01:00
Michał Trojnara
c08b8cb3d5 git ignore GPG signature files 2022-03-06 21:14:26 +01:00
Michał Trojnara
5af84745de add markdown files to distribution tarballs 2022-03-06 21:11:02 +01:00
Michał Trojnara
0459fb99ef initial 2.4 commit 2022-03-06 21:00:38 +01:00
Michał Trojnara
73d7cf011e release 2.3 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2022-03-06 20:11:25 +01:00
Michał Trojnara
7affd85c46 Fix non-interactive PVK (MSBLOB) key decryption 
Fix #130
 2022-03-06 18:54:51 +01:00
Michał Trojnara
d8a182614c remove trailing tabulators 2022-03-06 17:41:36 +01:00
olszomal
ac672640be Clean up arrays (#139) 
- move large arrays to the heap
 - use the `const` type qualifier with constant arrays
 2022-03-06 16:50:23 +01:00
olszomal
5d68e8699a update change log 2022-02-28 19:50:39 +01:00
olszomal
b48458499b fix pe_calc_checksum bufor 
revert part of 45fedd9e50
 2022-02-28 19:50:39 +01:00
olszomal
4731667c35 msi const names 2022-02-25 21:42:24 +01:00
olszomal
85594d9fb2 fix memory leak 2022-02-25 21:42:24 +01:00
olszomal
5f60cc6563 use msi_dirent_free() when failed to parse the MSI_DIRENT structure 2022-02-25 21:42:24 +01:00
olszomal
77b2b30d1f check Root Directory Entry's Name 2022-02-25 21:42:24 +01:00
olszomal
e0d652b987 timestamp error 2022-02-24 23:08:24 +01:00
Michał Trojnara
b774a56aa9 Floyd's cycle-finding algorithm 2022-02-23 22:35:40 +01:00
Michał Trojnara
6eaf0d9368 fixed MSI recursion loop detection 2022-02-22 18:56:20 +01:00
olszomal
d471b51db5 add only a non-stream child to the tree 2022-02-22 18:16:21 +01:00
olszomal
7b12abf21f NOSTREAM error handling 2022-02-22 18:16:21 +01:00
olszomal
f248286d6f verify corrupted SpcPeImageData struct 2022-02-22 18:16:21 +01:00
olszomal
5db237f242 Revert "verbose msi file verification errors" 
This reverts commit 4eeeec32b4.
 2022-02-22 18:16:21 +01:00
Michał Trojnara
95c5a4451b simplify MSI parsing recursion 2022-02-22 10:08:15 +01:00
olszomal
f0207411b9 fix parse MSI_FILE_HDR struct 2022-02-21 19:24:32 +01:00
Michał Trojnara
aef958f880 modelines 2022-02-19 17:07:51 +01:00
Michał Trojnara
a6d3be739e detect recursion loop 2022-02-18 22:33:03 +01:00
olszomal
4eeeec32b4 verbose msi file verification errors 2022-02-18 18:54:48 +01:00
olszomal
ce196ce147 improve cab files verification 2022-02-18 18:54:48 +01:00
olszomal
289c345280 fix double free in msi_dirent_new() 2022-02-18 18:54:48 +01:00
olszomal
bdea1d1c2a fixed MSI_DIRENT structure parsing 2022-02-17 15:37:15 +01:00
olszomal
45fedd9e50 Fix more fuzzer errors 2022-02-11 23:32:27 +01:00
olszomal
e177ded9a5 Fix some fuzzer errors and VS2022 compiler warnings and errors 2022-02-04 17:35:46 +01:00
olszomal
5a2d0affc1 validate both header->sigpos and header->siglen 2022-01-30 22:14:21 +01:00
olszomal
5afafecc23 check a signature length in the WIN_CERTIFICATE structure 2022-01-30 22:14:21 +01:00
olszomal
07bf24911d Add bash completion script (#125) 2022-01-11 20:46:52 +01:00
Stephen Kitt
357747d2fc Typo fix: Errror 
Signed-off-by: Stephen Kitt <steve@sk2.org>
 2021-12-26 22:00:53 +01:00
olszomal
28f6ffbc42 Return the number of failed tests from make_tests 2021-12-26 21:58:44 +01:00
olszomal
fb75eee385 Put the pkcs11cert option in the usage syntax 2021-12-26 21:58:04 +01:00
olszomal
6e2fb03b7b Edit Windows install notes 2021-12-26 21:58:04 +01:00
olszomal
46d43d70b3 Test certificates support requirements of openssl 3.0: 
- AES-256-CBC encryption algorithm for PKCS#12 files
- required configuration file options
Export LD_LIBRARY_PATH
 2021-12-26 21:58:04 +01:00
olszomal
407579ca58 CA bundle auto-detection 2021-12-26 21:57:07 +01:00
olszomal
96df1a709f libcurl development package availability 2021-12-21 20:07:10 +01:00
Michał Trojnara
8c37b00d83 release 2.2 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2021-08-15 21:42:01 +02:00
aesx86
f2559972f3 fix gcc command line 2021-07-06 08:48:43 +02:00
Michał Trojnara
057d38ee76 Additional test dependency checks 2021-06-27 10:10:01 +02:00
Michał Trojnara
ed8ee4194b typo 2021-06-19 12:29:05 +02:00
Michał Trojnara
c64add388b Separate section for bootstrapping 2021-06-13 21:57:09 +02:00
sebaxakerhtc
2912eb054c missing autoconf for MacOS 2021-06-13 20:47:38 +02:00
olszomal
de05123adc update documentation 2021-06-09 23:36:17 +02:00
olszomal
180b352102 tests improvements 2021-06-09 23:36:17 +02:00
olszomal
72de045151 Add the bootstrap file 2021-06-09 23:36:17 +02:00
olszomal
95d77c9b98 help and version commands return code 0 (success) 2021-06-09 23:34:57 +02:00
olszomal
64e7e26eba free up BIO outdata only for MSI files 2021-05-30 22:14:35 +02:00
olszomal
e26a50a618 clarifying comments 2021-05-30 22:13:34 +02:00
olszomal
d2aa35a7f6 verify the content blob with the type set to OCTET STRING 2021-05-30 22:13:34 +02:00
Michał Trojnara
1c175c4339 Merge pull request #90 from olszomal/style 
Handle unsuccessful termination exit(-1)
 2021-05-04 09:40:12 +02:00
olszomal
3dad092be9 Merge branch 'master' into style 2021-05-04 09:20:12 +02:00
olszomal
de0bf341a5 free up the SIGNATURE structure 2021-05-04 09:02:20 +02:00
olszomal
4d5052c3f4 remove trailing newlines 2021-05-04 08:51:07 +02:00
olszomal
04823393f2 renamed options: 
"-untrusted" --> "-TSA-CAfile"
"-CRLuntrusted" --> "-TSA-CRLfile"
 2021-05-04 08:49:39 +02:00
olszomal
cfb897a902 handle unsuccessful termination exit (-1) 2021-04-26 11:35:19 +02:00
olszomal
8b064ca814 sizeof style 2021-04-26 10:48:53 +02:00
egonk
1bdfcc8940 fix crl nullptr crash in read_certfile 2021-04-25 21:59:36 +02:00
olszomal
bcdc5b7030 fixed width integer types 2021-04-25 21:43:00 +02:00
olszomal
3908e874a4 sizeof style 2021-04-25 21:38:57 +02:00
olszomal
a161efdb25 fix buffer overflow 2021-04-25 21:38:57 +02:00
olszomal
b01a2f5cd7 C89 standard compatibility 2021-04-25 21:38:57 +02:00
olszomal
b6e6165782 moral rights 2021-04-25 21:38:57 +02:00
olszomal
9b3697ad76 update changelog 2021-04-25 21:38:57 +02:00
olszomal
758003156e MSI file signing support 
DIFAT sectors are not supported
 2021-04-25 21:38:57 +02:00
olszomal
4f590989ce remove libgsf library dependency 
MSI file verify and remove-signature support
 2021-04-25 21:38:57 +02:00
olszomal
6df4c12624 verify msi metadata 2021-04-25 21:38:57 +02:00
Michał Trojnara
315357f092 Update a dead link in the documentation 
Closes #84
 2021-04-05 20:32:38 +02:00
olszomal
c0d9569c4f disable GSF_CAN_READ_MSI_METADATA 2021-01-11 21:21:02 +01:00
olszomal
352ef49b3a unicode description support 2021-01-11 21:20:18 +01:00
olszomal
f004aa3f48 new testing framework 2021-01-11 21:20:18 +01:00
olszomal
6edd56bfac Print the message digest algorithm from the signer info structure 2021-01-11 21:20:18 +01:00
olszomal
67e4edfe45 Print authenticated attributes: 
- message digest
- signing time
- URL description
- text description
- level of permissions for CAB files
 2021-01-11 21:20:18 +01:00
olszomal
5ad5260351 update copyright year 2021-01-11 21:20:18 +01:00
tdyer
790abf66da update documentation for timestamp server 
- verisign timestamp server is no longer in service
   update docs to point to alternative service
 2021-01-06 21:25:41 +01:00
olszomal
1dc209baa8 fix the default end date and extended key usage for test certificates 2021-01-06 21:24:40 +01:00
olszomal
2f011cfc31 p11engine and p11module need to be orthogonal (independent of each other) 2021-01-06 21:24:05 +01:00
olszomal
e8fe3e934d code simplification 2021-01-06 21:20:56 +01:00
olszomal
f8849b8048 new option -c specifies the catalog file by name 2021-01-06 21:20:56 +01:00
olszomal
86d593f264 Create a MsCtlContent structure to decode the Microsoft MS_CTL_OBJID object 2021-01-06 21:20:56 +01:00
olszomal
5e064233a3 increase the maximum size of supported CAT files 2020-11-10 04:28:43 +01:00
olszomal
fb1bc06440 CAT file tests 2020-11-02 10:11:10 +01:00
olszomal
80d5948eeb CAT files support 2020-11-02 10:11:10 +01:00
olszomal
0d6d0071d3 sort Microsoft and Generic OIDs 2020-11-02 10:11:10 +01:00
Artem Polishchuk
250521e07f fix(tests): swallows the exit code 2020-10-15 18:15:59 +02:00
108 changed files with 5858 additions and 6678 deletions
Expand all files Collapse all files

131
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,131 @@
name: CI
on:
push:
pull_request:
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- triplet: x64-linux
os: ubuntu-latest
vcpkg_root: /usr/local/share/vcpkg
- triplet: x64-osx
os: macOS-latest
vcpkg_root: /usr/local/share/vcpkg
cache: /Users/runner/.cache/vcpkg/archives
- triplet: x64-windows
arch: x64
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
- triplet: x86-windows
arch: x86
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
- triplet: x64-windows-static
arch: x64
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
runs-on: ${{matrix.os}}
steps:
- uses: actions/checkout@v3
- name: Cache the vcpkg archives
if: matrix.os != 'ubuntu-latest'
uses: actions/cache@v3
with:
path: ${{matrix.cache}}
key: ${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
restore-keys: |
${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
${{matrix.triplet}}-
- name: Configure VS Toolchain (Windows)
if: matrix.os == 'windows-latest'
uses: ilammy/msvc-dev-cmd@v1
with:
arch: ${{matrix.arch}}
- name: Install apt dependencies (Linux)
if: matrix.os == 'ubuntu-latest'
run: sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime
- name: Setup the oldest supported version of cmake (macOS)
if: matrix.os == 'macOS-latest'
uses: jwlawson/actions-setup-cmake@v1.12
with:
cmake-version: '3.17.0'
- name: Configure CMake (Linux)
if: matrix.os == 'ubuntu-latest'
run: cmake
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
- name: Configure CMake (macOS)
if: matrix.os == 'macOS-latest'
run: cmake
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
-DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
- name: Configure CMake (Windows)
if: matrix.os == 'windows-latest'
run: cmake
-G Ninja
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
-DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
- name: Build
run: cmake
--build ${{github.workspace}}/build
--config ${{env.BUILD_TYPE}}
- name: List files (Linux/macOS)
if: matrix.os != 'windows-latest'
run: find .. -ls
- name: List files (Windows)
if: matrix.os == 'windows-latest'
run: Get-ChildItem -Recurse -Name ..
- name: Test
working-directory: ${{github.workspace}}/build
run: ctest -C ${{env.BUILD_TYPE}}
- name: Upload the errors
uses: actions/upload-artifact@v3
if: failure()
with:
name: errors-${{matrix.triplet}}
path: ${{github.workspace}}/build/Testing/Temporary/LastTest.log
- name: Install
run: cmake --install ${{github.workspace}}/build
- name: Upload the executables
uses: actions/upload-artifact@v3
with:
name: osslsigncode-${{matrix.triplet}}
path: ${{github.workspace}}/dist

40
.gitignore vendored
View File

@ -1,20 +1,20 @@
.deps
Makefile
Makefile.in
aclocal.m4
autom4te.cache/
compile
build/
CMakeFiles/
_CPack_Packages/
Testing/
.vs/
CMakeCache.txt
cmake_install.cmake
config.h
config.h.in
config.h.in~
config.log
config.status
configure
depcomp
install-sh
CPackConfig.cmake
CPackSourceConfig.cmake
CTestTestfile.cmake
install_manifest.txt
Makefile
missing
osslsigncode
osslsigncode.o
osslsigncode.exe
stamp-h1
.#*#
@ -23,24 +23,20 @@ stamp-h1
.*.rej
.*~
#*#
*.asc
*.bak
*.bz2
*.d
*.def
*.dll
*.exe
*.gz
*.la
*.lib
*.lo
*.orig
*.pc
*.pdb
*.rej
*.u
*.rc
*.pc
*~
*.gz
*.bz2
**/*.log
!myapp.exe
*.pem

