nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-03 11:42:47 -05:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nhyatt:2.1
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0
..
compare: nhyatt:2.2
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0

48 Commits
2.1 ... 2.2

Author SHA1 Message Date
Michał Trojnara
8c37b00d83 release 2.2 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2021-08-15 21:42:01 +02:00
aesx86
f2559972f3 fix gcc command line 2021-07-06 08:48:43 +02:00
Michał Trojnara
057d38ee76 Additional test dependency checks 2021-06-27 10:10:01 +02:00
Michał Trojnara
ed8ee4194b typo 2021-06-19 12:29:05 +02:00
Michał Trojnara
c64add388b Separate section for bootstrapping 2021-06-13 21:57:09 +02:00
sebaxakerhtc
2912eb054c missing autoconf for MacOS 2021-06-13 20:47:38 +02:00
olszomal
de05123adc update documentation 2021-06-09 23:36:17 +02:00
olszomal
180b352102 tests improvements 2021-06-09 23:36:17 +02:00
olszomal
72de045151 Add the bootstrap file 2021-06-09 23:36:17 +02:00
olszomal
95d77c9b98 help and version commands return code 0 (success) 2021-06-09 23:34:57 +02:00
olszomal
64e7e26eba free up BIO outdata only for MSI files 2021-05-30 22:14:35 +02:00
olszomal
e26a50a618 clarifying comments 2021-05-30 22:13:34 +02:00
olszomal
d2aa35a7f6 verify the content blob with the type set to OCTET STRING 2021-05-30 22:13:34 +02:00
Michał Trojnara
1c175c4339 Merge pull request #90 from olszomal/style 
Handle unsuccessful termination exit(-1)
 2021-05-04 09:40:12 +02:00
olszomal
3dad092be9 Merge branch 'master' into style 2021-05-04 09:20:12 +02:00
olszomal
de0bf341a5 free up the SIGNATURE structure 2021-05-04 09:02:20 +02:00
olszomal
4d5052c3f4 remove trailing newlines 2021-05-04 08:51:07 +02:00
olszomal
04823393f2 renamed options: 
"-untrusted" --> "-TSA-CAfile"
"-CRLuntrusted" --> "-TSA-CRLfile"
 2021-05-04 08:49:39 +02:00
olszomal
cfb897a902 handle unsuccessful termination exit (-1) 2021-04-26 11:35:19 +02:00
olszomal
8b064ca814 sizeof style 2021-04-26 10:48:53 +02:00
egonk
1bdfcc8940 fix crl nullptr crash in read_certfile 2021-04-25 21:59:36 +02:00
olszomal
bcdc5b7030 fixed width integer types 2021-04-25 21:43:00 +02:00
olszomal
3908e874a4 sizeof style 2021-04-25 21:38:57 +02:00
olszomal
a161efdb25 fix buffer overflow 2021-04-25 21:38:57 +02:00
olszomal
b01a2f5cd7 C89 standard compatibility 2021-04-25 21:38:57 +02:00
olszomal
b6e6165782 moral rights 2021-04-25 21:38:57 +02:00
olszomal
9b3697ad76 update changelog 2021-04-25 21:38:57 +02:00
olszomal
758003156e MSI file signing support 
DIFAT sectors are not supported
 2021-04-25 21:38:57 +02:00
olszomal
4f590989ce remove libgsf library dependency 
MSI file verify and remove-signature support
 2021-04-25 21:38:57 +02:00
olszomal
6df4c12624 verify msi metadata 2021-04-25 21:38:57 +02:00
Michał Trojnara
315357f092 Update a dead link in the documentation 
Closes #84
 2021-04-05 20:32:38 +02:00
olszomal
c0d9569c4f disable GSF_CAN_READ_MSI_METADATA 2021-01-11 21:21:02 +01:00
olszomal
352ef49b3a unicode description support 2021-01-11 21:20:18 +01:00
olszomal
f004aa3f48 new testing framework 2021-01-11 21:20:18 +01:00
olszomal
6edd56bfac Print the message digest algorithm from the signer info structure 2021-01-11 21:20:18 +01:00
olszomal
67e4edfe45 Print authenticated attributes: 
- message digest
- signing time
- URL description
- text description
- level of permissions for CAB files
 2021-01-11 21:20:18 +01:00
olszomal
5ad5260351 update copyright year 2021-01-11 21:20:18 +01:00
tdyer
790abf66da update documentation for timestamp server 
- verisign timestamp server is no longer in service
   update docs to point to alternative service
 2021-01-06 21:25:41 +01:00
olszomal
1dc209baa8 fix the default end date and extended key usage for test certificates 2021-01-06 21:24:40 +01:00
olszomal
2f011cfc31 p11engine and p11module need to be orthogonal (independent of each other) 2021-01-06 21:24:05 +01:00
olszomal
e8fe3e934d code simplification 2021-01-06 21:20:56 +01:00
olszomal
f8849b8048 new option -c specifies the catalog file by name 2021-01-06 21:20:56 +01:00
olszomal
86d593f264 Create a MsCtlContent structure to decode the Microsoft MS_CTL_OBJID object 2021-01-06 21:20:56 +01:00
olszomal
5e064233a3 increase the maximum size of supported CAT files 2020-11-10 04:28:43 +01:00
olszomal
fb1bc06440 CAT file tests 2020-11-02 10:11:10 +01:00
olszomal
80d5948eeb CAT files support 2020-11-02 10:11:10 +01:00
olszomal
0d6d0071d3 sort Microsoft and Generic OIDs 2020-11-02 10:11:10 +01:00
Artem Polishchuk
250521e07f fix(tests): swallows the exit code 2020-10-15 18:15:59 +02:00
64 changed files with 4816 additions and 4846 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@ -15,7 +15,10 @@ install-sh
missing missing
osslsigncode osslsigncode
osslsigncode.o osslsigncode.o
msi.o
stamp-h1 stamp-h1
INSTALL
COPYING
.#*# .#*#
.*.bak .*.bak

2
INSTALL.W32.md
View File

@ -12,7 +12,7 @@
2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables. 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
``` ```
cd osslsigncode-folder cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c -o osslsigncode.exe \ x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-lcrypto -lssl -lcurl -lgsf-1 -lgobject-2.0 -lglib-2.0 -lxml2 \ -lcrypto -lssl -lcurl -lgsf-1 -lgobject-2.0 -lglib-2.0 -lxml2 \
-I 'C:/msys64/mingw64/include/libgsf-1' \ -I 'C:/msys64/mingw64/include/libgsf-1' \
-I 'C:/msys64/mingw64/include/glib-2.0' \ -I 'C:/msys64/mingw64/include/glib-2.0' \

6
Makefile.am
View File

@ -8,9 +8,9 @@ MAINTAINERCLEANFILES = \
$(srcdir)/config.guess $(srcdir)/config.sub $(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = .gitignore EXTRA_DIST = .gitignore
AM_CFLAGS = $(GSF_CFLAGS) $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS) AM_CFLAGS = $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS)
bin_PROGRAMS = osslsigncode bin_PROGRAMS = osslsigncode
osslsigncode_SOURCES = osslsigncode.c osslsigncode_SOURCES = osslsigncode.c msi.c msi.h
osslsigncode_LDADD = $(GSF_LIBS) $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS) osslsigncode_LDADD = $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS)

9
CHANGELOG.md → NEWS.md
View File

@ -1,3 +1,12 @@
### 2.2 (2021.08.15)
- CAT files support (thanks to James McKenzie)
- MSI support rewritten without libgsf dependency, which allows
for handling of all the needed MSI metadata, such as dates
- "-untrusted" option renamed to "-TSA-CAfile"
- "-CRLuntrusted" option renamed to "-TSA-CRLfile"
- numerous bug fixes and improvements
### 2.1 (2020-10-11) ### 2.1 (2020-10-11)
- certificate chain verification support - certificate chain verification support

59
README.md
View File

@ -19,29 +19,55 @@ tool would fail. And, so, osslsigncode was born.
## WHAT CAN IT DO? ## WHAT CAN IT DO?
It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB and MSI files. It supports It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB, CAT and MSI files.
the equivalent of signtool.exe's "-j javasign.dll -jp low", i.e. add a It supports the equivalent of signtool.exe's "-j javasign.dll -jp low",
valid signature for a CAB file containing Java files. It supports getting i.e. add a valid signature for a CAB file containing Java files.
the timestamp through a proxy as well. It also supports signature verification, It supports getting the timestamp through a proxy as well. It also
removal and extraction. supports signature verification, removal and extraction.
## BUILDING ## BUILDING
This build technique works on Linux and macOS, if you have the necessary tools installed: This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems.
See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes.
### Generate the ./configure script
This step is only needed if osslsigncode was cloned from a git repository.
We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead.
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
``` ```
./autogen.sh sudo apt update && sudo apt install automake pkg-config
./configure
make
make install
``` ```
* On Linux, (tested on Debian/Ubuntu) you may need `sudo apt-get update && sudo apt-get install build-essential autoconf libtool libssl-dev python3-pkgconfig libcurl4-gnutls-dev` * Install prerequisites on macOS with Homebrew:
* On macOS with Homebrew, you probably need to do these things before autogen.sh and configure:
``` ```
brew install openssl@1.1 automake pkg-config libtool brew install automake pkg-config
```
* Generate the ./configure script:
```
./bootstrap
```
### Configure, build and install osslsigncode
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
sudo apt update && sudo apt install build-essential pkg-config libssl-dev libcurl4-openssl-dev
```
* Install prerequisites on macOS with Homebrew:
```
brew install pkg-config openssl@1.1
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
``` ```
* Configure, build and install osslsigncode:
```
./configure && make && sudo make install
```
## USAGE ## USAGE
Before you can sign a file you need a Software Publishing Before you can sign a file you need a Software Publishing
@ -75,7 +101,7 @@ or if you want to add a timestamp as well:
``` ```
osslsigncode sign -certs <cert-file> -key <key-file> \ osslsigncode sign -certs <cert-file> -key <key-file> \
-n "Your Application" -i http://www.yourwebsite.com/ \ -n "Your Application" -i http://www.yourwebsite.com/ \
-t http://timestamp.verisign.com/scripts/timstamp.dll \ -t http://timestamp.digicert.com \
-in yourapp.exe -out yourapp-signed.exe -in yourapp.exe -out yourapp-signed.exe
``` ```
You can use a certificate and key stored in a PKCS#12 container: You can use a certificate and key stored in a PKCS#12 container:
@ -99,11 +125,10 @@ An example of using osslsigncode with SoftHSM:
osslsigncode sign \ osslsigncode sign \
-pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \ -pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \
-pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \ -pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \
-certs <cert-file> \ -pkcs11cert 'pkcs11:token=softhsm-token;object=cert' \
-key 'pkcs11:token=softhsm-token;object=key' \ -key 'pkcs11:token=softhsm-token;object=key' \
-in yourapp.exe -out yourapp-signed.exe -in yourapp.exe -out yourapp-signed.exe
``` ```
osslsigncode currently does not support reading certificates from engines.
You can check that the signed file is correct by right-clicking You can check that the signed file is correct by right-clicking
on it in Windows and choose Properties --> Digital Signatures, on it in Windows and choose Properties --> Digital Signatures,
@ -130,7 +155,7 @@ use instead of your *.spc file. It's the same basic thing, in a different format
For your PVK file, you will need to download a little utility called For your PVK file, you will need to download a little utility called
PVK.EXE. This can currently be downloaded at PVK.EXE. This can currently be downloaded at
http://support.globalsign.net/en/objectsign/PVK.zip https://www.globalsign.com/support/code-signing/PVK.zip
Run: Run:
``` ```

2
README.unauthblob.md
View File

@ -14,7 +14,7 @@ osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_passwo
``` ```
# Example 2. Timestamp and add blob to signed file # Example 2. Timestamp and add blob to signed file
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.verisign.com/scripts/timstamp.dll -in your_signed_file.exe -out out.exe osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe
``` ```
``` ```

1578
autogen.sh
View File

File diff suppressed because it is too large Load Diff

2
bootstrap Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
autoreconf --verbose --install --force

16
configure.ac
View File

@ -1,6 +1,6 @@
AC_PREREQ(2.60) AC_PREREQ(2.60)
AC_INIT([osslsigncode], [2.1.0], [Michal.Trojnara@stunnel.org]) AC_INIT([osslsigncode], [2.2.0], [Michal.Trojnara@stunnel.org])
AC_CONFIG_AUX_DIR([.]) AC_CONFIG_AUX_DIR([.])
AC_CONFIG_HEADERS([config.h]) AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE AM_INIT_AUTOMAKE
@ -77,20 +77,6 @@ AC_CHECK_LIB(
AC_CHECK_HEADERS([termios.h]) AC_CHECK_HEADERS([termios.h])
AC_CHECK_FUNCS(getpass) AC_CHECK_FUNCS(getpass)
AC_ARG_WITH([gsf],
AS_HELP_STRING([--without-gsf], [Ignore presence of libgsf and disable it])
)
AS_IF([test "x$with_gsf" != "xno"],
[PKG_CHECK_MODULES([GSF], [libgsf-1], [have_gsf=yes], [have_gsf=no])],
[have_gsf=no]
)
AS_IF([test "x$have_gsf" = "xyes"],
[AC_DEFINE([WITH_GSF], 1, [Have libgsf?])],
[AS_IF([test "x$with_gsf" = "xyes"],
[AC_MSG_ERROR([libgsf requested but not found])])]
)
PKG_CHECK_MODULES( PKG_CHECK_MODULES(
[OPENSSL], [OPENSSL],
[libcrypto >= 1.1.1], [libcrypto >= 1.1.1],

1099
msi.c Normal file
View File

File diff suppressed because it is too large Load Diff

206
msi.h Normal file
View File

@ -0,0 +1,206 @@
/*
* MSI file support library
*
* Copyright (C) 2021 Michał Trojnara <Michal.Trojnara@stunnel.org>
* Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
*
* Reference specifications:
* http://en.wikipedia.org/wiki/Compound_File_Binary_Format
* https://msdn.microsoft.com/en-us/library/dd942138.aspx
* https://github.com/microsoft/compoundfilereader
*/
#include <stdint.h>
#include <openssl/safestack.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#define MAXREGSECT 0xfffffffa /* maximum regular sector number */
#define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */
#define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */
#define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */
#define NOSTREAM 0xffffffff /* terminator or empty pointer */
#define FREESECT 0xffffffff /* empty unallocated free sectors */
#define DIR_UNKNOWN 0
#define DIR_STORAGE 1
#define DIR_STREAM 2
#define DIR_ROOT 5
#define RED_COLOR 0
#define BLACK_COLOR 1
#define DIFAT_IN_HEADER 109
#define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */
#define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */
#define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */
#define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */
#define HEADER_CLSID 0x08 /* reserved and unused */
#define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */
#define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */
#define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */
#define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */
#define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */
#define RESERVED 0x22 /* reserved and unused */
#define HEADER_DIR_SECTORS_NUM 0x28
#define HEADER_FAT_SECTORS_NUM 0x2c
#define HEADER_DIR_SECTOR_LOC 0x30
#define HEADER_TRANSACTION 0x34
#define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */
#define HEADER_MINI_FAT_SECTOR_LOC 0x3c
#define HEADER_MINI_FAT_SECTORS_NUM 0x40
#define HEADER_DIFAT_SECTOR_LOC 0x44
#define HEADER_DIFAT_SECTORS_NUM 0x48
#define HEADER_DIFAT 0x4c
#define DIRENT_SIZE 0x80 /* 128 bytes */