95
CMakeLists.txt Normal file
View File

@ -0,0 +1,95 @@
# required cmake version
cmake_minimum_required(VERSION 3.17)
# autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined
# this needs to be configured before the project() directive
if(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake"
CACHE STRING "")
endif(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python
# configure basic project information
project(osslsigncode
VERSION 2.4
DESCRIPTION "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files"
HOMEPAGE_URL "https://github.com/mtrojnar/osslsigncode"
LANGUAGES C)
# force nonstandard version format for development packages
set(DEV "")
set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${DEV}")
# version and contact information
set(PACKAGE_STRING "${PROJECT_NAME} ${PROJECT_VERSION}")
set(PACKAGE_BUGREPORT "Michal.Trojnara@stunnel.org")
# specify the C standard
set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)
# load CMake library modules
include(FindOpenSSL)
include(FindCURL)
# load CMake project modules
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")
include(SetBashCompletion)
include(FindHeaders)
# define the target
add_executable(osslsigncode)
# add compiler/linker flags
include(SetCompilerFlags)
# create and use config.h
configure_file(Config.h.in config.h)
target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1)
# set sources
target_sources(osslsigncode PRIVATE osslsigncode.c msi.c)
if(WIN32)
target_sources(osslsigncode PRIVATE applink.c)
endif(WIN32)
# set include directories
target_include_directories(osslsigncode PRIVATE "${PROJECT_BINARY_DIR}")
# set OpenSSL includes/libraries
if(NOT OPENSSL_FOUND)
message(FATAL_ERROR "OpenSSL library not found")
endif(NOT OPENSSL_FOUND)
target_include_directories(osslsigncode PRIVATE ${OPENSSL_INCLUDE_DIR})
target_link_libraries(osslsigncode PRIVATE ${OPENSSL_LIBRARIES})
# set cURL includes/libraries
if(CURL_FOUND)
target_compile_definitions(osslsigncode PRIVATE ENABLE_CURL=1)
target_include_directories(osslsigncode PRIVATE ${CURL_INCLUDE_DIRS})
target_link_libraries(osslsigncode PRIVATE ${CURL_LIBRARIES})
message(STATUS "cURL support enabled")
else(CURL_FOUND)
message(STATUS "cURL support disabled (library not found)")
endif(CURL_FOUND)
# add paths to linker search and installed rpath
set_target_properties(osslsigncode PROPERTIES INSTALL_RPATH_USE_LINK_PATH TRUE)
# testing with CTest
include(CMakeTest)
# installation rules for a project
install(TARGETS osslsigncode RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX})
if(WIN32)
install(
DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${CMAKE_INSTALL_PREFIX}
FILES_MATCHING
PATTERN "*.dll"
PATTERN "vcpkg_installed" EXCLUDE
PATTERN "CMakeFiles" EXCLUDE
PATTERN "Testing" EXCLUDE
)
else(WIN32)
include(CMakeDist)
endif(WIN32)

50
CMakeSettings.json Normal file
View File

@ -0,0 +1,50 @@
{
"configurations": [
{
"name": "x86-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x86" ]
},
{
"name": "x86-Release",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x86" ]
},
{
"name": "x64-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x64_x64" ],
"variables": []
},
{
"name": "x64-Release",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x64_x64" ],
"variables": []
}
]
}

12
Config.h.in Normal file
View File

@ -0,0 +1,12 @@
/* the configured options and settings for osslsigncode */
#define VERSION_MAJOR "@osslsigncode_VERSION_MAJOR@"
#define VERSION_MINOR "@osslsigncode_VERSION_MINOR@"
#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
#cmakedefine ENABLE_CURL
#cmakedefine HAVE_TERMIOS_H
#cmakedefine HAVE_GETPASS
#cmakedefine HAVE_SYS_MMAN_H
#cmakedefine HAVE_MMAP
#cmakedefine HAVE_MAPVIEWOFFILE
#cmakedefine _WIN32

71
INSTALL.W32.md
View File

@ -3,36 +3,31 @@
### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages:
1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions.
Once up and running install even mingw-w64-x86_64-gcc, mingw-w64-x86_64-curl, mingw-w64-x86_64-libgsf.
Once up and running install even mingw-w64-x86_64-gcc, mingw-w64-x86_64-curl.
```
pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-curl mingw-w64-x86_64-libgsf
pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-curl
```
mingw-w64-x86_64-openssl and mingw-w64-x86_64-zlib packages are installed with dependencies.
2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
```
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c -o osslsigncode.exe \
-lcrypto -lssl -lcurl -lgsf-1 -lgobject-2.0 -lglib-2.0 -lxml2 \
-I 'C:/msys64/mingw64/include/libgsf-1' \
-I 'C:/msys64/mingw64/include/glib-2.0' \
-I 'C:/msys64/mingw64/lib/glib-2.0/include' \
-D 'PACKAGE_STRING="osslsigncode 2.1.0"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D ENABLE_CURL \
-D WITH_GSF
x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-lcrypto -lssl -lcurl \
-D 'PACKAGE_STRING="osslsigncode x.y"' \
-D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \
-D ENABLE_CURL
```
3) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path.
```
path=%path%;c:\msys64\mingw64\bin
cd osslsigncode-folder
osslsigncode.exe -v
osslsigncode 2.1.0, using:
OpenSSL 1.1.1g 21 Apr 2020
libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0 libgsf 1.14.46
osslsigncode 2.4, using:
OpenSSL 1.1.1g 21 Apr 2020 (Library: OpenSSL 1.1.1g 21 Apr 2020)
libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0
```
@ -68,20 +63,21 @@
--disable-ftp --disable-tftp --disable-file --disable-dict \
--disable-telnet --disable-imap --disable-smb --disable-smtp \
--disable-gopher --disable-pop --disable-pop3 --disable-rtsp \
--disable-ldap --disable-ldaps --disable-unix-sockets --disable-pthreads
--disable-ldap --disable-ldaps --disable-unix-sockets \
--disable-pthreads --without-zstd --without-zlib
make && make install
```
3) Build 64-bit Windows executables.
```
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c -o osslsigncode.exe \
x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-L 'C:/OpenSSL/lib/' -lcrypto -lssl \
-I 'C:/OpenSSL/include/' \
-L 'C:/curl/lib' -lcurl \
-I 'C:/curl/include' \
-D 'PACKAGE_STRING="osslsigncode 2.1.0"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D 'PACKAGE_STRING="osslsigncode x.y"' \
-D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \
-D ENABLE_CURL
```
@ -91,11 +87,36 @@
copy C:\OpenSSL\bin\libssl-1_1-x64.dll
copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll
copy C:\curl\bin\libcurl-4.dll
copy C:\msys64\mingw64\bin\zlib1.dll
osslsigncode.exe -v
osslsigncode 2.1.0, using:
OpenSSL 1.1.1g 21 Apr 2020
libcurl/7.70.0 OpenSSL/1.1.1g zlib/1.2.11
no libgsf available
osslsigncode 2.4, using:
OpenSSL 1.1.1k 25 Mar 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021)
libcurl/7.78.0 OpenSSL/1.1.1k
```
### Building OpenSSL, Curl and osslsigncode sources with Microsoft Visual Studio:
1) Install and integrate vcpkg: https://vcpkg.io/en/getting-started.html
2) Git clone osslsigncode: https://github.com/mtrojnar/osslsigncode/
3) Build osslsigncode with GUI or cmake.
Navigate to the build directory and run CMake to configure the osslsigncode project
and generate a native build system:
```
mkdir build && cd build && cmake -S .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=[installation directory] -DCMAKE_TOOLCHAIN_FILE=[path to vcpkg]/scripts/buildsystems/vcpkg.cmake
```
Then call that build system to actually compile/link the osslsigncode project:
```
cmake --build .
```
4) Make tests.
```
ctest -C Release
```
5) Make install (with administrative privileges if necessary).
```
cmake --install .
```

2
LICENSE.txt
View File

@ -1,7 +1,7 @@
OpenSSL based Authenticode signing for PE/MSI/Java CAB files.
Copyright (C) 2005-2014 Per Allansson <pallansson@gmail.com>
Copyright (C) 2018-2019 Michał Trojnara <Michal.Trojnara@stunnel.org>
Copyright (C) 2018-2022 Michał Trojnara <Michal.Trojnara@stunnel.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by

16
Makefile.am
View File

@ -1,16 +0,0 @@
AUTOMAKE_OPTIONS = foreign 1.10
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/ylwrap \
$(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = .gitignore
AM_CFLAGS = $(GSF_CFLAGS) $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS)
bin_PROGRAMS = osslsigncode
osslsigncode_SOURCES = osslsigncode.c
osslsigncode_LDADD = $(GSF_LIBS) $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS)

45
CHANGELOG.md → NEWS.md
View File

@ -1,3 +1,48 @@
# osslsigncode change log
### 2.4 (2022.08.02)
- migrated the build system from GNU Autoconf to CMake
- added the "-h" option to set the cryptographic hash function
for the "attach -signature" and "add" commands
- set the default hash function to "sha256"
- added the "attach-signature" option to compute and compare the
leaf certificate hash for the "add" command
- renamed the "-st" option "-time" (the old name is accepted for
compatibility)
- updated the "-time" option to also set explicit verification time
- added the "-ignore-timestamp" option to disable timestamp server
signature verification
- removed the "-timestamp-expiration" option
- fixed several bugs
- updated the included documentation
- enabled additional compiler/linker hardening options
- added CI based on GitHub Actions
### 2.3 (2022.03.06)
**CRITICAL SECURITY VULNERABILITIES**
This release fixes several critical memory corruption vulnerabilities.
A malicious attacker could create a file, which, when processed with
osslsigncode, triggers arbitrary code execution. Any previous version
of osslsigncode should be immediately upgraded if the tool is used for
processing of untrusted files.
- fixed several memory safety issues
- fixed non-interactive PVK (MSBLOB) key decryption
- added a bash completion script
- added CA bundle path auto-detection
### 2.2 (2021.08.15)
- CAT files support (thanks to James McKenzie)
- MSI support rewritten without libgsf dependency, which allows
for handling of all the needed MSI metadata, such as dates
- "-untrusted" option renamed to "-TSA-CAfile"
- "-CRLuntrusted" option renamed to "-TSA-CRLfile"
- numerous bug fixes and improvements
### 2.1 (2020-10-11)
- certificate chain verification support