#define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */
#define DIRENT_NAME 0x00
#define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */
#define DIRENT_TYPE 0x42
#define DIRENT_COLOUR 0x43
#define DIRENT_LEFT_SIBLING_ID 0x44
#define DIRENT_RIGHT_SIBLING_ID 0x48
#define DIRENT_CHILD_ID 0x4c
#define DIRENT_CLSID 0x50
#define DIRENT_STATE_BITS 0x60
#define DIRENT_CREATE_TIME 0x64
#define DIRENT_MODIFY_TIME 0x6c
#define DIRENT_START_SECTOR_LOC 0x74
#define DIRENT_FILE_SIZE 0x78
#define GET_UINT8_LE(p) ((u_char*)(p))[0]
#define GET_UINT16_LE(p) (((u_char*)(p))[0] | (((u_char*)(p))[1]<<8))
#define GET_UINT32_LE(p) (((u_char*)(p))[0] | (((u_char*)(p))[1]<<8) | \
(((u_char*)(p))[2]<<16) | (((u_char*)(p))[3]<<24))
#define PUT_UINT8_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff;
#define PUT_UINT16_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff
#define PUT_UINT32_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff; \
((u_char*)(p))[2] = ((i)>>16) & 0xff; \
((u_char*)(p))[3] = ((i)>>24) & 0xff
typedef unsigned char u_char;
typedef struct {
u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */
u_char unused_clsid[16]; /* reserved and unused */
uint16_t minorVersion;
uint16_t majorVersion;
uint16_t byteOrder;
uint16_t sectorShift; /* power of 2 */
uint16_t miniSectorShift; /* power of 2 */
u_char reserved[6]; /* reserved and unused */
uint32_t numDirectorySector;
uint32_t numFATSector;
uint32_t firstDirectorySectorLocation;
uint32_t transactionSignatureNumber; /* reserved */
uint32_t miniStreamCutoffSize;
uint32_t firstMiniFATSectorLocation;
uint32_t numMiniFATSector;
uint32_t firstDIFATSectorLocation;
uint32_t numDIFATSector;
uint32_t headerDIFAT[DIFAT_IN_HEADER];
} MSI_FILE_HDR;
typedef struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
uint8_t colorFlag;
uint32_t leftSiblingID;
uint32_t rightSiblingID;
uint32_t childID;
u_char clsid[16];
u_char stateBits[4];
u_char creationTime[8];
u_char modifiedTime[8];
uint32_t startSectorLocation;
u_char size[8];
} MSI_ENTRY;
typedef struct {
u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen;
uint8_t type;
MSI_ENTRY *entry;
STACK_OF(MSI_DIRENT) *children;
} MSI_DIRENT;
DEFINE_STACK_OF(MSI_DIRENT)
typedef struct {
const u_char *m_buffer;
size_t m_bufferLen;
MSI_FILE_HDR *m_hdr;
size_t m_sectorSize;
size_t m_minisectorSize;
size_t m_miniStreamStartSector;
} MSI_FILE;
typedef struct {
char *header;
char *ministream;
char *minifat;
char *fat;
uint32_t dirtreeLen;
uint32_t miniStreamLen;
uint32_t minifatLen;
uint32_t fatLen;
int ministreamsMemallocCount;
int minifatMemallocCount;
int fatMemallocCount;
int dirtreeSectorsCount;
int minifatSectorsCount;
int fatSectorsCount;
int miniSectorNum;
int sectorNum;
size_t sectorSize;
} MSI_OUT;
static u_char msi_magic[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1
};
static const u_char digital_signature[] = {
0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00,
0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00,
0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00,
0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00,
0x65, 0x00, 0x00, 0x00
};
static const u_char digital_signature_ex[] = {
0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00,
0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00,
0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00,
0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00,
0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00,
0x45, 0x00, 0x78, 0x00, 0x00, 0x00
};
int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, size_t offset, char *buffer, size_t len);
MSI_FILE *msi_file_new(char *buffer, size_t len);
void msi_file_free(MSI_FILE *msi);
MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi);
MSI_DIRENT *msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent);
MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse);
void msi_dirent_free(MSI_DIRENT *dirent);
MSI_FILE_HDR *msi_header_get(MSI_FILE *msi);
int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root);
void msi_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, size_t fileend);
int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen);
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, int len, u_char *p_msiex, int len_msiex, BIO *outdata);

2616
osslsigncode.c
View File

File diff suppressed because it is too large Load Diff

47
tests/certs/ca-bundle.crt Normal file
View File

@ -0,0 +1,47 @@
# Certum Trusted Network CA
-----BEGIN CERTIFICATE-----
MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
-----END CERTIFICATE-----
# DigiCert Assured ID Root CA
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
-----END CERTIFICATE-----

9
tests/certs/openssl_intermediate.cnf
View File

@ -18,7 +18,8 @@ default_md = sha256
preserve = no preserve = no
policy = policy_loose policy = policy_loose
default_startdate = 180101000000Z default_startdate = 180101000000Z
default_enddate = 210101000000Z default_enddate = 241231000000Z
x509_extensions = v3_req
[ req ] [ req ]
# Options for the `req` tool # Options for the `req` tool
@ -40,6 +41,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning extendedKeyUsage = codeSigning
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
extendedKeyUsage = codeSigning
[ policy_loose ] [ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates. # Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page. # See the POLICY FORMAT section of the `ca` man page.

87
tests/recipes/01_sign_pem
View File

@ -1,56 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and private key files in the PEM format. # Sign a file with a certificate and a private key in the PEM format.
# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT # -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=1
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="011. Sign a PE file with the certificate and private key files in the PEM format" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_011.exe" "ex_") filetype=CAB; format_nr=3 ;;
verify_signature "$?" "011" "exe" "success" "@2019-09-01 12:00:00" \ "exe") filetype=PE; format_nr=4 ;;
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" "ps1")
test_result "$?" "$test_name" filetype=TXT
else if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
printf "Test skipped\n" format_nr=5
fi desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="012. Sign a CAB file with the certificate and private key files in the PEM format" test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_012.ex_"
verify_signature "$?" "012" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="013. Sign a MSI file with the certificate and private key files in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_013.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "013" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/02_sign_pass
View File

@ -1,58 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the PEM format. # Sign a file with an encrypted private key in the PEM format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=2
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="021. Sign a PE file with the encrypted private key file in the PEM format" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-pass passme \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_021.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "021" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="022. Sign a CAB file with the encrypted private key file in the PEM format" test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "test.ex_" -out "test_022.ex_"
verify_signature "$?" "022" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="023. Sign a MSI file with the encrypted private key file in the PEM format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \ -pass passme \
-in "sample.msi" -out "test_023.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "023" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/03_sign_der
View File

@ -1,59 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the encrypted private key file in the DER format. # Sign a file with an encrypted private key in the DER format.
# Requires OpenSSL 1.0.0 or later # Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=3
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="031. Sign a PE file with the encrypted private key file in the DER format" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ "msi") filetype=MSI; format_nr=2 ;;
-pass passme \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_031.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "031" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="032. Sign a CAB file with the encrypted private key file in the DER format" test_name="Sign a $filetype$desc file with an encrypted private key in the DER format"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "test.ex_" -out "test_032.ex_"
verify_signature "$?" "032" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="033. Sign a MSI file with the encrypted private key file in the DER format"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \ -pass passme \
-in "sample.msi" -out "test_033.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "033" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

93
tests/recipes/04_sign_spc_pvk
View File

@ -1,59 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate file in the SPC format # Sign a file with a certificate in the SPC format
# and the private key file in the Microsoft Private Key (PVK) format. # and a private key in the Microsoft Private Key (PVK) format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=4
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="041. Sign a PE file a SPC certificate file and a PVK private key file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ "msi") filetype=MSI; format_nr=2 ;;
-pass passme \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_041.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "041" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="042. Sign a CAB file a SPC certificate file and a PVK private key file" test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "test.ex_" -out "test_042.ex_"
verify_signature "$?" "042" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="043. Sign a MSI file a SPC certificate file and a PVK private key file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \ -spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \ -pass passme \
-in "sample.msi" -out "test_043.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "043" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

90
tests/recipes/05_sign_pkcs12
View File

@ -1,57 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container. # Sign a file with a certificate and a key stored in a PKCS#12 container.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=5
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="051. Sign a PE file with a certificate and key stored in a PKCS#12 container" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-pkcs12 "${script_path}/../certs/cert.p12" -pass passme \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_051.exe" "ex_") filetype=CAB; format_nr=3 ;;
verify_signature "$?" "051" "exe" "success" "@2019-09-01 12:00:00" \ "exe") filetype=PE; format_nr=4 ;;
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" "ps1")
test_result "$?" "$test_name" filetype=TXT
else if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
printf "Test skipped\n" format_nr=5
fi desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="052. Sign a CAB file with a certificate and key stored in a PKCS#12 container" test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "test.ex_" -out "test_052.ex_"
verify_signature "$?" "052" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="053. Sign a MSI file with a certificate and key stored in a PKCS#12 container"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \ -pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \ -pass passme \
-in "sample.msi" -out "test_053.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "053" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

70
tests/recipes/06_test_sha256sum
View File

@ -2,53 +2,33 @@
# Checking SHA256 message digests for 01x-05x tests # Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
res=0 script_path=$(pwd)
skip=0 result=0
test_name="061. Checking SHA256 message digests for 01x-05x tests" test_nr=6
printf "\n%s\n" "$test_name"
if test -s "test.exe" for file in ${script_path}/../logs/sha256sum/*.*
then do
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then then
res=1 result=1
cat "sha256sum_exe.log" >> "results.log" cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi fi
rm -f "sha256sum_exe.log" rm -f "sha256sum/$name"
else test_result "$result" "$number" "$test_name"
skip=$(($skip+1)) done
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 3
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

97
tests/recipes/07_sign_timestamp
View File

@ -1,64 +1,61 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with Authenticode timestamping # Sign a file with Authenticode timestamping
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=7
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="071. Sign a PE file with Authenticode timestamping" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -in "notsigned/$name" -out "test_$number.$ext"
-in "test.exe" -out "test_071.exe" 2>> "results.log" 1>&2 result=$?
verify_signature "$?" "071" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="072. Sign a CAB file with Authenticode timestamping" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" else
then verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
../../osslsigncode sign -h sha256 \ "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
-st "1556668800" \ test_result "$?" "$number" "$test_name"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ fi
-t http://time.certum.pl/ \ done
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_072.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "072" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Sign a file with Authenticode timestamping"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="073. Sign a MSI file with Authenticode timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_073.msi"
verify_signature "$?" "073" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

97
tests/recipes/08_sign_rfc3161
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with RFC 3161 timestamping # Sign a file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting # An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed # data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by # at a particular moment in time and that it has not changed, even by
@ -7,62 +7,59 @@
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=8
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="081. Sign a PE file with RFC 3161 timestamping" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -in "notsigned/$name" -out "test_$number.$ext"
-in "test.exe" -out "test_081.exe" result=$?
verify_signature "$?" "081" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="082. Sign a CAB file with RFC 3161 timestamping" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" else
then verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
../../osslsigncode sign -h sha256 \ "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
-st "1556668800" \ test_result "$?" "$number" "$test_name"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ fi
-ts http://time.certum.pl/ \ done
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_082.ex_"
verify_signature "$?" "082" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Sign a file with RFC 3161 timestamping"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="083. Sign a MSI file with RFC 3161 timestamping"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "sample.msi" -out "test_083.msi"
verify_signature "$?" "083" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

44
tests/recipes/09_sign_page_hashes
View File

@ -1,29 +1,33 @@
#!/bin/sh #!/bin/sh
# Generate page hashes for a PE file # Generate page hashes for a file
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=9
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"exe") filetype=PE; format_nr=4 ;;
*) continue ;; # Warning: -ph option is only valid for PE files
esac
number="$test_nr$format_nr"
test_name="Generate page hashes for a $filetype file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="091. Generate page hashes for a PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 -ph \ ../../osslsigncode sign -h sha256 -ph \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_091.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "091" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
# Warning: -ph option is only valid for PE files "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
# MSI file done
# Warning: -ph option is only valid for PE files
exit 0 exit 0

91
tests/recipes/10_sign_blob
View File

@ -1,58 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with addUnauthenticatedBlob. # Sign a file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=10
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="101. Sign a PE file with addUnauthenticatedBlob" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-addUnauthenticatedBlob \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_101.exe" 2>> "results.log" 1>&2 "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "101" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="102. Sign a CAB file with addUnauthenticatedBlob" test_name="Sign a $filetype$desc file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_102.ex_" 2>> "results.log" 1>&2
verify_signature "$?" "102" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="103. Sign a MSI file with addUnauthenticatedBlob"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-addUnauthenticatedBlob \ -addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_103.msi" 2>> "results.log" 1>&2 -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "103" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

89
tests/recipes/11_sign_nest
View File

@ -1,71 +1,42 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file twice with the "nest" flag in the second time # Sign a file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one. # in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=11
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="111. Sign a PE file with the nest flag" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") continue;; # Warning: CAT files do not support nesting
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_111_signed.exe" "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode sign -h sha512 \ "exe") filetype=PE; format_nr=4 ;;
-nest \ "ps1") continue;; # Warning: TXT files do not support nesting
-st "1556668800" \ esac
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_111_signed.exe" -out "test_111.exe"
verify_signature "$?" "111" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file number="$test_nr$format_nr"
test_name="112. Sign a CAB file with the nest flag" test_name="Sign a $filetype$desc file with the nest flag"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_112_signed.ex_"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_112_signed.ex_" -out "test_112.ex_"
verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="113. Sign a MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_113_signed.msi" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-nest \ -nest \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test_113_signed.msi" -out "test_113.msi" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "113" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
else "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
printf "Test skipped\n" test_result "$?" "$number" "$test_name"
fi done
exit 0 exit 0

92
tests/recipes/12_sign_readpass_pem
View File

@ -1,58 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with a PEM key file and a password read from password.txt file. # Sign a file with a PEM key and a password read from password.txt file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=12
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="121. Sign a PE file with the PEM key file and the file with a password" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-readpass "${script_path}/../certs/password.txt" \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_121.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "121" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="122. Sign a CAB file with a PEM key file and the file with a password" test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "test.ex_" -out "test_122.ex_"
verify_signature "$?" "122" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="123. Sign a MSI file with a PEM key file and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \ -addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -readpass "${script_path}/../certs/password.txt" \
-in "sample.msi" -out "test_123.msi" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
verify_signature "$?" "123" "msi" "success" "@2019-09-01 12:00:00" \ -in "notsigned/$name" -out "test_$number.$ext"
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "Test skipped\n" printf "%s\n" "Compare file prefix failed"
fi test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/13_sign_readpass_pkcs12
View File

@ -1,59 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the certificate and key stored in a PKCS#12 container # Sign a file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file. # and a password read from password.txt file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=13
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="131. Sign a PE file with a PKCS#12 container and the file with a password" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-readpass "${script_path}/../certs/password.txt" \ "msi") filetype=MSI; format_nr=2 ;;
-pkcs12 "${script_path}/../certs/cert.p12" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_131.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "131" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="132. Sign a CAB file with a PKCS#12 container and the file with a password" test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "test.ex_" -out "test_132.ex_"
verify_signature "$?" "132" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="133. Sign a MSI file with a PKCS#12 container and the file with a password"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \ -readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \ -pkcs12 "${script_path}/../certs/cert.p12" \
-in "sample.msi" -out "test_133.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "133" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/14_sign_descryption
View File

@ -1,58 +1,53 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with a descryption # Sign a file with a descryption.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=14
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="141. Sign a PE file with a descryption" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-n "DESCRYPTION_TEXT" \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_141.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "141" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="142. Sign a CAB file with a descryption" test_name="Sign a $filetype$desc file with a descryption"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_142.ex_"
verify_signature "$?" "142" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="143. Sign a MSI file with a descryption"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-n "DESCRYPTION_TEXT" \ -n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_143.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "143" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/15_sign_url
View File

@ -1,59 +1,54 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with specified URL for expanded description of the signed content # Sign a file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=15
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="151. Sign a PE file with specified URL" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-i "https://www.osslsigncode.com/" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_151.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "151" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="152. Sign a CAB file with specified URL" test_name="Sign a $filetype$desc file with specified URL"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-i "https://www.osslsigncode.com/" \
-in "test.ex_" -out "test_152.ex_"
verify_signature "$?" "152" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="153. Sign a MSI file with specified URL"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -i "https://www.osslsigncode.com/" \
-i "https://www.osslsigncode.com/" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_153.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "153" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

97
tests/recipes/16_sign_comm
View File

@ -1,61 +1,58 @@
#!/bin/sh #!/bin/sh
# Sign a PE/CAB/MSI file with the commercial purpose set for SPC_STATEMENT_TYPE_OBJID # Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11" # object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Individual Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15" # changes default Microsoft Individual Code Signing:
# sets Commercial Code Signing: "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16" # "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Microsoft Commercial Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=16
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="161. Sign a PE file with the common purpose set" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-comm \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_161.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "161" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="162. Sign a CAB file with the common purpose set" test_name="Sign a $filetype$desc file with the common purpose set"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_162.ex_"
verify_signature "$?" "162" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="163. Sign a MSI file with the common purpose set"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-comm \ -comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_163.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "163" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "HEX" "300c060a2b060104018237020116" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

91
tests/recipes/17_sign_crosscertfile
View File

@ -1,60 +1,55 @@
#!/bin/sh #!/bin/sh
# Add an additional certificate to the signature block of the PE/CAB/MSI file. # Add an additional certificate to the signature block of the file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps # https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification # https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=17
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="171. Add an additional certificate to the signature block of the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-ac "${script_path}/../certs/crosscert.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_171.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "171" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="172. Add an additional certificate to the signature block of the CAB file" test_name="Add an additional certificate to the signature block of a $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ac "${script_path}/../certs/crosscert.pem" \
-in "test.ex_" -out "test_172.ex_"
verify_signature "$?" "172" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="173. Add an additional certificate to the signature block of the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -ac "${script_path}/../certs/crosscert.pem" \
-ac "${script_path}/../certs/crosscert.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_173.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "173" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

61
tests/recipes/21_sign_hash_md5
View File

@ -1,27 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with MD5 set of cryptographic hash functions. # Sign a file with MD5 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=21
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="211. Sign a PE file with MD5 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h md5 \ ../../osslsigncode sign -h md5 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_211.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "211" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "MD5" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
# MSI file test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MD5" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

61
tests/recipes/22_sign_hash_sha1
View File

@ -1,27 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA1 set of cryptographic hash functions. # Sign a file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=22
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="221. Sign a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha1 \ ../../osslsigncode sign -h sha1 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_221.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "221" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
# MSI file test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

61
tests/recipes/23_sign_hash_sha2
View File

@ -1,27 +1,52 @@
#!/bin/sh #!/bin/sh
# Signing a PE file with SHA1 set of cryptographic hash functions. # Signing a file with SHA2 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=23
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="231. Signing a PE file with SHA1 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha2 \ ../../osslsigncode sign -h sha2 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_231.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "231" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
# MSI file test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

61
tests/recipes/24_sign_hash_sha384
View File

@ -1,27 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA384 set of cryptographic hash functions. # Sign a file with SHA384 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=24
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="241. Sign a PE file with SHA384 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha384 \ ../../osslsigncode sign -h sha384 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_241.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "241" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