128
README.md
View File

@ -1,6 +1,10 @@
osslsigncode
============
## BUILD STATUS
[![CI](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml/badge.svg)](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml)
## WHAT IS IT?
osslsigncode is a small tool that implements part of the functionality
@ -19,28 +23,58 @@ tool would fail. And, so, osslsigncode was born.
## WHAT CAN IT DO?
It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB and MSI files. It supports
the equivalent of signtool.exe's "-j javasign.dll -jp low", i.e. add a
valid signature for a CAB file containing Java files. It supports getting
the timestamp through a proxy as well. It also supports signature verification,
removal and extraction.
It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB, CAT and MSI files.
It supports the equivalent of signtool.exe's "-j javasign.dll -jp low",
i.e. add a valid signature for a CAB file containing Java files.
It supports getting the timestamp through a proxy as well. It also
supports signature verification, removal and extraction.
## BUILDING
This build technique works on Linux and macOS, if you have the necessary tools installed:
```
./autogen.sh
./configure
make
make install
```
This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems.
See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes.
We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead of cloning from a git repository.
* On Linux, (tested on Debian/Ubuntu) you may need `sudo apt-get update && sudo apt-get install build-essential autoconf libtool libssl-dev python3-pkgconfig libcurl4-gnutls-dev`
* On macOS with Homebrew, you probably need to do these things before autogen.sh and configure:
### Configure, build, make tests and install osslsigncode
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
brew install openssl@1.1 automake pkg-config libtool
sudo apt update && sudo apt install cmake libssl-dev libcurl4-openssl-dev
```
* Install prerequisites on macOS with Homebrew:
```
brew install cmake pkg-config openssl@1.1
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
```
**NOTE:** osslsigncode requires CMake 3.6 or newer.
You may need to use `cmake3` instead of `cmake` to complete the following steps on your system.
* Navigate to the build directory and run CMake to configure the osslsigncode project
and generate a native build system:
```
mkdir build && cd build && cmake ..
```
with specific compile options:
```
-Denable-strict=ON
-Denable-pedantic=ON
```
* Then call that build system to actually compile/link the osslsigncode project (alias `make`):
```
cmake --build .
```
* Make test:
```
ctest -C Release
```
* Make install:
```
sudo cmake --install . --prefix "/home/myuser/installdir"
```
* Make tarball (simulate autotools' `make dist`):
```
cmake --build . --target package_source
```
## USAGE
@ -75,7 +109,7 @@ or if you want to add a timestamp as well:
```
osslsigncode sign -certs <cert-file> -key <key-file> \
-n "Your Application" -i http://www.yourwebsite.com/ \
-t http://timestamp.verisign.com/scripts/timstamp.dll \
-t http://timestamp.digicert.com \
-in yourapp.exe -out yourapp-signed.exe
```
You can use a certificate and key stored in a PKCS#12 container:
@ -99,11 +133,10 @@ An example of using osslsigncode with SoftHSM:
osslsigncode sign \
-pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \
-pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \
-certs <cert-file> \
-pkcs11cert 'pkcs11:token=softhsm-token;object=cert' \
-key 'pkcs11:token=softhsm-token;object=key' \
-in yourapp.exe -out yourapp-signed.exe
```
osslsigncode currently does not support reading certificates from engines.
You can check that the signed file is correct by right-clicking
on it in Windows and choose Properties --> Digital Signatures,
@ -111,41 +144,42 @@ and then choose the signature from the list, and click on
Details. You should then be presented with a dialog that says
amongst other things that "This digital signature is OK".
## CONVERTING FROM PVK TO DER
## UNAUTHENTICATED BLOBS
(This guide was written by Ryan Rubley)
The "-addUnauthenticatedBlob" parameter adds a 1024-byte unauthenticated blob
of data to the signature in the same area as the timestamp. This can be used
while signing, while timestamping, after a file has been code signed, or by
itself. This technique (but not this project) is used by Dropbox, GoToMeeting,
and Summit Route.
If you've managed to finally find osslsigncode from some searches,
you're most likely going to have a heck of a time getting your SPC
and PVK files into the formats osslsigncode wants.
### Example 1. Sign and add blob to unsigned file
On the computer where you originally purchased your certificate, you
probably had to use IE to get it. Run IE and select Tools/Internet
Options from the menu, then under the Content tab, click the Certificates
button. Under the Personal tab, select your certificate and click the
Export button. On the second page of the wizard, select the PKCS #7
Certificate (.P7B) format. This file you export as a *.p7b is what you
use instead of your *.spc file. It's the same basic thing, in a different format.
For your PVK file, you will need to download a little utility called
PVK.EXE. This can currently be downloaded at
http://support.globalsign.net/en/objectsign/PVK.zip
Run:
```
pvk -in foo.pvk -nocrypt -out foo.pem
```shell
osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi
```
This will convert your PVK file to a PEM file.
From there, you can copy the PEM file to a Linux box, and run:
```
openssl rsa -outform der -in foo.pem -out foo.der
```
This will convert your PEM file to a DER file.
### Example 2. Timestamp and add blob to signed file
You need the *.p7b and *.der files to use osslsigncode, instead of your
*.spc and *.pvk files.
```shell
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe
```
### Example 3. Add blob to signed and time-stamped file
```shell
osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe
```
### WARNING
This feature allows for doing dumb things. Be very careful with what you put
in the unauthenticated blob, as an attacker could modify this. Do NOT, under
any circumstances, put a URL here that you will use to download an additional
file. If you do do that, you would need to check the newly downloaded file is
code signed AND that it has been signed with your cert AND that it is the
version you expect. You should consider using asymmetrical encryption for the
data you put in the blob, such that the executable contains the public key to
decrypt the data. Basically, be VERY careful.
## BUGS, QUESTIONS etc.

58
README.unauthblob.md
View File

@ -1,58 +0,0 @@
# This is NOT the official repo for osslsigncode
This project was copied from osslsigncode 1.7.1 to apply some patches for compiling with cygwin and being able to add unauthenticated blobs. The official source for the project is at: http://sourceforge.net/projects/osslsigncode/
## Features added
Adds the argument "-addUnauthenticatedBlob" to add a 1024 byte unauthenticated blob of data to the signature in the same area as the timestamp. This can be used while signing, while timestamping (new `add` command added to allow just time-stamping, after a file has been code signed, or by itself.
Examples:
```
# Example 1. Sign and add blob to unsigned file
osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi
```
```
# Example 2. Timestamp and add blob to signed file
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.verisign.com/scripts/timstamp.dll -in your_signed_file.exe -out out.exe
```
```
# Example 3. Add blob to signed and time-stamped file
osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe
```
```
# Example 4. Sign, timestamp, and add blob
# Technically you can do this, but this would mean your signing certificate
# is on a computer that is connected the Internet,
# which means you are doing something wrong,
# so I'm not going to show how to do that.
```
This technique (but not this project) is used by Dropbox, GoToMeeting, and Summit Route. You can read more about this technique here:
- https://tech.dropbox.com/2014/08/tech-behind-dropboxs-new-user-experience-for-mobile/
- http://blogs.msdn.com/b/ieinternals/archive/2014/09/04/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx
## WARNING
The capability this adds can allow you to do dumb things. Be very careful with what you put in the unauthenticated blob, as an attacker could modify this. Do NOT under any circumstances put a URL here that you will use to download an additional file. If you do do that, you would need to check the newly downloaded file is code signed AND that it has been signed with your cert AND that it is the version you expect. You should consider using asymmetrical encryption for the data you put in the blob, such that the executable contains the public key to decrypt the data. Basically, be VERY careful.
## Compiling under cygwin
- Ensure you install the development libraries for openssl, libgfs, and curl.
- Install pkg-config
- Run
```
export SHELLOPTS
set -o igncr
./configure
make
```
## Download
- Compiled binary for cygwin: https://summitroute.com/downloads/osslsigncode.exe
- Compiled binary plus all the required DLL's (self-extracting exe): https://summitroute.com/downloads/osslsigncode-cygwin_files.exe

145
applink.c Normal file
View File

@ -0,0 +1,145 @@
/*
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#define APPLINK_STDIN 1
#define APPLINK_STDOUT 2
#define APPLINK_STDERR 3
#define APPLINK_FPRINTF 4
#define APPLINK_FGETS 5
#define APPLINK_FREAD 6
#define APPLINK_FWRITE 7
#define APPLINK_FSETMOD 8
#define APPLINK_FEOF 9
#define APPLINK_FCLOSE 10 /* should not be used */
#define APPLINK_FOPEN 11 /* solely for completeness */
#define APPLINK_FSEEK 12
#define APPLINK_FTELL 13
#define APPLINK_FFLUSH 14
#define APPLINK_FERROR 15
#define APPLINK_CLEARERR 16
#define APPLINK_FILENO 17 /* to be used with below */
#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */
#define APPLINK_READ 19
#define APPLINK_WRITE 20
#define APPLINK_LSEEK 21
#define APPLINK_CLOSE 22
#define APPLINK_MAX 22 /* always same as last macro */
#ifndef APPMACROS_ONLY
# include <stdio.h>
# include <io.h>
# include <fcntl.h>
# ifdef __BORLANDC__
/* _lseek in <io.h> is a function-like macro so we can't take its address */
# undef _lseek
# define _lseek lseek
# endif
static void *app_stdin(void)
{
return stdin;
}
static void *app_stdout(void)
{
return stdout;
}
static void *app_stderr(void)
{
return stderr;
}
static int app_feof(FILE *fp)
{
return feof(fp);
}
static int app_ferror(FILE *fp)
{
return ferror(fp);
}
static void app_clearerr(FILE *fp)
{
clearerr(fp);
}
static int app_fileno(FILE *fp)
{
return _fileno(fp);
}
static int app_fsetmod(FILE *fp, char mod)
{
return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
}
#ifdef __cplusplus
extern "C" {
#endif
__declspec(dllexport)
void **
# if defined(__BORLANDC__)
/*
* __stdcall appears to be the only way to get the name
* decoration right with Borland C. Otherwise it works
* purely incidentally, as we pass no parameters.
*/
__stdcall
# else
__cdecl
# endif
#pragma warning(push, 2)
OPENSSL_Applink(void)
{
static int once = 1;
static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
{ (void *)APPLINK_MAX };
if (once) {
OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
OPENSSL_ApplinkTable[APPLINK_READ] = _read;
OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
once = 0;
}
return OPENSSL_ApplinkTable;
}
#pragma warning(pop)
#ifdef __cplusplus
}
#endif
#endif

1578
autogen.sh
View File

File diff suppressed because it is too large Load Diff

27
cmake/CMakeDist.cmake Normal file
View File

@ -0,0 +1,27 @@
# make dist
# cmake --build . --target package_source
set(CPACK_PACKAGE_NAME ${PROJECT_NAME})
set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files")
set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME})
set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md")
set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING.txt")
set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
set(CPACK_SOURCE_GENERATOR "TGZ")
set(CPACK_SOURCE_IGNORE_FILES "\.git/;\.gitignore")
list(APPEND CPACK_SOURCE_IGNORE_FILES "Makefile")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackConfig.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackSourceConfig.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CTestTestfile.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "cmake_install.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "config.h")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/CMakeFiles/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/Testing/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/_CPack_Packages/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/build/")
include(CPack)
add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source)

298
cmake/CMakeTest.cmake Normal file
View File

@ -0,0 +1,298 @@
# make test
# ctest -C Release
include(FindPython3)
enable_testing()
set(FILES "${PROJECT_BINARY_DIR}/Testing/files")
set(CERTS "${PROJECT_BINARY_DIR}/Testing/certs")
set(CONF "${PROJECT_BINARY_DIR}/Testing/conf")
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/files"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/conf"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/tsa_server.py"
DESTINATION "${PROJECT_BINARY_DIR}/Testing"
)
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt"
DESTINATION "${CONF}"
)
set(priv_p12 "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt")
set(priv_spc "-certs" "${CERTS}/cert.spc" "-key" "${CERTS}/key.pvk" "-pass" "passme")
set(priv_der "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme")
set(priv_pkey "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/keyp.pem" "-pass" "passme")
set(sign_opt "-time" "1556708400"
"-add-msi-dse" "-comm" "-ph" "-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode" "-ac" "${CERTS}/crosscert.pem"
)
if(NOT CMAKE_HOST_WIN32)
execute_process(
COMMAND "${CONF}/makecerts.sh"
WORKING_DIRECTORY ${CONF}
OUTPUT_VARIABLE makecerts_output
RESULT_VARIABLE makecerts_result
)
else()
set(makecerts_result 1)
endif()
if(makecerts_result)
message(STATUS "makecerts.sh failed")
if(makecerts_output)
message(STATUS "${makecerts_output}")
endif()
file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs"
DESTINATION "${PROJECT_BINARY_DIR}/Testing"
)
endif()
execute_process(
COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der"
OUTPUT_VARIABLE sha256sum
)
string(SUBSTRING ${sha256sum} 0 64 leafhash)
set(verify_opt "-CAfile" "${CERTS}/CACert.pem"
"-CRLfile" "${CERTS}/CACertCRL.pem"
"-TSA-CAfile" "${CERTS}/TSACA.pem"
)
set(extensions_4 "exe" "ex_" "msi" "cat")
set(extensions_3 "exe" "ex_" "msi")
set(files_4 "signed" "nested" "added")
set(files_3 "removed" "attached_pem" "attached_der")
set(sign_formats "pem" "der")
set(pem_certs "cert" "expired" "revoked")
set(failed_certs "expired" "revoked")
add_test(
NAME version
COMMAND osslsigncode --version
)
foreach(ext ${extensions_4})
# Signing time: May 1 00:00:00 2019 GMT
set(sign_${ext} )
add_test(
NAME signed_${ext}
COMMAND osslsigncode "sign" ${sign_opt} ${priv_p12}
"-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME removed_${ext}
COMMAND osslsigncode "remove-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME extract_pem_${ext}
COMMAND osslsigncode "extract-signature" "-pem"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME extract_der_${ext}
COMMAND osslsigncode "extract-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der"
)
endforeach()
foreach(ext ${extensions_3})
set_tests_properties(removed_${ext} extract_pem_${ext} extract_der_${ext}