# MSI file test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

61
tests/recipes/25_sign_hash_sha512
View File

@ -1,27 +1,52 @@
#!/bin/sh #!/bin/sh
# Sign a PE file with SHA512 set of cryptographic hash functions. # Sign a file with SHA512 set of cryptographic hash functions.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=25
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="251. Sign a PE file with SHA512 set of cryptographic hash functions"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_251.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "251" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
# MSI file test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

96
tests/recipes/26_extract_signature_pem
View File

@ -1,61 +1,55 @@
#!/bin/sh #!/bin/sh
# Extract the signature in the PEM format from the PE/CAB/MSI file. # Extract the signature in the PEM format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=26
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="261. Extract the PEM signature from the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha512 \ case $ext in
-st "1556668800" \ "cat") continue;; # Unsupported command
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_261.exe" && \ "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode extract-signature -pem \ "exe") filetype=PE; format_nr=4 ;;
-in "test_261.exe" -out "sign_pe.pem" "ps1")
verify_signature "$?" "261" "exe" "success" "@2019-09-01 12:00:00" \ filetype=TXT
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
test_result "$?" "$test_name" format_nr=5
else desc=" UTF-16LE(BOM)"
printf "Test skipped\n" elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
fi format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="262. Extract the PEM signature from the CAB file" test_name="Extract the PEM signature from the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_262.ex_" && \
../../osslsigncode extract-signature -pem \
-in "test_262.ex_" -out "sign_cab.pem"
verify_signature "$?" "262" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="263. Extract the PEM signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_263.msi" && \ -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature -pem \ ../../osslsigncode extract-signature \
-in "test_263.msi" -out "sign_msi.pem" -pem \
verify_signature "$?" "263" "msi" "success" "@2019-09-01 12:00:00" \ -in "test_$number.$ext" -out "sign_$format_nr.pem"
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "Test skipped\n" printf "%s\n" "Compare file prefix failed"
fi test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

95
tests/recipes/27_extract_signature_der
View File

@ -1,61 +1,54 @@
#!/bin/sh #!/bin/sh
# Extract the signature in the DER format from the PE/CAB/MSI file. # Extract the signature in the DER format.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=27
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="271. Extract the DER signature from the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha512 \ case $ext in
-st "1556668800" \ "cat") continue;; # Unsupported command
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_271.exe" && \ "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode extract-signature \ "exe") filetype=PE; format_nr=4 ;;
-in "test_271.exe" -out "sign_pe.der" "ps1")
verify_signature "$?" "271" "exe" "success" "@2019-09-01 12:00:00" \ filetype=TXT
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
test_result "$?" "$test_name" format_nr=5
else desc=" UTF-16LE(BOM)"
printf "Test skipped\n" elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
fi format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="272. Extract the DER signature from the CAB file" test_name="Extract the DER signature from the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_272.ex_" && \
../../osslsigncode extract-signature \
-in "test_272.ex_" -out "sign_cab.der"
verify_signature "$?" "272" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="273. Extract the DER signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha512 \ ../../osslsigncode sign -h sha512 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_273.msi" && \ -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature \ ../../osslsigncode extract-signature\
-in "test_273.msi" -out "sign_msi.der" -in "test_$number.$ext" -out "sign_$format_nr.der"
verify_signature "$?" "273" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

96
tests/recipes/31_attach_signature_der
View File

@ -1,58 +1,58 @@
#!/bin/sh #!/bin/sh
# Attach the DER signature to the PE/CAB/MSI file. # Attach the DER signature to the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=31
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="311. Attach the DER signature to the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode attach-signature \ case $ext in
-sigin "sign_pe.der" \ "cat") continue;; # Unsupported command
-CAfile "${script_path}/../certs/CACert.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_311.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "311" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="312. Attach the DER signature to the CAB file" test_name="Attach the DER signature to the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_312.ex_"
verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="313. Attach the DER signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_msi.der" \ -sigin "sign_$format_nr.der" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_313.msi" -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \ -in "notsigned/$name" -out "test_$number.$ext"
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else if test "$result" -ne 0; then
printf "Test skipped\n" cp "sign_$format_nr.der" "sign_$number.der"
fi fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

96
tests/recipes/32_attach_signature_pem
View File

@ -1,58 +1,58 @@
#!/bin/sh #!/bin/sh
# Attach the PEM signature to the PE/CAB/MSI file. # Attach the PEM signature to the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=32
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="321. Attach the PEM signature to the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode attach-signature \ case $ext in
-sigin "sign_pe.pem" \ "cat") continue;; # Unsupported command
-CAfile "${script_path}/../certs/CACert.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_321.exe" "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "321" "exe" "success" "@2019-09-01 12:00:00" \ "ps1")
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="322. Attach the PEM signature to the CAB file" test_name="Attach the PEM signature to the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test.ex_" -out "test_322.ex_"
verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="323. Attach the PEM signature to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \ -sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "sample.msi" -out "test_323.msi" -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \ -in "notsigned/$name" -out "test_$number.$ext"
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else if test "$result" -ne 0; then
printf "Test skipped\n" cp "sign_$format_nr.der" "sign_$number.der"
fi fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

107
tests/recipes/33_attach_signed
View File

@ -1,69 +1,58 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file. # Attach the signature to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=33
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="331. Attach the signature to the signed PE file"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_331_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_pe.pem" \ -sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_331_signed.exe" -out "test_331.exe" -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
verify_signature "$?" "331" "exe" "success" "@2019-09-01 12:00:00" \ -in "signed_$number.$ext" -out "test_$number.$ext"
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="332. Attach the signature to the signed CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if [ -s "test.ex_" ] else
then verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
../../osslsigncode sign -h sha256 \ "sha256sum" "SHA512" "UNUSED_PATTERN"
-st "1556668800" \ test_result "$?" "$number" "$test_name"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ fi
-in "test.ex_" -out "test_332_signed.ex_" done
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_332_signed.ex_" -out "test_332.ex_"
verify_signature "$?" "332" "ex_" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="333. Attach the signature to the signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_333_signed.msi"
../../osslsigncode attach-signature -sigin "sign_msi.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_333_signed.msi" -out "test_333.msi"
verify_signature "$?" "333" "msi" "success" "@2019-09-01 12:00:00" \
"sha256sum" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

96
tests/recipes/34_attach_nest
View File

@ -1,74 +1,44 @@
#!/bin/sh #!/bin/sh
# Attach the signature to the signed PE/CAB/MSI file with the "nest" flag # Attach the signature to the signed file with the "nest" flag in order to
# in order to attach the new signature instead of replacing the first one. # attach the new signature instead of replacing the first one.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=34
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="341. Attach the signature to the signed PE file with the nest flag" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") continue;; # Warning: CAT files do not support nesting
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_341_signed.exe" "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode attach-signature \ "exe") filetype=PE; format_nr=4 ;;
-sigin "sign_pe.pem" \ "ps1") continue;; # Warning: TXT files do not support nesting
-nest \ esac
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_341_signed.exe" -out "test_341.exe"
verify_signature "$?" "341" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file number="$test_nr$format_nr"
test_name="342. Attach the signature to the signed CAB file with the nest flag" test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_342_signed.ex_"
../../osslsigncode attach-signature \
-sigin "sign_cab.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_342_signed.ex_" -out "test_342.ex_"
verify_signature "$?" "342" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="343. Attach the signature to the signed MSI file with the nest flag"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_343_signed.msi" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \ ../../osslsigncode attach-signature \
-sigin "sign_msi.pem" \ -sigin "sign_$format_nr.pem" \
-nest \ -nest \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_343_signed.msi" -out "test_343.msi" -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
verify_signature "$?" "343" "msi" "success" "@2019-09-01 12:00:00" \ -in "signed_$number.$ext" -out "test_$number.$ext"
"UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" result=$?