PROPERTIES DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
foreach(format ${sign_formats})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME attached_${format}_${ext}
COMMAND osslsigncode "attach-signature" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-add-msi-dse" "-h" "sha512" "-nest"
"-sigin" "${FILES}/${ext}.${format}"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}"
)
set_tests_properties(attached_${format}_${ext} PROPERTIES
DEPENDS extract_pem_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
REQUIRED_FILES "${FILES}/${ext}.${format}"
)
endforeach()
endforeach()
foreach(ext ${extensions_4})
add_test(
NAME added_${ext}
COMMAND osslsigncode "add"
"-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}"
)
set_tests_properties(added_${ext} PROPERTIES
DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_4})
add_test(
NAME nested_${ext}
COMMAND osslsigncode "sign" "-nest" ${sign_opt} ${priv_der}
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}"
)
set_tests_properties(nested_${ext} PROPERTIES
DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(file ${files_4})
foreach(ext ${extensions_4})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_${file}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-in" "${FILES}/${file}.${ext}"
)
set_tests_properties(verify_${file}_${ext} PROPERTIES
DEPENDS ${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}"
)
endforeach()
endforeach()
foreach(file ${files_3})
foreach(ext ${extensions_3})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_${file}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-in" "${FILES}/${file}.${ext}"
)
set_tests_properties(verify_${file}_${ext} PROPERTIES
DEPENDS ${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}"
)
endforeach()
endforeach()
foreach(ext ${extensions_3})
set_tests_properties(verify_removed_${ext} PROPERTIES
WILL_FAIL TRUE
)
endforeach()
if(Python3_FOUND)
foreach(ext ${extensions_4})
foreach(cert ${pem_certs})
add_test(
NAME sign_ts_${cert}_${ext}
COMMAND ${Python3_EXECUTABLE} "${PROJECT_BINARY_DIR}/Testing/tsa_server.py"
"--certs" "${CERTS}/${cert}.pem" "--key" "${CERTS}/key.pem"
"--input" "${FILES}/unsigned.${ext}" "--output" "${FILES}/ts_${cert}.${ext}"
)
endforeach()
endforeach()
foreach(ext ${extensions_4})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_ts_cert_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_cert_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
)
endforeach()
# Signature verification time: Jan 1 00:00:00 2035 GMT
foreach(ext ${extensions_4})
add_test(
NAME verify_ts_future_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "2051222400"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_future_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
)
endforeach()
# Signature verification time: Jan 1 00:00:00 2035 GMT
# enabled "-ignore-timestamp" option
foreach(ext ${extensions_4})
add_test(
NAME verify_ts_ignore_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "2051222400"
"-ignore-timestamp"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_ignore_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
WILL_FAIL TRUE
)
endforeach()
# Signature verification time: Sep 1 00:00:00 2019 GMT
# Certificate has expired or revoked
foreach(ext ${extensions_4})
foreach(cert ${failed_certs})
add_test(
NAME verify_ts_${cert}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-in" "${FILES}/ts_${cert}.${ext}"
)
set_tests_properties(verify_ts_${cert}_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_${cert}.${ext}"
WILL_FAIL TRUE
)
endforeach()
endforeach()
else()
message(STATUS "Python3 was not found, skip timestamping tests")
endif()
foreach(ext ${extensions_4})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/nested.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/removed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/added.${ext}")
foreach(cert ${pem_certs})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}")
endforeach()
foreach(format ${sign_formats})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}")
endforeach()
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr")
endforeach()
add_test(NAME remove_files COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})

22
cmake/FindHeaders.cmake Normal file
View File

@ -0,0 +1,22 @@
include(CheckIncludeFile)
include(CheckFunctionExists)
if(NOT MSVC)
check_function_exists(getpass HAVE_GETPASS)
check_include_file(termios.h HAVE_TERMIOS_H)
check_include_file(sys/mman.h HAVE_SYS_MMAN_H)
if(HAVE_SYS_MMAN_H)
check_function_exists(mmap HAVE_MMAP)
if(NOT HAVE_MMAP)
message(FATAL_ERROR "Error: Need mmap to build.")
endif()
endif()
endif()
# include wincrypt.h in Windows.h
if(MSVC AND NOT CYGWIN)
check_include_file(windows.h HAVE_MAPVIEWOFFILE)
if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE))
message(FATAL_ERROR "Error: Need file mapping function to build.")
endif()
endif()

13
cmake/SetBashCompletion.cmake Normal file
View File

@ -0,0 +1,13 @@
if(NOT MSVC)
find_package(bash-completion QUIET)
if(NOT BASH_COMPLETION_COMPLETIONSDIR)
if(BASH_COMPLETION_COMPATDIR)
set(BASH_COMPLETION_COMPLETIONSDIR ${BASH_COMPLETION_COMPATDIR})
else()
set(SHAREDIR "${CMAKE_INSTALL_PREFIX}/share")
set(BASH_COMPLETION_COMPLETIONSDIR "${SHAREDIR}/bash-completion/completions")
endif()
endif()
message(STATUS "Using bash completions dir ${BASH_COMPLETION_COMPLETIONSDIR}")
install(FILES "osslsigncode.bash" DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR})
endif()

111
cmake/SetCompilerFlags.cmake Normal file
View File

@ -0,0 +1,111 @@
include(CheckCCompilerFlag)
set(CMAKE_REQUIRED_QUIET ON)
function(add_debug_flag_if_supported flagname targets)
check_c_compiler_flag("${flagname}" HAVE_FLAG_${flagname})
if (HAVE_FLAG_${flagname})
foreach(target ${targets})
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:${flagname}>)
endforeach()
endif()
endfunction()
function(add_compile_flag_to_targets targets)
set(CHECKED_DEBUG_FLAGS
"-ggdb"
"-g"
"-O2"
"-pedantic"
"-Wall"
"-Wextra"
"-Wno-long-long"
"-Wconversion"
"-D_FORTIFY_SOURCE=2"
"-Wformat=2"
"-Wredundant-decls"
"-Wcast-qual"
"-Wnull-dereference"
"-Wno-deprecated-declarations"
"-Wmissing-declarations"
"-Wmissing-prototypes"
"-Wmissing-noreturn"
"-Wmissing-braces"
"-Wparentheses"
"-Wstrict-aliasing=3"
"-Wstrict-overflow=2"
"-Wlogical-op"
"-Wwrite-strings"
"-Wcast-align=strict"
"-Wdisabled-optimization"
"-Wshift-overflow=2"
"-Wundef"
"-Wshadow"
"-Wmisleading-indentation"
"-Wabsolute-value"
"-Wunused-parameter"
"-Wunused-function"
)
foreach(flag ${CHECKED_DEBUG_FLAGS})
add_debug_flag_if_supported(${flag} ${targets})
endforeach()
endfunction()
function(add_compile_flags target)
if(MSVC)
# Enable parallel builds
target_compile_options(${target} PRIVATE /MP)
# Use address space layout randomization, generate PIE code for ASLR (default on)
target_link_options(${target} PRIVATE /DYNAMICBASE)
# Create terminal server aware application (default on)
target_link_options(${target} PRIVATE /TSAWARE)
# Mark the binary as compatible with Intel Control-flow Enforcement Technology (CET) Shadow Stack
target_link_options(${target} PRIVATE /CETCOMPAT)
# Enable compiler generation of Control Flow Guard security checks
target_compile_options(${target} PRIVATE /guard:cf)
target_link_options(${target} PRIVATE /guard:cf)
# Buffer Security Check
target_compile_options(${target} PRIVATE /GS)
# Suppress startup banner
target_link_options(${target} PRIVATE /NOLOGO)
# Generate debug info
target_link_options(${target} PRIVATE /DEBUG)
if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
# High entropy ASLR for 64 bits targets (default on)
target_link_options(${target} PRIVATE /HIGHENTROPYVA)
# Enable generation of EH Continuation (EHCONT) metadata by the compiler
#target_compile_options(${target} PRIVATE /guard:ehcont)
#target_link_options(${target} PRIVATE /guard:ehcont)
else()
# Can handle addresses larger than 2 gigabytes
target_link_options(${target} PRIVATE /LARGEADDRESSAWARE)
# Safe structured exception handlers (x86 only)
target_link_options(${target} PRIVATE /SAFESEH)
endif()
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/D_FORTIFY_SOURCE=2>)
# Unrecognized compiler options are errors
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/options:strict>)
else()
check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
if(HAVE_STACK_PROTECTOR_ALL)
target_link_options(${target} PRIVATE -fstack-protector-all)
else()
check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR)
if(HAVE_STACK_PROTECTOR)
target_link_options(${target} PRIVATE -fstack-protector)
else()
message(WARNING "No stack protection supported")
endif()
endif()
# Support address space layout randomization (ASLR)
target_compile_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE -pie>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,relro>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,now>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,noexecstack>)
target_link_options(${target} PRIVATE -fstack-check)
add_compile_flag_to_targets(${target})
endif()
endfunction()
add_compile_flags(osslsigncode)

140
configure.ac
View File

@ -1,140 +0,0 @@
AC_PREREQ(2.60)
AC_INIT([osslsigncode], [2.1.0], [Michal.Trojnara@stunnel.org])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
AC_CONFIG_SRCDIR([osslsigncode.c])
dnl Checks for programs.
AC_PROG_CC
AC_USE_SYSTEM_EXTENSIONS
AC_ARG_ENABLE(
[strict],
[AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@disabled@:>@])],
,
[enable_strict="no"]
)
AC_ARG_ENABLE(
[pedantic],
[AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@disabled@:>@])],
,
[enable_pedantic="no"]
)
AC_ARG_WITH(
[curl],
[AS_HELP_STRING([--with-curl],[enable curl @<:@enabled@:>@])],
,
[with_curl="yes"]
)
if test "${enable_pedantic}" = "yes"; then
enable_strict="yes";
CFLAGS="${CFLAGS} -pedantic"
fi
if test "${enable_strict}" = "yes"; then
CFLAGS="${CFLAGS} -Wall -Wextra"
fi
PKG_PROG_PKG_CONFIG
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MKDIR_P
AC_PROG_SED
AC_PROG_MAKE_SET
AC_C_CONST
AC_HEADER_STDC
AC_HEADER_TIME
AC_CHECK_HEADERS(
[sys/mman.h],
[AC_CHECK_FUNC(
[mmap],
[AC_DEFINE(HAVE_MMAP, [1], [Define to 1 if you have mmap])],
[AC_MSG_ERROR([Need mmap to build.])]
)],
[have_mmap=no]
)
AC_CHECK_HEADERS(
[windows.h],
[],
[have_MapViewOfFile=no]
)
AS_IF([test "x$have_mmap$have_MapViewOfFile" = "xnono"],
[AC_MSG_ERROR([Need file mapping function to buid.])])
AC_CHECK_LIB(
[dl],
[dlopen],
[DL_LIBS="-ldl"]
)
AC_CHECK_HEADERS([termios.h])
AC_CHECK_FUNCS(getpass)
AC_ARG_WITH([gsf],
AS_HELP_STRING([--without-gsf], [Ignore presence of libgsf and disable it])
)
AS_IF([test "x$with_gsf" != "xno"],
[PKG_CHECK_MODULES([GSF], [libgsf-1], [have_gsf=yes], [have_gsf=no])],
[have_gsf=no]
)
AS_IF([test "x$have_gsf" = "xyes"],
[AC_DEFINE([WITH_GSF], 1, [Have libgsf?])],
[AS_IF([test "x$with_gsf" = "xyes"],
[AC_MSG_ERROR([libgsf requested but not found])])]
)
PKG_CHECK_MODULES(
[OPENSSL],
[libcrypto >= 1.1.1],
,
[PKG_CHECK_MODULES(
[OPENSSL],
[openssl >= 1.1.1],
,
[AC_CHECK_LIB(
[crypto],
[EVP_MD_CTX_new],
[OPENSSL_LIBS="-lcrypto ${SOCKETS_LIBS} ${DL_LIBS}"],
[AC_MSG_ERROR([OpenSSL 1.1.1 or later is required. https://www.openssl.org/])],
[${DL_LIBS}]
)]
)]
)
PKG_CHECK_MODULES(
[LIBCURL],
[libcurl >= 7.12.0],
,
[AC_CHECK_LIB(
[curl],
[curl_easy_strerror],
[LIBCURL_LIBS="-lcurl"],
,
[${DL_LIBS}]
)]
)
if test "${with_curl}" = "yes"; then
test -z "${LIBCURL_LIBS}" && AC_MSG_ERROR([Curl 7.12.0 or later is required for timestamping support. http://curl.haxx.se/])
OPTIONAL_LIBCURL_CFLAGS="${LIBCURL_CFLAGS}"
OPTIONAL_LIBCURL_LIBS="${LIBCURL_LIBS}"
AC_DEFINE([ENABLE_CURL], [1], [libcurl is enabled])
fi
AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
AC_SUBST([OPTIONAL_LIBCURL_LIBS])
AC_DEFINE_UNQUOTED([CA_BUNDLE_PATH], ["$(curl-config --ca 2>/dev/null)"], [CA bundle install path])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
# vim: set ts=4 noexpandtab:

1346
msi.c Normal file
View File

File diff suppressed because it is too large Load Diff

238
msi.h Normal file
View File

@ -0,0 +1,238 @@
/*
* MSI file support library
*
* Copyright (C) 2021 Michał Trojnara <Michal.Trojnara@stunnel.org>
* Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
*
* Reference specifications:
* http://en.wikipedia.org/wiki/Compound_File_Binary_Format
* https://msdn.microsoft.com/en-us/library/dd942138.aspx
* https://github.com/microsoft/compoundfilereader
*/
#include <stdint.h>
#include <openssl/safestack.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#define MAXREGSECT 0xfffffffa /* maximum regular sector number */
#define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */
#define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */
#define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */
#define NOSTREAM 0xffffffff /* terminator or empty pointer */
#define FREESECT 0xffffffff /* empty unallocated free sectors */
#define DIR_UNKNOWN 0
#define DIR_STORAGE 1
#define DIR_STREAM 2
#define DIR_ROOT 5
#define RED_COLOR 0
#define BLACK_COLOR 1
#define DIFAT_IN_HEADER 109
#define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */
#define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */
#define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */
#define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */
#define HEADER_CLSID 0x08 /* reserved and unused */
#define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */
#define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */
#define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */
#define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */
#define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */
#define RESERVED 0x22 /* reserved and unused */
#define HEADER_DIR_SECTORS_NUM 0x28
#define HEADER_FAT_SECTORS_NUM 0x2c
#define HEADER_DIR_SECTOR_LOC 0x30
#define HEADER_TRANSACTION 0x34
#define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */
#define HEADER_MINI_FAT_SECTOR_LOC 0x3c
#define HEADER_MINI_FAT_SECTORS_NUM 0x40
#define HEADER_DIFAT_SECTOR_LOC 0x44
#define HEADER_DIFAT_SECTORS_NUM 0x48
#define HEADER_DIFAT 0x4c
#define DIRENT_SIZE 0x80 /* 128 bytes */
#define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */
#define DIRENT_NAME 0x00
#define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */
#define DIRENT_TYPE 0x42
#define DIRENT_COLOUR 0x43
#define DIRENT_LEFT_SIBLING_ID 0x44
#define DIRENT_RIGHT_SIBLING_ID 0x48
#define DIRENT_CHILD_ID 0x4c
#define DIRENT_CLSID 0x50
#define DIRENT_STATE_BITS 0x60
#define DIRENT_CREATE_TIME 0x64
#define DIRENT_MODIFY_TIME 0x6c
#define DIRENT_START_SECTOR_LOC 0x74
#define DIRENT_FILE_SIZE 0x78
#define GET_UINT8_LE(p) ((const u_char *)(p))[0]
#define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \
(((const u_char *)(p))[1] << 8))
#define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \
(((const u_char *)(p))[1] << 8) | \
(((const u_char *)(p))[2] << 16) | \
(((const u_char *)(p))[3] << 24))
#define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff);
#define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \
((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff)
#define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \
((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \
((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \
((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff)
#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE 1
#endif
#define SIZE_64K 65536 /* 2^16 */
#define SIZE_16M 16777216 /* 2^24 */
typedef unsigned char u_char;
typedef struct {
u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */
u_char unused_clsid[16]; /* reserved and unused */
uint16_t minorVersion;
uint16_t majorVersion;
uint16_t byteOrder;
uint16_t sectorShift; /* power of 2 */
uint16_t miniSectorShift; /* power of 2 */
u_char reserved[6]; /* reserved and unused */
uint32_t numDirectorySector;
uint32_t numFATSector;
uint32_t firstDirectorySectorLocation;
uint32_t transactionSignatureNumber; /* reserved */
uint32_t miniStreamCutoffSize;
uint32_t firstMiniFATSectorLocation;
uint32_t numMiniFATSector;
uint32_t firstDIFATSectorLocation;
uint32_t numDIFATSector;
uint32_t headerDIFAT[DIFAT_IN_HEADER];
} MSI_FILE_HDR;
typedef struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
uint8_t colorFlag;
uint32_t leftSiblingID;
uint32_t rightSiblingID;
uint32_t childID;
u_char clsid[16];
u_char stateBits[4];
u_char creationTime[8];
u_char modifiedTime[8];
uint32_t startSectorLocation;
u_char size[8];
} MSI_ENTRY;
typedef struct msi_dirent_struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
MSI_ENTRY *entry;
STACK_OF(MSI_DIRENT) *children;
struct msi_dirent_struct *next; /* for cycle detection */
} MSI_DIRENT;
DEFINE_STACK_OF(MSI_DIRENT)
typedef struct {
const u_char *m_buffer;
uint32_t m_bufferLen;
MSI_FILE_HDR *m_hdr;
uint32_t m_sectorSize;
uint32_t m_minisectorSize;
uint32_t m_miniStreamStartSector;
} MSI_FILE;
typedef struct {
char *header;
char *ministream;
char *minifat;
char *fat;
uint32_t dirtreeLen;
uint32_t miniStreamLen;
uint32_t minifatLen;
uint32_t fatLen;
uint32_t ministreamsMemallocCount;
uint32_t minifatMemallocCount;
uint32_t fatMemallocCount;
uint32_t dirtreeSectorsCount;
uint32_t minifatSectorsCount;
uint32_t fatSectorsCount;
uint32_t miniSectorNum;
uint32_t sectorNum;
uint32_t sectorSize;
} MSI_OUT;
static const u_char msi_magic[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1
};
static const u_char digital_signature[] = {
0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00,
0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00,
0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00,
0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00,
0x65, 0x00, 0x00, 0x00
};
static const u_char digital_signature_ex[] = {
0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00,
0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00,
0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00,
0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00,
0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00,
0x45, 0x00, 0x78, 0x00, 0x00, 0x00
};
static const u_char msi_root_entry[] = {
0x52, 0x00, 0x6F, 0x00, 0x6F, 0x00, 0x74, 0x00,
0x20, 0x00, 0x45, 0x00, 0x6E, 0x00, 0x74, 0x00,
0x72, 0x00, 0x79, 0x00, 0x00, 0x00
};
static const u_char msi_zeroes[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len);
MSI_FILE *msi_file_new(char *buffer, uint32_t len);
void msi_file_free(MSI_FILE *msi);
MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi);
int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret);
MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse);
void msi_dirent_free(MSI_DIRENT *dirent);
int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_calc_digest(char *indata, int mdtype, u_char *mdbuf, uint32_t fileend);
int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen);
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, uint32_t len,
u_char *p_msiex, uint32_t len_msiex, BIO *outdata);
/*
Local Variables:
c-basic-offset: 4
tab-width: 4
indent-tabs-mode: t
End:
vim: set ts=4 noexpandtab:
*/

76
osslsigncode.bash Normal file
View File

@ -0,0 +1,76 @@
# bash completion for osslsigncode -*- shell-script -*-
# Copyright (C) 2021-2022 Michał Trojnara <Michal.Trojnara@stunnel.org>
# Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
bind 'set show-all-if-ambiguous on'
bind 'set completion-ignore-case on'
COMP_WORDBREAKS=${COMP_WORDBREAKS//:}
_comp_cmd_osslsigncode()
{
local cur prev words cword
_init_completion || return
local commands command options timestamps rfc3161
commands="--help --version -v
sign add attach-signature extract-signature remove-signature verify"
timestamps="http://timestamp.digicert.com
http://time.certum.pl
http://timestamp.sectigo.com
http://timestamp.globalsign.com/?signature=sha2"
rfc3161="http://timestamp.digicert.com
http://time.certum.pl
http://timestamp.entrust.net/TSS/RFC3161sha2TS
http://tss.accv.es:8318/tsa
http://kstamp.keynectis.com/KSign/
http://sha256timestamp.ws.symantec.com/sha256/timestamp"
if ((cword == 1)); then
COMPREPLY=($(compgen -W "${commands}" -- ${cur}))
else
command=${words[1]}
case $prev in
-ac | -c | -catalog | -certs | -spc | -key | -pkcs12 | -pass | \
-readpass | -pkcs11engine | -pkcs11module | -in | -out | -sigin | \
-n | -CAfile | -CRLfile | -TSA-CAfile | -TSA-CRLfile)
_filedir
return
;;
-h | -require-leaf-hash)
COMPREPLY=($(compgen -W 'md5 sha1 sha2 sha256 sha384 sha512' \
-- "$cur"))
return
;;
-jp)
COMPREPLY=($(compgen -W 'low medium high' -- "$cur"))
return
;;
-t)
COMPREPLY=($(compgen -W "${timestamps}" -- "$cur"))
return
;;
-ts)
COMPREPLY=($(compgen -W "${rfc3161}" -- "$cur"))
return
;;
-i | -p)
_known_hosts_real -- "$cur"
return
;;
esac
if [[ $cur == -* ]]; then
# possible options for the command
options=$(_parse_help "$1" "$command --help" 2>/dev/null)
COMPREPLY=($(compgen -W "${options}" -- ${cur}))
fi
fi
} &&
complete -F _comp_cmd_osslsigncode osslsigncode
# ex: filetype=sh

3742
osslsigncode.c
View File

File diff suppressed because it is too large Load Diff

7
tests/certs/.gitignore vendored
View File

@ -1,6 +1 @@
*.der
*.pem
*.pvk
*.p12
*.spc
*.txt
*.log

22
tests/certs/CACert.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUOK8lwJ8A1Oqw8jDAb3TF06ve+PcwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTcwMTAxMDAwMDAwWhcNMjYxMTEwMDAwMDAwWjBYMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKzObJwYq4t9Y/OOQLqUNLU8RDXq284L8zQgRLkvApF87FNN7kozIgC9
/HAgJSho/Lup5lzkCWa3fjkYm1EBrL+JihesSaCxxe7LOg6tRaY+WxikwMUnlkNE
s3R+DogeGVsla4q0FEcICiz3FHTfSAUVmrN3Nj1ll7npJXrqmXxfCuO3slgjUkHq
tdZ5t1rSWwbiUhGIQKLzo3/uw2XoOI28qpoOw+0/y8AyjWs8My3u8GrYFr+qh5fx
Y0Zp0EhhAJo23Xd43XmeVKjuKIOaHu3JiM8sp9K1WFsTvFNAO27TBRn/X0mJCeDX
T117dQxhWOCcQ/uRGuXICT4ign8MLtUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQU6ewx3DIpbR8OptEmDFlYNELRqP4wHwYDVR0jBBgwFoAU6ewx
3DIpbR8OptEmDFlYNELRqP4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
A4IBAQAhRMun0IzPmHVFM+SOfSCPVAgogWpqR5XlBAFlS+Aen6v3ukQAQjEhfBbE
dZG6ye9i0ebf9qXYTvSq5wfaqP7FGb2/Z96uPXNMXPi796KjLW2CG578DitORPb7
x1eV3UGrQX2bMQ0JbGkBU+DIdIRBqDfad/kjLtm5eHyCbaodSWdaZO4LSUIy3MBx
2UeBj2qD4RTA0Dt7hG7RA5QdTxHlZyLIk8HX3krZ+il5RmSbOnQs/XqK5DJp4J5p
122sIO4Y9ki+Wewzx8f3/7mcVbcMo67GwRHo8bk3GjWE74pczyrzfP68vDQ4tn85
NcLPeLClfSziJD09z+Iyp94EQeKX
-----END CERTIFICATE-----

13
tests/certs/CACertCRL.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN X509 CRL-----
MIIB9zCB4AIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJQTDEVMBMGA1UE
CgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBFw0xOTAxMDEwMDAwMDBaFw00MzAx
MDEwMDAwMDBaMCcwJQIUOpY5wp7DtqsdxII7sxculedk0PYXDTIyMDcyNjEzMDk1
NlqgIzAhMB8GA1UdIwQYMBaAFJ4FrAtb4UB/ag702URPiid97ziLMA0GCSqGSIb3
DQEBCwUAA4IBAQA4Kw0vEJrtjjMam16iN/stOMxJDgkp1IQzA3narxr9fEjX5Ynk
JztuEExtowPIDOLGWCySXNEMmxCzXNAMvlUq+UQvnWrwgHQ9R7TBYIcAY+VRmzKz
T4PXvDSL2WMuJ1dLWoIcL2D0wEdti7YMvAnCrOC8HAPGgke5QcOgSfMSAYSAtpiw
PZAFgcuo53AodlCw9J+CPcHPYw+C2QExOy8s8q6d8Xgjg+Ge7v3RxLWy74sNPl0u
uZ79vcLNEeqEXxKaw5abqDqIDcUKIT3b62KsSxkak9IGNMLcTASw1V+YaKVLSYNW
NTuc5WJblfZi/q7WUMKkmRERzvdg2rf0CSH1
-----END X509 CRL-----

28
tests/certs/TSA.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCivbbTCnbOqPoV
7VVP/KJzgslx8yfX9laGwTsvzqStQtG8j40ljR85WD/bgy3I5duebudg7JhOVH2f
aSqbh8SCzP4YNDFcseDIuHdoXi54POgW3S/wbe8l8P7g3btcBgnlXh/izhUlEMib
Q/8G8UZj0n/MgKMLzcXc4t2eQ4Pzw7xAPqoXBZ20Fg2rFBfUsDDLc5F7lpO5t1WQ
dXTYmF0oAL/HLmd+HKe5Xgp9jJ6XacesjWLnhRdZ06uUP9cgo+Jem4QZxeFhOtMe
KAf7JH3Juz2Gi0a+4dMSNzES4m8RAlf6pXh4kAh7EhMNb/Ir6ZpY8uKM7dtn38mh
1f59EKc9AgMBAAECggEAK5zB0P695hYcpyGqOjxO4LvM9m+eXt7SQ1ynWuF6+j+s
62ZhAg42rux6eH5IF82ZtHSuJyhgjKVR4RWS6IlS3WbINX5PODMnNUNSJLMQqwJP
hEkUXs9nRni2JVbmrfukTUaTLvnhasR7rjhjsN2Z6ohv3UMf7rrfapmVoKMhSoLd
jqvZ2ZoaT5mfTiK/5PDyWqrt/vmvE4VlipAsvudwozG5vQDEsCNDNUTg5OTGnPUU
i0xeQTioqzCcweIlEaWhj/eMHx/eAeZ6V0Evid/YwTDlbTqVDWZGLJ/phOnKJs3V
j+eOv7E2d1ga7149SPDIv5Y0YZ91v3M06ICk5o66gQKBgQDSM+YyR5YOJTSAuAcI
uKTc33wwCbPiJF/F1zLJDdPp2IamZQbuNIX/8fOG3Gho+OnfNAykMcr3rFrug2vi
9GhWDQqguYGh16xos+2zNan6P/s0/rQ4OfPIsTEGC8X3fJeMzZUNMvnyN/FXzzus
020o29gu59esEfGHEsvAupC3IQKBgQDGMqGLgrU4oW/5mmm4BZlwwkZJNMmFH49u
Qe4Ylj87SQduExJMmTfrmANqQXu7RXG0IxLcvhwMLVCCYAkvuBv1awsbg2yfP1Pn
Wb/K+5CaHaxnpwSpRiGaN6fnAPDl8PnALMVXtQGru2MMcISxOIFQ9slHth0lmaMo
odIPIL1YnQKBgAOSskUEhn5zD3NorWXujY7blabTY2VirOYWBFz6iTGeZpuJeBaw
ed6h5DvUn0m5gXAz2EsqNYMEQP9w6HKRKPzdd+LHhHaVze5xsIatUNhaIhECi1mx
Un2E1Yp+xLyyN3lDPVdeGHWPkeCmOyNy7JYXNpOFiVr5axuarC/4e+FBAoGAeuRR
/mshaufOwnnYK15tcdlEM4gjnAOhr7/5ng0rT9tMXBg/NHeckNxE4dGQouHASu2k
eHL4eSRv0ycxCwGhdF7XGEw5QdTGdaDUp0ussaLMj8ijv0HY/AKefUG8HRd6BIq+
Ik/9pTofhEsQO8LJjCY5T9m/4NyOqlcMJI0sWpECgYBvPLnutbBXYONVAE3jL05K
hWwenKpv5Aaa11ahqzhil2Tj+VOMtmvhsSc5loSG83qp5LtN4LxyR0Vn9AGN7Z+d
Ut6LHeZ/DMW3/RPT+1MIKm6WLNxgk5YvuCxprdpfE5tTmV9/t+t3Uao7TRsLPl2o
qAKz8Fvq0el5RW3EtAgd4A==
-----END PRIVATE KEY-----

28
tests/certs/TSA.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUfRjXKciCGA4XbhbhxbAwfpcLGmowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0yODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAor220wp2zqj6Fe1VT/yic4LJcfMn1/ZWhsE7L86krULRvI+N
JY0fOVg/24MtyOXbnm7nYOyYTlR9n2kqm4fEgsz+GDQxXLHgyLh3aF4ueDzoFt0v
8G3vJfD+4N27XAYJ5V4f4s4VJRDIm0P/BvFGY9J/zICjC83F3OLdnkOD88O8QD6q
FwWdtBYNqxQX1LAwy3ORe5aTubdVkHV02JhdKAC/xy5nfhynuV4KfYyel2nHrI1i
54UXWdOrlD/XIKPiXpuEGcXhYTrTHigH+yR9ybs9hotGvuHTEjcxEuJvEQJX+qV4
eJAIexITDW/yK+maWPLijO3bZ9/JodX+fRCnPQIDAQABo4IBiDCCAYQwDAYDVR0T
AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUKWCqogni
6SseJ/P6LXo0M2cK++QwHwYDVR0jBBgwFoAU/5nNuG4Tm4v2y9uKf428/4fVQesw
gYQGCCsGAQUFBwEBBHgwdjA5BggrBgEFBQcwAoYtaHR0cDovL1RTQUNBLnRpbWVz
dGFtcGF1dGhvcml0eS5jb20vVFNBQ0EuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5UU0FDQS50aW1lc3RhbXBhdXRob3JpdHkuY29tOjkwODAwPgYDVR0fBDcw
NTAzoDGgL4YtaHR0cDovL1RTQUNBLnRpbWVzdGFtcGF1dGhvcml0eS5jb20vVFNB
Q0EuY3JsMFUGA1UdHgROMEygGDAKggh0ZXN0LmNvbTAKggh0ZXN0Lm9yZ6EwMAqH
CAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQB4YXa5nVWUzWSsUDMfYFTEETOe8boUErwfrDNBuj6z
B5en20FhI49i6PCYEfNq3vrAtPOEFJj+KPomN3C46VLxbUEvqWLdq6EyzWvVVmXK
VLeC0qV0m6CFM8GplaWzZdfFTQaaLUhgY08ZU2gp4QsoS2YjAosxlZrNSm6pBbv3
q+Og1KeSK8gKS0V89k+6e3LOEF6KaNWKSkoz5xDniQY//mTjiDcNmYUh0KhHfhdU
eO92M82uJSaDqnRs5HsWPs6z6qdfpuvj++OtQ1VCM2p5SEH2sEomdeN3YYChuG4h
yzn0mYAdbTyGJHlFm17AH+SQRbVqCKYdHDaqsMb+fWzi
-----END CERTIFICATE-----

22
tests/certs/TSACA.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDkDCCAnigAwIBAgIUJ0nfE+EVsIThltlY2LHVWMJVIq4wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0yNjExMTAwMDAwMDBaMGAxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOTX1f9dmtUiyzlsUInRIGfRMya338SVx
vYGeOwdpTSSGlYUVwR9AuFewQF5+klelstCJe+SoUG0AdzS30mRWlQrhip4UdvdW
T2gkNKbSn6DQzlWoQej9izqRLxAsbuszgkvnLOBEmPaLimDsCgu0bAN95Hp0Hls9
O/fVmzh8VuV4iscxc7q13ZB7CylWgwd55CFEGd/jpJ6kMwSHbOLoBWp4GQ3KxR+c
ASAo0FapU2WSZB2EYWszRiyq91X+AvIYN4ypTv7RccgfUvnZ2qFykJAkf/wgkynu
Qg7rCUNfUEpDc7jlqtDWR7iLrtHBkA17C3IU8ymmKQYWfw3ZyBwvAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP+ZzbhuE5uL9svbin+NvP+H1UHr
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbj3aFwIUxvzwgywO
gj01JM8GNbw1E4MGdkaNI8rgeY8ay15ZXhR9NpRWWb6Y7IXPq5XhuEktVte5Z4Kf
XLBrr7Xe9VVqJL9zd1tMzOEM/zG77rZf/iXBTZLkCtQc/GOEY4TTWKNEl5hiWVE0
po97GX5XHoeyHlWQ75sd9z6MxFxmvdp9/uyYD700e9sd5gcD8LGvHw2DNy8vntYV
ia9h95N9i1umffxU460o8W5GoIcsD13B3YftvnWhGSXqovBRFgcPAQZ4eW9Qh/zA
4zQBQrRvmREPihXVdgtWVpbRchP99oSZBrYr7Hh/P69rycklquqxJl1ol1wbT6dK
S5Gmng==
-----END CERTIFICATE-----

47
tests/certs/ca-bundle.crt Normal file
View File

@ -0,0 +1,47 @@
# Certum Trusted Network CA
-----BEGIN CERTIFICATE-----
MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
-----END CERTIFICATE-----
# DigiCert Assured ID Root CA
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-----END CERTIFICATE-----

BIN
tests/certs/cert.der Normal file
View File

Binary file not shown.

BIN
tests/certs/cert.p12 Normal file
View File

Binary file not shown.

46
tests/certs/cert.pem Normal file
View File

@ -0,0 +1,46 @@
-----BEGIN CERTIFICATE-----
MIID7jCCAtagAwIBAgIUdLInHjkevRVCr7I78r5++6eSrZ0wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0yNDEyMzEwMDAwMDBaMIGdMQswCQYDVQQG
EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEUMBIGA1UEAwwL
Q2VydGlmaWNhdGUxJzAlBgkqhkiG9w0BCQEWGG9zc2xzaWduY29kZUBleGFtcGxl
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJLJ3Vty2lgJw+5
ouAV4ZqkIwvfWPcE7zD1CfQIL2802jVuCSTkN9cfFVYMKFEPJxQWJAKoCzr/Ux8z
Yt9BXO5o39+z7umLKmc6pfrZJ6kG4msrMjZv36LsCQyfjUc1O9H1aiOQEvRQY2pF
2v5dfqRMrAqH1ESQHCggUBjElWj9oMFax8jyO7JxTzuttOb6mhDmqz4q2u4LwZGH
lBofgOAB54Mlv41x7dDh85i/jayXuYYmsjRwCuBAn14+D2zImyPDx5UaUJJMzujo
QriOZ4KU2dHRgy0+vd7ZbrL1kRY1axyNQ+jBk7UHnlZZ2CCkhBoZIM6ez3ljPwgr
cpg0RtcCAwEAAaNiMGAwCQYDVR0TBAIwADAdBgNVHQ4EFgQUBxPEs09WXDxGqb+D
WTFgcUQd0AEwHwYDVR0jBBgwFoAUngWsC1vhQH9qDvTZRE+KJ33vOIswEwYDVR0l
BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAKK2e1s1puUFbNjglopi
mKZ4Pks2zb6LVUGG6Q4XQ1dWe25ovt68jWv56HFyCMI1N+L8q0+Ku2eOfLObS7Ej
FFRUWEIXDgipryDTGzoWRM380fuYpL/j7Rt1/xmIHWTFibf/6gK/naRXsFH3dEbb
7DDWQ5pAd2d60dB+ThUEIZQTQd/926Kuk5oESvP08fXMYTuiYARypG1gmiuvxQ9N
mDJP6CHxyJR/LB4tb0RAqnLkVsXVBDnRYWdEvkuhoqTtbhVzVbL3mPeEmVYypxxd
NdrHpU5zmxFSin2T3F0TneNcT+MDV+dQcWyTGNYs/fnmo85LsiakJixGv1qx8PTs
8iE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/cert.spc Normal file
View File

Binary file not shown.

23
tests/certs/crosscert.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIUGjZdQYlcAtlqZOsQ7eWRimQ9PIcwDQYJKoZIhvcNAQEL
BQAwbzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEMMAoGA1UE
CwwDQ1NQMRIwEAYDVQQDDAljcm9zc2NlcnQxJzAlBgkqhkiG9w0BCQEWGG9zc2xz
aWduY29kZUBleGFtcGxlLmNvbTAeFw0xODAxMDEwMDAwMDBaFw0yMDA2MTkwMDAw
MDBaMG8xCzAJBgNVBAYTAlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNV
BAsMA0NTUDESMBAGA1UEAwwJY3Jvc3NjZXJ0MScwJQYJKoZIhvcNAQkBFhhvc3Ns
c2lnbmNvZGVAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDJU6WNMOEoErLYb5Qc7jsvVgruPM7DJTZ4vUpJNYAyprSDHciaKSa4SiYS
84Mxc6tzBoJvKOAwpxzzONOqPVWUd5J244urgvfHgSGWsbA8bakiIYlETopnecFk
B3ZELR33CPqIbpYYMYujhPGFa1xxZxFykJ1iBhZ8Gh3W4wHi/2kW6hTQkihMtUPP
Xxc2XWACj/tz22OSdgNZcIfhXiy2HOuPch+0UlDR4UmlJIR5aet1y832hHoeeevo
qfhfGOm9rRf9nyxKDwTyaN7JVOb7A1k6KJEJoe1zfIwT56mgoA433iUWFMLB6hKU
be3zV1vGjk77Kk7atcvEMTRq+rwHAgMBAAGjYjBgMAkGA1UdEwQCMAAwHQYDVR0O
BBYEFEXgglEcDh+8oCCvjlxrN/Y7C4YwMB8GA1UdIwQYMBaAFEXgglEcDh+8oCCv
jlxrN/Y7C4YwMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IB
AQBo8UqUEjxGQCVU/IgphwKA8Rb/uAyBYm+AjqFDs82lA6ze0n08Bj+eciVkxscA
0deivOC1sDD88QkLzSQ9CPk4e7+m7nx5SFUnUWY+o3ln+cTbGSM0jW9hme0LtHXX
QxDSKDBhQonRQk7lQ+TwFR7ol+y5SdZy7YQ+v/25qO6MMQgSPykJIa4vF7lwrYhu
qL+1MJx/ryTbCUExcKNNkWHZJRc9ZvtdWEHYpBSZl5xmJdKMLnHAu5uv8N2pezzp
PfujldZky7bnERaTM+bf/LvKXS8RfQGrCLu9QjgPVa6ysZV6gXTsEtwYh64vucjS
s7IhdLxfiT0xYkK4JWrRLc38
-----END CERTIFICATE-----

45
tests/certs/expired.pem Normal file
View File

@ -0,0 +1,45 @@
-----BEGIN CERTIFICATE-----
MIID6jCCAtKgAwIBAgIUdtBZJAw8/6JVNMiQpN3PEROI8rowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMIGZMQswCQYDVQQG
EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UEAwwH
RXhwaXJlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsksndW3LaWAnD7mi4BXh
mqQjC99Y9wTvMPUJ9AgvbzTaNW4JJOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi30Fc
7mjf37Pu6YsqZzql+tknqQbiaysyNm/fouwJDJ+NRzU70fVqI5AS9FBjakXa/l1+
pEysCofURJAcKCBQGMSVaP2gwVrHyPI7snFPO6205vqaEOarPira7gvBkYeUGh+A
4AHngyW/jXHt0OHzmL+NrJe5hiayNHAK4ECfXj4PbMibI8PHlRpQkkzO6OhCuI5n
gpTZ0dGDLT693tlusvWRFjVrHI1D6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCtymDRG
1wIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQHE8SzT1ZcPEapv4NZMWBx
RB3QATAfBgNVHSMEGDAWgBSeBawLW+FAf2oO9NlET4onfe84izATBgNVHSUEDDAK
BggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAX1Ar7jRAXdcA0Wu37yRi58QN
hpa1VLXadqfB+i5Y4e3DzqnMbpkLWsFzreC1AG0RjLe52s4PRUE6boGlpUeAyfFC
Qu2Gl/REVWwMCYV8bq3vQZkYQjklAXCQLWFk5TrzuDmBcV8+fY518nWw+xmcYwW5
5oehLsvB4nxoBzlHgcdDwS5b2dmpCKCbZFLU9aA9DjAVvY/9B8emyj7Sh2sEK0Yf
xwHlATTVq5O0/9tvVZQmYsbpS0iCRGBM+spTEhDT4WGsaRO6wP+Ucgp6Ym3ahMvz
tHME3uUanKWVoDb69sguGZ6KlnZZZdIX1AJ3dlTXCrzEO9xsoAzqzsxVJGrraQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

22
tests/certs/intermediate.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/key.der Normal file
View File

Binary file not shown.

27
tests/certs/key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsksndW3LaWAnD7mi4BXhmqQjC99Y9wTvMPUJ9AgvbzTaNW4J
JOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi30Fc7mjf37Pu6YsqZzql+tknqQbiaysy
Nm/fouwJDJ+NRzU70fVqI5AS9FBjakXa/l1+pEysCofURJAcKCBQGMSVaP2gwVrH
yPI7snFPO6205vqaEOarPira7gvBkYeUGh+A4AHngyW/jXHt0OHzmL+NrJe5hiay
NHAK4ECfXj4PbMibI8PHlRpQkkzO6OhCuI5ngpTZ0dGDLT693tlusvWRFjVrHI1D
6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCtymDRG1wIDAQABAoIBACR/jgxT9ZgUvupR
Li6BTDXD9AiyKBwpPm3fO7JhGpTBVQorBGQw891t14hN5NLzLyTFg4mnrOTe770r
X8okL0n+3hWFWBsnCf8n2mKHob7QUfluVlEehcFsYE3dO6agFybb/mZZUAgDjNZs
hnAb45juuSlOtP10Is90DfGEDLH5IeY1xjzc7Qv/CFxCffIAC8QmQYUTihJ2m5aE
7Hvs79oEcSvbRJDYbykzrJ0eeIaEvfOxkWJnnJHrhiONzb8qgj3DLiZdX1qeo1Ao
ldNxEG9n3Axd6M0nhajz0qbDV11S8YiKfP10XRQh5xv7lZi7MjvrRxFTFYpSrXwi
YYyFNoECgYEA6YnIYg1nIe3qaI3Me1RQQTGRl8M/dQc2d98Pz5mez9vN3TIW6nEs
QYw/9OKG1ercbD+YnuaV+1izuAcA3mNlSDReTtzInAotJjTH1V3WYqvBTVUZSb6T
5qSBfRDC3AULFvHeX5c5wqgfB3U9KLDfVBfaHnMerg6dAGsYZPhPMrkCgYEAw3Eg
5BRTzbqG0WXF25rycTeHCcylMZRjI+TVcIa8AGqNSCK4HgAWp89XPIV3WceVqe2R
Lyn1jtA2MgGGcMBDFlOWF+h9j2/j27Z+pyIbBF9LAraJuBOG6dezd50y5Ur6HK/f
e5lnjvElIYdz+RX+rmw8NFcIUbSAfE7rGinDvg8CgYBDx86VzsgJC/FFySn4/X6R
fV6BSpTHVYGUhvQiz7ZNI8F7GoeWIaSznY4OeBSkT5cL/+U+8TPEkHkQx0+UPArw
Suq4PtImn7l85kK9hY+scacX18QQKDTq8wH2F4BGtVwDm81rtwt3mK3wzzEh9zvK
P2X6AnV8FReyQGMDIyJxWQKBgD6nu9WitqMTkzj6GY4nhGXLWV1I4ASe/5F4QPzM
FOVFQ3nGt6PWf2zYyay7VOHRXCeX451tJC3ejiFF3+WxnVBBB7Muc2JSiofbX4sR
Ifwq2I9MGaaLjArXfc9w8+oSOVCNCWZEbbCjmjW/iOxnorgkNsDIzf/zj+VKH5DJ
ptj9AoGAUpB6nPES3Nnj8DsbpHCnShYMl/rFxzxg2pJJosXzuS/ttuBT2DlT5eiY
aZcL1DGSp2CD4QXbVuDHPkQMPzVfZzKAuCZlotEMR9byK46aYIkQueym45e0PGZP
djKZm+cxF+W55jBkBBhV6wSOLNRWCUYiIIq3RmwWjkopNvSlwY4=
-----END RSA PRIVATE KEY-----

BIN
tests/certs/key.pvk Normal file
View File

Binary file not shown.

30
tests/certs/keyp.pem Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,6DB255395263EDD5
A83CH4mv7u89RbT8Tpz4gxImKGBw69Zr3LstRXlliGYobby5YBx/YimkA9wFCZK/
B1eitWwy0F6axDZQYHKi+yvUJDPB9arXtClvYknMhwrHV1GHLSYeqb9oZJeqNyDZ
Qd3lxTbUtkMVJgJNrl2kOezm6/srnAw4uA7NyAvrs2vEzB48q4VlysrJq+f9mLXj
vCmrfUwY999lSifRmoxqeWlqNUQ2tgHHXYMNagpvxYXsfe1UvEH9aa6+UsO9S0py
7dyfSu95QpWyVNqkWi1VAtNbo2VpjJ6NJLAk+dy/rNqN3a4KnWeIzkYssWTsKB08
VyHrRLePPx5qdarsczZtf+M2PxhHHnl/09+Nrp5BUcMV31j3v3VSM0K+CHEucAk7
95rUtSUNywKUQeSgXrG1eLX7kXwRQ7PPCz3sPtvmJRIvQlGgLiTbKPsG52m3kAIw
zgXPcH2lYb3855occznl72jMUucxXq8gq0bC4xbEg/yJV8p1IuUEFhLGI9s9T4JV
cO9NKwmSjpHFo1ULhB7o6uMmV2rYDK+5GbQHxZgHj3ES+i53eFMWGubPEEOmqSh3
9K7gtW9y971tNfhp9ba8RnYXT6xW2nMTM4koO9b4ptdwRo5bMKFvWY8eecXfsDAG
OJ+aXkDr8jsn1Xauq1m4TM71wn2wUx95KaCpL55UNBEn7aH9qlNFfxdyzXMPYS36
zgWK44BV3PTSIGgW61NVwHwzi3bFfymortVxGpelzy2dggWVvI3uzKocLFQ8f4oe
Y0HWSmGVPF3uFHNCZtCB/Tpbz6YwP/YYStqAcryeS5Yo9Hdkh8pBVnYiKdTFEUW2
RbClgeB2MV+zttsqvmodfkviS4BjWgoIV5szxWOePnO8kQAHA/Ml3CyDPOX6rqI5
lDKiUojEMLgir/3YWWcmigEIgRsyF3CL1s+kTR3S8e9QRe8RiliRUKW5gXrLEa6j
eUjs4kgCrvmQvwyZYJjWl+r7ycmk+yB/EZs8P39KRR/pfeZDUCZIOx8vkJBt57hC
oTNJ5llFzRcmEraElXmDOAuvmj3Lx/4qzY545rtzll3mFHJEX4qITslIX1ksZz1p
DncuqgIECzmZIeHPbnw7Nkv6EkoPzTOlccqnCH/SumFr2fhctv9x13gGcO4kSsqO
63yZCFHjMz/mos3l51aIAizj5wQO3BOo+RyKoSQohvPzVtSgjhYMZsAPzXKxF0/H
9VH0DekEb1WwPSbGZw8kpx9ePlglGqOBinTL6QW8YmFPbjy9RDd1di+fxh4Qe024
8gERZpdSsMoZ+NP0nr/TSbDISFPqcLzzMpC+V8Fc/QkNvSkR1GLlNQrxLoyfK0VX
0evysXDxqIWK9+TH7hIS1lf3i2gMkLMppMso1v2Cqf0zRj1oM3MI743QE9XTXKRz
iAwaEDDPZWS/00T9fqNrHgtSPNpsbeYZQPYaC2lq1kTIEOlUfZZvMy5lxVPVZ8y2
foit+0DewZsqLDJwbjZ3wYMERVEY7KagoInQa3A1ZC9SkFiCb4fNEbRF13gfjrSz
muRbKAhEhkzJDFRocIaTKZPIWdvC73tAW66v1Zha74mxuckgnQPPqQ==
-----END RSA PRIVATE KEY-----

218
tests/certs/makecerts.sh
View File

@ -1,218 +0,0 @@
#!/bin/sh
result=0
test_result() {
if test "$1" -eq 0
then
printf "Succeeded\n" >> "makecerts.log"
else
printf "Failed\n" >> "makecerts.log"
fi
}
make_certs() {
password=passme
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
mkdir "tmp/"
# OpenSSL settings
CONF="${script_path}/openssl_intermediate.cnf"
TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
if test -n "$1"
then
OPENSSL="$1/bin/openssl"
LD_LIBRARY_PATH="$1/lib"
else
OPENSSL=openssl
fi
mkdir "demoCA/" 2>> "makecerts.log" 1>&2
touch "demoCA/index.txt"
touch "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
date > "makecerts.log"
$OPENSSL version 2>> "makecerts.log" 1>&2
echo -n "$password" > "password.txt"
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/CA.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssl_root.cnf"
$OPENSSL req -config $CONF -new -x509 -days 3600 -key demoCA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \
2>> "makecerts.log" 1>&2'
test_result $?
printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/intermediate.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssl_intermediate.cnf"
$OPENSSL req -config $CONF -new -key demoCA/intermediate.key -out demoCA/intermediate.csr \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \
2>> "makecerts.log" 1>&2'
test_result $?
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssl_root.cnf"
$OPENSSL ca -config $CONF -batch -in demoCA/intermediate.csr -out demoCA/intermediate.cer \
2>> "makecerts.log" 1>&2'
test_result $?
$OPENSSL x509 -in demoCA/intermediate.cer -out tmp/intermediate.pem \
2>> "makecerts.log" 1>&2
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
$OPENSSL genrsa -des3 -out demoCA/private.key -passout pass:$password \
2>> "makecerts.log" 1>&2
test_result $?
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
$OPENSSL rsa -in demoCA/private.key -passin pass:$password -out tmp/key.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/revoked.csr \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
$OPENSSL ca -config $CONF -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
2>> "makecerts.log" 1>&2
$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
2>> "makecerts.log" 1>&2
printf "\nRevoke above certificate\n" >> "makecerts.log"
$OPENSSL ca -config $CONF -revoke demoCA/1001.pem \
2>> "makecerts.log" 1>&2
printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/revoked.pem
printf "\nGenerate CRL file\n" >> "makecerts.log"
TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssl_intermediate.cnf"
$OPENSSL ca -config $CONF -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
2>> "makecerts.log" 1>&2'
printf "\nConvert revoked certificate to SPC format\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -in tmp/CACertCRL.pem -certfile tmp/revoked.pem -outform DER -out tmp/revoked.spc \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
$OPENSSL genrsa -out demoCA/cross.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL=openssl
CONF="${script_path}/openssl_intermediate.cnf"
$OPENSSL req -config $CONF -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2'
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -batch -in demoCA/cert.csr -out demoCA/cert.cer \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL x509 -in demoCA/cert.cer -out tmp/cert.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the key to DER format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:$password \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the key to PVK format\n" >> "makecerts.log"
$OPENSSL rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
$OPENSSL x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/cert.pem
printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
$OPENSSL crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
$OPENSSL pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:$password \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate expired certificate\n" >> "makecerts.log"
$OPENSSL req -config $CONF -new -key demoCA/private.key -passin pass:$password -out demoCA/expired.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL ca -config $CONF -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
2>> "makecerts.log" 1>&2
test_result $?
$OPENSSL x509 -in demoCA/expired.cer -out tmp/expired.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/expired.pem
# copy new files
if test -s tmp/intermediate.pem -a -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \
-a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \
-a -s tmp/cert.pem -a -s tmp/cert.p12 -a -s tmp/cert.der -a -s tmp/cert.spc \
-a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc
then
cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated"
printf "%s\n" "makecerts.sh finished"
rm -f "makecerts.log"
else
printf "%s\n" "makecerts.sh failed"
printf "%s\n" "error logs ${result_path}/makecerts.log"
result=1
fi
# remove the working directory
rm -rf "demoCA/"
rm -rf "tmp/"
# restore settings
LD_LIBRARY_PATH=$TEMP_LD_LIBRARY_PATH
exit $result
}
# Tests requirement
if test -n "$(command -v faketime)"
then
make_certs $1
result=$?
else
printf "%s\n" "faketime not found in \$PATH"
printf "%s\n" "tests skipped, please install faketime package"
result=1
fi
exit $result

61
tests/certs/openssltest.cnf
View File

@ -1,61 +0,0 @@
# OpenSSL root CA configuration file
[ ca ]
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
crl_extensions = crl_ext
default_md = sha256
preserve = no
policy = policy_match
x509_extensions = usr_cert
private_key = $dir/demoCA/CA.key
certificate = $dir/tmp/CACert.pem
default_startdate = 180101000000Z
default_enddate = 210101000000Z
[ req ]
encrypt_key = no
default_bits = 2048
default_md = sha256
string_mask = utf8only
x509_extensions = ca_extensions
distinguished_name = req_distinguished_name
[ crl_ext ]
authorityKeyIdentifier = keyid:always
[ usr_cert ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ ca_extensions ]
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ policy_match ]
countryName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address

1
tests/certs/password.txt Normal file
View File

@ -0,0 +1 @@
passme

45
tests/certs/revoked.pem Normal file
View File

@ -0,0 +1,45 @@
-----BEGIN CERTIFICATE-----
MIIDvTCCAqWgAwIBAgIUOpY5wp7DtqsdxII7sxculedk0PYwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0yNDEyMzEwMDAwMDBaMG0xCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UE
AwwHUmV2b2tlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsksndW3LaWAnD7mi
4BXhmqQjC99Y9wTvMPUJ9AgvbzTaNW4JJOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi
30Fc7mjf37Pu6YsqZzql+tknqQbiaysyNm/fouwJDJ+NRzU70fVqI5AS9FBjakXa
/l1+pEysCofURJAcKCBQGMSVaP2gwVrHyPI7snFPO6205vqaEOarPira7gvBkYeU
Gh+A4AHngyW/jXHt0OHzmL+NrJe5hiayNHAK4ECfXj4PbMibI8PHlRpQkkzO6OhC
uI5ngpTZ0dGDLT693tlusvWRFjVrHI1D6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCty
mDRG1wIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQHE8SzT1ZcPEapv4NZ
MWBxRB3QATAfBgNVHSMEGDAWgBSeBawLW+FAf2oO9NlET4onfe84izATBgNVHSUE
DDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAYVJiPrkACW/tK487fYS/
gYzU3fYVCTfHpAv3njarNzy8UBNqBYr0kDg0DLoOWqGV7ogTtlbQP4IIjAQI/kW6
cEreW8yU5VxO+kxDo+7oG9VEbR85i6kQW2ubJsXV6yBtf5aAbXEqImYrtjh7UObb
BbQiUI1ll2dXWqvZGxr3Fz1uz8nPMYlBpVjpCh6JF8otdWwABmxRnqUvoLO6BZbH
/gdUkouXfio9BlWkWaJXJGXMW8B7ozpjuCHSHyfvGKDA3YIfa7++A1BIKxW72jIF
jRJDw/rwnV59tiEcBWmp2T6vV+rD8yaS+LotRPYD/ck/jEj/mV+N077KLmuZpdJF
ag==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/revoked.spc Normal file
View File

Binary file not shown.

50
tests/certs/tsa-chain.pem Normal file
View File

@ -0,0 +1,50 @@
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUfRjXKciCGA4XbhbhxbAwfpcLGmowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0yODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAor220wp2zqj6Fe1VT/yic4LJcfMn1/ZWhsE7L86krULRvI+N
JY0fOVg/24MtyOXbnm7nYOyYTlR9n2kqm4fEgsz+GDQxXLHgyLh3aF4ueDzoFt0v
8G3vJfD+4N27XAYJ5V4f4s4VJRDIm0P/BvFGY9J/zICjC83F3OLdnkOD88O8QD6q
FwWdtBYNqxQX1LAwy3ORe5aTubdVkHV02JhdKAC/xy5nfhynuV4KfYyel2nHrI1i
54UXWdOrlD/XIKPiXpuEGcXhYTrTHigH+yR9ybs9hotGvuHTEjcxEuJvEQJX+qV4
eJAIexITDW/yK+maWPLijO3bZ9/JodX+fRCnPQIDAQABo4IBiDCCAYQwDAYDVR0T
AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUKWCqogni
6SseJ/P6LXo0M2cK++QwHwYDVR0jBBgwFoAU/5nNuG4Tm4v2y9uKf428/4fVQesw
gYQGCCsGAQUFBwEBBHgwdjA5BggrBgEFBQcwAoYtaHR0cDovL1RTQUNBLnRpbWVz
dGFtcGF1dGhvcml0eS5jb20vVFNBQ0EuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5UU0FDQS50aW1lc3RhbXBhdXRob3JpdHkuY29tOjkwODAwPgYDVR0fBDcw
NTAzoDGgL4YtaHR0cDovL1RTQUNBLnRpbWVzdGFtcGF1dGhvcml0eS5jb20vVFNB
Q0EuY3JsMFUGA1UdHgROMEygGDAKggh0ZXN0LmNvbTAKggh0ZXN0Lm9yZ6EwMAqH
CAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQB4YXa5nVWUzWSsUDMfYFTEETOe8boUErwfrDNBuj6z
B5en20FhI49i6PCYEfNq3vrAtPOEFJj+KPomN3C46VLxbUEvqWLdq6EyzWvVVmXK
VLeC0qV0m6CFM8GplaWzZdfFTQaaLUhgY08ZU2gp4QsoS2YjAosxlZrNSm6pBbv3
q+Og1KeSK8gKS0V89k+6e3LOEF6KaNWKSkoz5xDniQY//mTjiDcNmYUh0KhHfhdU
eO92M82uJSaDqnRs5HsWPs6z6qdfpuvj++OtQ1VCM2p5SEH2sEomdeN3YYChuG4h
yzn0mYAdbTyGJHlFm17AH+SQRbVqCKYdHDaqsMb+fWzi
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDkDCCAnigAwIBAgIUJ0nfE+EVsIThltlY2LHVWMJVIq4wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0yNjExMTAwMDAwMDBaMGAxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOTX1f9dmtUiyzlsUInRIGfRMya338SVx
vYGeOwdpTSSGlYUVwR9AuFewQF5+klelstCJe+SoUG0AdzS30mRWlQrhip4UdvdW
T2gkNKbSn6DQzlWoQej9izqRLxAsbuszgkvnLOBEmPaLimDsCgu0bAN95Hp0Hls9
O/fVmzh8VuV4iscxc7q13ZB7CylWgwd55CFEGd/jpJ6kMwSHbOLoBWp4GQ3KxR+c
ASAo0FapU2WSZB2EYWszRiyq91X+AvIYN4ypTv7RccgfUvnZ2qFykJAkf/wgkynu
Qg7rCUNfUEpDc7jlqtDWR7iLrtHBkA17C3IU8ymmKQYWfw3ZyBwvAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP+ZzbhuE5uL9svbin+NvP+H1UHr
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbj3aFwIUxvzwgywO
gj01JM8GNbw1E4MGdkaNI8rgeY8ay15ZXhR9NpRWWb6Y7IXPq5XhuEktVte5Z4Kf
XLBrr7Xe9VVqJL9zd1tMzOEM/zG77rZf/iXBTZLkCtQc/GOEY4TTWKNEl5hiWVE0
po97GX5XHoeyHlWQ75sd9z6MxFxmvdp9/uyYD700e9sd5gcD8LGvHw2DNy8vntYV
ia9h95N9i1umffxU460o8W5GoIcsD13B3YftvnWhGSXqovBRFgcPAQZ4eW9Qh/zA
4zQBQrRvmREPihXVdgtWVpbRchP99oSZBrYr7Hh/P69rycklquqxJl1ol1wbT6dK
S5Gmng==
-----END CERTIFICATE-----

260
tests/conf/makecerts.sh Executable file
View File

@ -0,0 +1,260 @@
#!/bin/sh
result=0
test_result() {
if test "$1" -eq 0
then
printf "Succeeded\n" >> "makecerts.log"
else
printf "Failed\n" >> "makecerts.log"
fi
}
make_certs() {
password=passme
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
cd "${result_path}"
mkdir "tmp/"
rm -rf "../certs"
# OpenSSL settings
CONF="${script_path}/openssl_intermediate.cnf"
if test -n "$1"
then
OPENSSL="$1/bin/openssl"
export LD_LIBRARY_PATH="$1/lib:$1/lib64"
else
OPENSSL=openssl
fi
mkdir "CA/" 2>> "makecerts.log" 1>&2
touch "CA/index.txt"
echo -n "unique_subject = no" > "CA/index.txt.attr"
$OPENSSL rand -hex 16 > "CA/serial"
$OPENSSL rand -hex 16 > "tsa-serial"
echo 1001 > "CA/crlnumber"
date > "makecerts.log"
"$OPENSSL" version 2>> "makecerts.log" 1>&2
echo -n "$password" > tmp/password.txt
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out CA/CA.key \
2>> "makecerts.log" 1>&2
test_result $?
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_root.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out CA/intermediate.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_intermediate.cnf"
"$OPENSSL" req -config "$CONF" -new -key CA/intermediate.key -out CA/intermediate.csr \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_root.cnf"
"$OPENSSL" ca -config "$CONF" -batch -in CA/intermediate.csr -out CA/intermediate.cer \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
"$OPENSSL" x509 -in CA/intermediate.cer -out tmp/intermediate.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
"$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \
2>> "makecerts.log" 1>&2
test_result $?
cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
test_result $?
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
"$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nRevoke above certificate\n" >> "makecerts.log"
"$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/revoked.pem 2>> "makecerts.log"
test_result $?
printf "\nGenerate CRL file\n" >> "makecerts.log"
TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_intermediate.cnf"
"$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nConvert revoked certificate to SPC format\n" >> "makecerts.log"
"$OPENSSL" crl2pkcs7 -in tmp/CACertCRL.pem -certfile tmp/revoked.pem -outform DER -out tmp/revoked.spc \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out CA/cross.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_intermediate.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 900 -key CA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the key to DER format\n" >> "makecerts.log"
"$OPENSSL" rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:"$password" \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the key to PVK format\n" >> "makecerts.log"
"$OPENSSL" rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
"$OPENSSL" x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/cert.pem 2>> "makecerts.log"
test_result $?
printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
"$OPENSSL" crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nConvert the certificate and the key into a PKCS#12 container\n" >> "makecerts.log"
"$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:"$password" \
-keypbe aes-256-cbc -certpbe aes-256-cbc \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate expired certificate\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log"
cat tmp/intermediate.pem >> tmp/expired.pem 2>> "makecerts.log"
test_result $?
printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out CA/TSACA.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_tsa_root.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/TSACA.key -out tmp/TSACA.pem \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate TSA certificate\n" >> "makecerts.log"
CONF="${script_path}/openssl_tsa.cnf"
"$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \
2>> "makecerts.log" 1>&2
test_result $?
CONF="${script_path}/openssl_tsa_root.cnf"
"$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log"
cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log"
# copy new files
if test -s tmp/intermediate.pem -a -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \
-a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \
-a -s tmp/cert.pem -a -s tmp/cert.p12 -a -s tmp/cert.der -a -s tmp/cert.spc \
-a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc \
-a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem
then
mkdir "../certs"
cp tmp/* ../certs
printf "%s" "keys & certificates successfully generated"
else
printf "%s" "error logs ${result_path}/makecerts.log"
result=1
fi
# remove the working directory
rm -rf "CA/"
rm -rf "tmp/"
exit "$result"
}
# Tests requirement
if test -n "$(command -v faketime)"
then
make_certs "$1"
result=$?
else
printf "%s" "faketime not found in \$PATH, please install faketime package"
result=1
fi
exit "$result"

29
tests/certs/openssl_intermediate.cnf → tests/conf/openssl_intermediate.cnf
View File

@ -1,24 +1,29 @@
# OpenSSL intermediate CA configuration file
[ ca ]
[ default ]
name = intermediate
default_ca = CA_default
[ CA_default ]
# Directory and file locations
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
private_key = $dir/demoCA/intermediate.key
certificate = $dir/tmp/intermediate.pem
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
rand_serial = yes
private_key = $dir/CA/$name.key
certificate = $dir/tmp/$name.pem
crl_extensions = crl_ext
default_md = sha256
preserve = no
policy = policy_loose
default_startdate = 180101000000Z
default_enddate = 210101000000Z
default_enddate = 241231000000Z
x509_extensions = v3_req
email_in_dn = yes
default_days = 2200
[ req ]
# Options for the `req` tool
@ -40,6 +45,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.

16
tests/certs/openssl_root.cnf → tests/conf/openssl_root.cnf
View File

@ -6,12 +6,13 @@ default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
private_key = $dir/demoCA/CA.key
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
rand_serial = yes
private_key = $dir/CA/CA.key
certificate = $dir/tmp/CACert.pem
crl_extensions = crl_ext
default_md = sha256
@ -20,6 +21,9 @@ policy = policy_match
default_startdate = 180101000000Z
default_enddate = 260101000000Z
x509_extensions = v3_intermediate_ca
email_in_dn = yes
default_days = 3000
unique_subject = no
[ req ]
# Options for the `req` tool

46
tests/conf/openssl_tsa.cnf Normal file
View File

@ -0,0 +1,46 @@
# OpenSSL Timestamp Authority configuration file
oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ req ]
# Options for the `req` tool
default_bits = 2048
encrypt_key = yes
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = ca_distinguished_name
[ ca_distinguished_name ]
countryName = "PL"
organizationName = "osslsigncode"
organizationalUnitName = "Timestamp Authority"
commonName = "Test TSA"
# Time Stamping Authority command "openssl-ts"
[ tsa ]
default_tsa = tsa_config
[ tsa_config ]
dir = ./Testing/certs
signer_cert = $dir/TSA.pem
signer_key = $dir/TSA.key
certs = $dir/tsa-chain.pem
serial = $dir/tsa-serial
default_policy = tsa_policy1
other_policies = tsa_policy2, tsa_policy3
signer_digest = sha256
digests = sha256, sha384, sha512
accuracy = secs:1, millisecs:500, microsecs:100
ordering = yes
tsa_name = yes
ess_cert_id_chain = yes
ess_cert_id_alg = sha256

83
tests/conf/openssl_tsa_root.cnf Normal file
View File

@ -0,0 +1,83 @@
# OpenSSL Root Timestamp Authority configuration file
[ default ]
name = TSACA
domain_suffix = timestampauthority.com
aia_url = http://$name.$domain_suffix/$name.crt
crl_url = http://$name.$domain_suffix/$name.crl
ocsp_url = http://ocsp.$name.$domain_suffix:9080
name_opt = utf8, esc_ctrl, multiline, lname, align
default_ca = CA_default
[ CA_default ]
dir = .
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
crlnumber = $dir/CA/crlnumber
rand_serial = yes
private_key = $dir/CA/$name.key
certificate = $dir/tmp/$name.pem
default_md = sha256
default_days = 3650
default_crl_days = 365
policy = policy_match
default_startdate = 20180101000000Z
default_enddate = 20280101000000Z
unique_subject = no
x509_extensions = tsa_extensions
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ tsa_extensions ]
basicConstraints = critical, CA:false
extendedKeyUsage = critical, timeStamping
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = @issuer_info
crlDistributionPoints = @crl_info
nameConstraints = @name_constraints
[ issuer_info ]
caIssuers;URI.0 = $aia_url
OCSP;URI.0 = $ocsp_url
[ crl_info ]
URI.0 = $crl_url
[ name_constraints ]
permitted;DNS.0=test.com
permitted;DNS.1=test.org
excluded;IP.0=0.0.0.0/0.0.0.0
excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0
[ req ]
# Options for the `req` tool
default_bits = 2048
encrypt_key = yes
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = ca_distinguished_name
x509_extensions = ca_extensions
[ ca_distinguished_name ]
countryName = "PL"
organizationName = "osslsigncode"
organizationalUnitName = "Timestamp Authority Root CA"
commonName = "TSA Root CA"
[ ca_extensions ]
# Extension to add when the -x509 option is used
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
keyUsage = critical, keyCertSign, cRLSign

BIN
tests/files/unsigned.cat Executable file
View File

Binary file not shown.

BIN
tests/files/unsigned.ex_ Normal file
View File

Binary file not shown.

BIN
tests/files/unsigned.exe Executable file
View File

Binary file not shown.

BIN
tests/files/unsigned.msi Normal file
View File

Binary file not shown.

56
tests/recipes/01_sign_pem
View File

@ -1,56 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format.
# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="011. Sign a PE file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_011.exe"
verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="012. Sign a CAB file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"
verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi"
verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/02_sign_pass
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="021. Sign a PE file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.exe" -out "test_021.exe"
verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="022. Sign a CAB file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"
verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_023.msi"
verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/03_sign_der
View File

@ -1,59 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the DER format.
# Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="031. Sign a PE file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.exe" -out "test_031.exe"
verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="032. Sign a CAB file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"
verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "sample.msi" -out "test_033.msi"
verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/04_sign_spc_pvk
View File

@ -1,59 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate file in the SPC format
# and the private key file in the Microsoft Private Key (PVK) format.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="041. Sign a PE file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.exe" -out "test_041.exe"
verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"
verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "sample.msi" -out "test_043.msi"
verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

57
tests/recipes/05_sign_pkcs12
View File

@ -1,57 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \
-in "test.exe" -out "test_051.exe"
verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"
verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "sample.msi" -out "test_053.msi"
verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

54
tests/recipes/06_test_sha256sum
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library
res=0
skip=0
test_name="061. Checking SHA256 message digests for 01x-05x tests"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_exe.log"
else
skip=$(($skip+1))
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 3
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

64
tests/recipes/07_sign_timestamp
View File

@ -1,64 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with Authenticode timestamping
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="071. Sign a PE file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2
verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="072. Sign a CAB file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="073. Sign a MSI file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_073.msi"
verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

68
tests/recipes/08_sign_rfc3161
View File

@ -1,68 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by
# a single binary bit, since it was notarized and time-stamped.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="081. Sign a PE file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_081.exe"
verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="082. Sign a CAB file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_082.ex_"
verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="083. Sign a MSI file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_083.msi"
verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

29
tests/recipes/09_sign_page_hashes
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Generate page hashes for a PE file
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="091. Generate page hashes for a PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 -ph \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe"
verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Warning: -ph option is only valid for PE files
# MSI file
# Warning: -ph option is only valid for PE files
exit 0

58
tests/recipes/10_sign_blob
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="101. Sign a PE file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2
verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="102. Sign a CAB file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="103. Sign a MSI file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2
verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

71
tests/recipes/11_sign_nest
View File

@ -1,71 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="111. Sign a PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_111_signed.exe"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_111_signed.exe" -out "test_111.exe"
verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="112. Sign a CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Sign a MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113_signed.msi"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_113_signed.msi" -out "test_113.msi"
verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/12_sign_readpass_pem
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="121. Sign a PE file with the PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_121.exe"
verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="122. Sign a CAB file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "test.ex_" -out "test_122.ex_"
verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="123. Sign a MSI file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "sample.msi" -out "test_123.msi"
verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/13_sign_readpass_pkcs12
View File

@ -1,59 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="131. Sign a PE file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.exe" -out "test_131.exe"
verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"
verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi"
verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/14_sign_descryption
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with a descryption
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="141. Sign a PE file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_141.exe"
verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="142. Sign a CAB file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"
verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="143. Sign a MSI file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi"
verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

59
tests/recipes/15_sign_url
View File

@ -1,59 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="151. Sign a PE file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.exe" -out "test_151.exe"
verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="152. Sign a CAB file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"
verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="153. Sign a MSI file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "sample.msi" -out "test_153.msi"
verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

61
tests/recipes/16_sign_comm
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="161. Sign a PE file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_161.exe"
verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="162. Sign a CAB file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"
verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="163. Sign a MSI file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi"
verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

60
tests/recipes/17_sign_crosscertfile
View File

@ -1,60 +0,0 @@
#!/bin/sh
# Add an additional certificate to the signature block of the PE/CAB/MSI file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="171. Add an additional certificate to the signature block of the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.exe" -out "test_171.exe"
verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="172. Add an additional certificate to the signature block of the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"
verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="173. Add an additional certificate to the signature block of the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "sample.msi" -out "test_173.msi"
verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

27
tests/recipes/21_sign_hash_md5
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Sign a PE file with MD5 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h md5 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe"
verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

27
tests/recipes/22_sign_hash_sha1
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Sign a PE file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha1 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe"
verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

27
tests/recipes/23_sign_hash_sha2
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Signing a PE file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha2 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe"
verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

27
tests/recipes/24_sign_hash_sha384
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Sign a PE file with SHA384 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha384 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe"
verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

27
tests/recipes/25_sign_hash_sha512
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Sign a PE file with SHA512 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe"
verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# MSI file
exit 0

61
tests/recipes/26_extract_signature_pem
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Extract the signature in the PEM format from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="261. Extract the PEM signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_261.exe" && \
../../osslsigncode extract-signature -pem \
-in "test_261.exe" -out "sign_pe.pem"
verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="262. Extract the PEM signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_262.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_262.ex_" -out "sign_cab.pem"
verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="263. Extract the PEM signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_263.msi" && \
../../osslsigncode extract-signature -pem \
-in "test_263.msi" -out "sign_msi.pem"
verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

61
tests/recipes/27_extract_signature_der
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Extract the signature in the DER format from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="271. Extract the DER signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_271.exe" && \
../../osslsigncode extract-signature \
-in "test_271.exe" -out "sign_pe.der"
verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="272. Extract the DER signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_272.ex_" && \
../../osslsigncode extract-signature \
-in "test_272.ex_" -out "sign_cab.der"
verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="273. Extract the DER signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_273.msi" && \
../../osslsigncode extract-signature \
-in "test_273.msi" -out "sign_msi.der"
verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/31_attach_signature_der
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Attach the DER signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="311. Attach the DER signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \
-sigin "sign_pe.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_311.exe"
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="312. Attach the DER signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_312.ex_"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="313. Attach the DER signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_313.msi"
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

58
tests/recipes/32_attach_signature_pem
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Attach the PEM signature to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="321. Attach the PEM signature to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.exe" -out "test_321.exe"
verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="322. Attach the PEM signature to the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="323. Attach the PEM signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_323.msi"
verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

69
tests/recipes/33_attach_signed
View File

@ -1,69 +0,0 @@
#!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="331. Attach the signature to the signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_331_signed.exe"
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_331_signed.exe" -out "test_331.exe"
verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="332. Attach the signature to the signed CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_332_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="333. Attach the signature to the signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_333_signed.msi"
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

74
tests/recipes/34_attach_nest
View File

@ -1,74 +0,0 @@
#!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag
# in order to attach the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="341. Attach the signature to the signed PE file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_341_signed.exe"
../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_341_signed.exe" -out "test_341.exe"
verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="342. Attach the signature to the signed CAB file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_342_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_342_signed.ex_" -out "test_342.ex_"
verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="343. Attach the signature to the signed MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_343_signed.msi"
../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_343_signed.msi" -out "test_343.msi"
verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

61
tests/recipes/35_remove_signature
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Remove the signature from the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="351. Remove the signature from the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_351_signed.exe" && \
../../osslsigncode remove-signature \
-in "test_351_signed.exe" -out "test_351.exe"
verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="352. Remove the signature from the CAB file"
printf "\n%s\n" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_352_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_352_signed.ex_" -out "test_352.ex_"
verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="353. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_353_signed.msi" && \
../../osslsigncode remove-signature \
-in "test_353_signed.msi" -out "test_353.msi"
verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

55
tests/recipes/36_varia_sha256sum
View File

@ -1,55 +0,0 @@
#!/bin/sh
# Checking SHA256 message digests for 31x-33x tests.
. $(dirname $0)/../test_library
res=0
res=0
skip=0
test_name="361. Checking SHA256 message digests for 31x-33x tests"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_exe.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_exe.log"
else
skip=$(($skip+1))
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 2
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

70
tests/recipes/37_add_signature_timestamp
View File

@ -1,70 +0,0 @@
#!/bin/sh
# Add an authenticode timestamp to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="371. Add an authenticode timestamp to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_371_signed.exe" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_371_signed.exe" -out "test_371.exe"
verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="372. Add an authenticode timestamp to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_372_signed.ex_" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

70
tests/recipes/38_add_signature_rfc3161
View File

@ -1,70 +0,0 @@
#!/bin/sh
# Add an RFC 3161 timestamp to signed PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="381. Add RFC 3161 timestamp to signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_381_signed.exe"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_381_signed.exe" -out "test_381.exe"
verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="382. Add RFC 3161 timestamp to signed CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_382_signed.ex_"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

64
tests/recipes/39_add_signature_blob
View File

@ -1,64 +0,0 @@
#!/bin/sh
# Add an unauthenticated blob to the PE/CAB/MSI file.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="391. Add an unauthenticated blob to the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_391_signed.exe"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_391_signed.exe" -out "test_391.exe"
verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="392. Add an unauthenticated blob to the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_392_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_392_signed.ex_" -out "test_392.ex_"
verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="393. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_393_signed.msi"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_393_signed.msi" -out "test_393.msi"
verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

52
tests/recipes/40_verify_leaf_hash
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.exe" -out "test_401.exe"
verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "sample.msi" -out "test_403.msi"
verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

35
tests/recipes/41_sign_add_msi_dse
View File

@ -1,35 +0,0 @@
#!/bin/sh
# Sign a MSI file with the add-msi-dse option.
# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
# when signing MSI files. In addition to file content, it also hashes some file metadata,
# specifically file names, file sizes, creation times and modification times.
# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
# Warning: -add-msi-dse option is only valid for MSI files
# CAB file
# Warning: -add-msi-dse option is only valid for MSI files
# MSI file
test_name="411. Sign a MSI file with the add-msi-dse option"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "sample.msi" -out "test_411.msi"
verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

31
tests/recipes/42_sign_jp_low
View File

@ -1,31 +0,0 @@
#!/bin/sh
# Sign a CAB file with "jp low" option
# https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
# Warning: -jp option is only valid for CAB files
# CAB file
test_name="421. Sign a CAB file with jp low option"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_421.ex_"
verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
# Warning: -jp option is only valid for CAB files
exit 0

30
tests/recipes/45_verify_fake_pe
View File

@ -1,30 +0,0 @@
#!/bin/sh
# Verify changed PE file after signing.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="451. Verify changed PE file after signing"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_451.exe"
verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

33
tests/recipes/46_verify_timestamp
View File

@ -1,33 +0,0 @@
#!/bin/sh
# Verify changed PE file after signing with Authenticode timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="461. Verify changed PE file after signing with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_461.exe"
verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

34
tests/recipes/47_verify_rfc3161
View File

@ -1,34 +0,0 @@
#!/bin/sh
# Verify changed PE file after signing with RFC 3161 timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
# PE file
test_name="471. Verify changed PE file after signing with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_471.exe"
verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0

57
tests/recipes/51_verify_time
View File

@ -1,57 +0,0 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature after the cert has been expired.
. $(dirname $0)/../test_library
# PE file
test_name="511. Verify PE file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="512. Verify CAB file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="513. Verify MSI file signature after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_513.msi"'
verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

66
tests/recipes/52_verify_timestamp
View File

@ -1,66 +0,0 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library
# PE file
test_name="521. Verify PE file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="522. Verify CAB file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="523. Verify MSI file signature with timestamping after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_523.msi"'
verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

66
tests/recipes/53_verify_rfc3161
View File

@ -1,66 +0,0 @@
#!/bin/sh
# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library
# PE file
test_name="531. Verify PE file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_533.msi"'
verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

66
tests/recipes/54_verify_expired
View File

@ -1,66 +0,0 @@
#!/bin/sh
# Verify PE/CAB/MSI file signed with the expired cert.
. $(dirname $0)/../test_library
# PE file
test_name="541. Verify PE file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="542. Verify CAB file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="543. Verify MSI file signed with the expired cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_543.msi"'
verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

66
tests/recipes/55_verify_revoked
View File

@ -1,66 +0,0 @@
#!/bin/sh
# Verify PE/CAB/MSI file signed with the revoked cert.
. $(dirname $0)/../test_library
# PE file
test_name="551. Verify PE file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file
test_name="552. Verify CAB file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="553. Verify MSI file signed with the revoked cert"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_553.msi"'
verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0

Some files were not shown because too many files have changed in this diff Show More