test_result "$?" "$test_name"
else verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
printf "Test skipped\n" "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
fi test_result "$?" "$number" "$test_name"
done
exit 0 exit 0

93
tests/recipes/35_remove_signature
View File

@ -1,61 +1,54 @@
#!/bin/sh #!/bin/sh
# Remove the signature from the PE/CAB/MSI file. # Remove the signature from the file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=35
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="351. Remove the signature from the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") continue;; # Unsupported command
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_351_signed.exe" && \ "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode remove-signature \ "exe") filetype=PE; format_nr=4 ;;
-in "test_351_signed.exe" -out "test_351.exe" "ps1")
verify_signature "$?" "351" "exe" "fail" "@2019-09-01 12:00:00" \ filetype=TXT
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
test_result "$?" "$test_name" format_nr=5
else desc=" UTF-16LE(BOM)"
printf "Test skipped\n" elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
fi format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="352. Remove the signature from the CAB file" test_name="Remove the signature from the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if [ -s "test.ex_" ]
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_352_signed.ex_" && \
../../osslsigncode remove-signature \
-in "test_352_signed.ex_" -out "test_352.ex_"
verify_signature "$?" "352" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="353. Remove the signature from the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_353_signed.msi" && \ -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode remove-signature \ ../../osslsigncode remove-signature \
-in "test_353_signed.msi" -out "test_353.msi" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "353" "msi" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

73
tests/recipes/36_varia_sha256sum
View File

@ -1,55 +1,34 @@
#!/bin/sh #!/bin/sh
# Checking SHA256 message digests for 31x-33x tests. # Checking SHA256 message digests for "extract" and "attach" tests.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
res=0 script_path=$(pwd)
res=0 result=0
skip=0 test_nr=36
test_name="361. Checking SHA256 message digests for 31x-33x tests"
printf "\n%s\n" "$test_name" for file in ${script_path}/../logs/sha256sum/*.*
if test -s "test.exe" do
then name="${file##*/}"
if test $(cat "sha256sum_exe.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then then
res=1 result=1
cat "sha256sum_exe.log" >> "results.log" cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log" printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi fi
rm -f "sha256sum_exe.log" rm -f "sha256sum/$name"
else test_result "$result" "$number" "$test_name"
skip=$(($skip+1)) done
fi
if test -s "test.ex_"
then
if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_ex_.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_ex_.log"
else
skip=$(($skip+1))
fi
if test -s "sample.msi"
then
if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
res=1
cat "sha256sum_msi.log" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum_msi.log"
else
skip=$(($skip+1))
fi
if test $skip -lt 2
then
test_result "$res" "$test_name"
else
printf "Test skipped\n"
fi
exit 0 exit 0

104
tests/recipes/37_add_signature_timestamp
View File

@ -1,70 +1,64 @@
#!/bin/sh #!/bin/sh
# Add an authenticode timestamp to the PE/CAB/MSI file. # Add an authenticode timestamp to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=37
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="371. Add an authenticode timestamp to the PE file" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_371_signed.exe" && \ -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_371_signed.exe" -out "test_371.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "371" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="372. Add an authenticode timestamp to the CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" else
then verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
../../osslsigncode sign -h sha256 \ "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
-st "1556668800" \ test_result "$?" "$number" "$test_name"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ fi
-in "test.ex_" -out "test_372_signed.ex_" && \ done
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_372_signed.ex_" -out "test_372.ex_"
verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the signed file"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="373. Add an authenticode timestamp to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_373_signed.msi" && \
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test_373_signed.msi" -out "test_373.msi"
verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

104
tests/recipes/38_add_signature_rfc3161
View File

@ -1,70 +1,64 @@
#!/bin/sh #!/bin/sh
# Add an RFC 3161 timestamp to signed PE/CAB/MSI file. # Add a RFC 3161 timestamp to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=38
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="381. Add RFC 3161 timestamp to signed PE file" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_381_signed.exe" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test_381_signed.exe" -out "test_381.exe" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "381" "exe" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
test_name="382. Add RFC 3161 timestamp to signed CAB file" printf "%s\n" "Compare file prefix failed"
printf "\n%s\n" "$test_name" test_result "1" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" else
then verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
../../osslsigncode sign -h sha256 \ "UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
-st "1556668800" \ test_result "$?" "$number" "$test_name"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ fi
-in "test.ex_" -out "test_382_signed.ex_" done
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_382_signed.ex_" -out "test_382.ex_"
verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else else
printf "Test skipped\n" format_nr=0
fi number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the signed file"
# MSI file printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
test_name="383. Add RFC 3161 timestamp to signed MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_383_signed.msi"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_383_signed.msi" -out "test_383.msi"
verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi fi
exit 0 exit 0

97
tests/recipes/39_add_signature_blob
View File

@ -1,64 +1,55 @@
#!/bin/sh #!/bin/sh
# Add an unauthenticated blob to the PE/CAB/MSI file. # Add an unauthenticated blob to the signed file.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=39
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="391. Add an unauthenticated blob to the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_391_signed.exe" "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode add \ "exe") filetype=PE; format_nr=4 ;;
-addUnauthenticatedBlob \ "ps1")
-in "test_391_signed.exe" -out "test_391.exe" filetype=TXT
verify_signature "$?" "391" "exe" "success" "@2019-09-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
else elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
printf "Test skipped\n" format_nr=6
fi desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="392. Add an unauthenticated blob to the CAB file" test_name="Add an unauthenticated blob to the $filetype$desc signed file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_392_signed.ex_"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "test_392_signed.ex_" -out "test_392.ex_"
verify_signature "$?" "392" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="393. Add an unauthenticated blob to the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_393_signed.msi" -in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \ ../../osslsigncode add \
-addUnauthenticatedBlob \ -addUnauthenticatedBlob \
-in "test_393_signed.msi" -out "test_393.msi" -in "signed_$number.$ext" -out "test_$number.$ext"
verify_signature "$?" "393" "msi" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY"
test_result "$?" "$test_name" if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
else printf "%s\n" "Compare file prefix failed"
printf "Test skipped\n" test_result "1" "$number" "$test_name"
fi else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

83
tests/recipes/40_verify_leaf_hash
View File

@ -1,52 +1,51 @@
#!/bin/sh #!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file # Compare the leaf certificate hash against specified SHA256 message digest for the file
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=40
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="401. Compare the leaf certificate hash against specified SHA256 message digest for the PE file" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
../../osslsigncode sign -h sha256 \ case $ext in
-st "1556668800" \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_401.exe" "ex_") filetype=CAB; format_nr=3 ;;
verify_leaf_hash "$?" "401" "exe" "@2019-05-01 00:00:00" "exe") filetype=PE; format_nr=4 ;;
test_result "$?" "$test_name" "ps1")
else filetype=TXT
printf "Test skipped\n" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
fi format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file" test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "test.ex_" -out "test_402.ex_"
verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file
test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "sample.msi" -out "test_403.msi" -in "notsigned/$name" -out "test_$number.$ext"
verify_leaf_hash "$?" "403" "msi" "@2019-05-01 00:00:00" result=$?
test_result "$?" "$test_name"
else if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "Test skipped\n" printf "%s\n" "Compare file prefix failed"
fi test_result "1" "$number" "$test_name"
else
verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00"
test_result "$?" "$number" "$test_name"
fi
done
exit 0 exit 0

46
tests/recipes/41_sign_add_msi_dse
View File

@ -7,29 +7,35 @@
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=41
# PE file for file in ${script_path}/../logs/notsigned/*.*
# Warning: -add-msi-dse option is only valid for MSI files do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"msi") filetype=MSI; format_nr=2 ;;
"ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files
esac
# CAB file number="$test_nr$format_nr"
# Warning: -add-msi-dse option is only valid for MSI files test_name="Sign a $filetype$desc file with the add-msi-dse option"
printf "\n%03d. %s\n" "$number" "$test_name"
# MSI file
test_name="411. Sign a MSI file with the add-msi-dse option"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-add-msi-dse \ -add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-pass passme \ -in "notsigned/$name" -out "test_$number.$ext"
-in "sample.msi" -out "test_411.msi" result=$?
verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN" verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
test_result "$?" "$test_name" "UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
else test_result "$?" "$number" "$test_name"
printf "Test skipped\n" done
fi
exit 0 exit 0

47
tests/recipes/42_sign_jp_low
View File

@ -1,31 +1,38 @@
#!/bin/sh #!/bin/sh
# Sign a CAB file with "jp low" option # Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files
# https://support.microsoft.com/en-us/help/193877 # https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=42
# PE file for file in ${script_path}/../logs/notsigned/*.*
# Warning: -jp option is only valid for CAB files do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -jp option is only valid for CAB files
"msi") continue;; # Warning: -jp option is only valid for CAB files
"ex_") filetype=CAB; format_nr=3 ;;
"exe") continue;; # Warning: -jp option is only valid for CAB files
"ps1") continue;; # Warning: -jp option is only valid for CAB files
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the jp low option"
printf "\n%03d. %s\n" "$number" "$test_name"
# CAB file
test_name="421. Sign a CAB file with jp low option"
printf "\n%s\n" "$test_name"
if test -s "test.ex_"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-jp low \ -jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_421.ex_" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "421" "ex_" "success" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "HEX" "3006030200013000" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
# Warning: -jp option is only valid for CAB files "UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0 exit 0

48
tests/recipes/45_verify_fake_pe
View File

@ -1,30 +1,36 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing. # Verify changed file after signing.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=45
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing"
printf "\n%03d. %s\n" "$number" "$test_name"
# PE file
test_name="451. Verify changed PE file after signing"
printf "\n%s\n" "$test_name"
if test -s "test.exe"
then
../../osslsigncode sign -h sha256 \ ../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.exe" -out "test_451.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "451" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
# Command is not supported for non-PE files "UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
# MSI file done
# Command is not supported for non-PE files
exit 0 exit 0

53
tests/recipes/46_verify_timestamp
View File

@ -1,33 +1,46 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing with Authenticode timestamping. # Verify changed file after signing with Authenticode timestamping.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=46
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="461. Verify changed PE file after signing with Authenticode timestamping" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
-st "1556668800" \ case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ -t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \ -t http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_461.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "461" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0 exit 0

50
tests/recipes/47_verify_rfc3161
View File

@ -1,34 +1,46 @@
#!/bin/sh #!/bin/sh
# Verify changed PE file after signing with RFC 3161 timestamping. # Verify changed file after signing with RFC 3161 timestamping.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd) script_path=$(pwd)
test_nr=47
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="471. Verify changed PE file after signing with RFC 3161 timestamping" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
../../osslsigncode sign -h sha256 \ desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \ -st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ -ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \ -ts http://timestamp.digicert.com/ \
-verbose \ -verbose \
-in "test.exe" -out "test_471.exe" -in "notsigned/$name" -out "test_$number.$ext"
verify_signature "$?" "471" "exe" "fail" "@2019-09-01 12:00:00" \ result=$?
"UNUSED_PATTERN" "ASCII" "Hello world!" "MODIFY"
test_result "$?" "$test_name" verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
# CAB file
# Command is not supported for non-PE files
# MSI file
# Command is not supported for non-PE files
exit 0 exit 0

93
tests/recipes/51_verify_time
View File

@ -1,57 +1,52 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature after the cert has been expired. # Verify a file signed after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=51
# PE file for file in ${script_path}/../logs/notsigned/*.*
test_name="511. Verify PE file signature after the cert has been expired" do
printf "\n%s\n" "$test_name" name="${file##*/}"
if test -s "test.exe" ext="${file##*.}"
then desc=""
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' case $ext in
script_path=$(pwd) "cat") filetype=CAT; format_nr=1 ;;
../../osslsigncode sign -h sha256 \ "msi") filetype=MSI; format_nr=2 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "ex_") filetype=CAB; format_nr=3 ;;
-in "test.exe" -out "test_511.exe" 2>> "results.log" 1>&2' "exe") filetype=PE; format_nr=4 ;;
verify_signature "$?" "511" "exe" "fail" "@2025-01-01 12:00:00" \ "ps1")
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" filetype=TXT
test_result "$?" "$test_name" if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
else format_nr=5
printf "Test skipped\n" desc=" UTF-16LE(BOM)"
fi elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="512. Verify CAB file signature after the cert has been expired" test_name="Verify $filetype$desc file signed after the cert has been expired"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="513. Verify MSI file signature after the cert has been expired" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" -in "notsigned/$name" -out "test_$number.$ext"
then result=$?
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd) if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
../../osslsigncode sign -h sha256 \ printf "%s\n" "Compare file prefix failed"
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ test_result "1" "$number" "$test_name"
-in "sample.msi" -out "test_513.msi"' else
verify_signature "$?" "513" "msi" "fail" "@2025-01-01 12:00:00" \ verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$number" "$test_name"
else fi
printf "Test skipped\n" done
fi
exit 0 exit 0

108
tests/recipes/52_verify_timestamp
View File

@ -1,66 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired. # Verify a file signed with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=52
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="521. Verify PE file signature with timestamping after the cert has been expired" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-t http://time.certum.pl/ \ "ex_") filetype=CAB; format_nr=3 ;;
-t http://timestamp.digicert.com/ \ "exe") filetype=PE; format_nr=4 ;;
-verbose \ "ps1")
-in "test.exe" -out "test_521.exe" 2>> "results.log" 1>&2' filetype=TXT
verify_signature "$?" "521" "exe" "success" "@2025-01-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
else elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
printf "Test skipped\n" format_nr=6
fi desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="522. Verify CAB file signature with timestamping after the cert has been expired" test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="523. Verify MSI file signature with timestamping after the cert has been expired" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -t http://time.certum.pl/ \
then -t http://timestamp.digicert.com/ \
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' -verbose \
script_path=$(pwd) -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode sign -h sha256 \ result=$?
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
-t http://timestamp.digicert.com/ \ printf "%s\n" "Compare file prefix failed"
-verbose \ test_result "1" "$number" "$test_name"
-in "sample.msi" -out "test_523.msi"' else
verify_signature "$?" "523" "msi" "success" "@2025-01-01 12:00:00" \ verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$number" "$test_name"
fi
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
exit 0 exit 0

108
tests/recipes/53_verify_rfc3161
View File

@ -1,66 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired. # Verify a file signed with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=53
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="531. Verify PE file signature with RFC3161 after the cert has been expired" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-ts http://time.certum.pl/ \ "ex_") filetype=CAB; format_nr=3 ;;
-ts http://timestamp.digicert.com/ \ "exe") filetype=PE; format_nr=4 ;;
-verbose \ "ps1")
-in "test.exe" -out "test_531.exe" 2>> "results.log" 1>&2' filetype=TXT
verify_signature "$?" "531" "exe" "success" "@2025-01-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
else elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
printf "Test skipped\n" format_nr=6
fi desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired" test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -ts http://time.certum.pl/ \
then -ts http://timestamp.digicert.com/ \
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' -verbose \
script_path=$(pwd) -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode sign -h sha256 \ result=$?
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
-ts http://timestamp.digicert.com/ \ printf "%s\n" "Compare file prefix failed"
-verbose \ test_result "1" "$number" "$test_name"
-in "sample.msi" -out "test_533.msi"' else
verify_signature "$?" "533" "msi" "success" "@2025-01-01 12:00:00" \ verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$number" "$test_name"
fi
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
exit 0 exit 0

108
tests/recipes/54_verify_expired
View File

@ -1,66 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the expired cert. # Verify a file signed with the expired cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=54
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="541. Verify PE file signed with the expired cert" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-t http://time.certum.pl/ \ "ex_") filetype=CAB; format_nr=3 ;;
-t http://timestamp.digicert.com/ \ "exe") filetype=PE; format_nr=4 ;;
-verbose \ "ps1")
-in "test.exe" -out "test_541.exe" 2>> "results.log" 1>&2' filetype=TXT
verify_signature "$?" "541" "exe" "fail" "@2025-01-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
else elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
printf "Test skipped\n" format_nr=6
fi desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="542. Verify CAB file signed with the expired cert" test_name="Verify a $filetype$desc file signed with the expired cert"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="543. Verify MSI file signed with the expired cert" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -ts http://time.certum.pl/ \
then -ts http://timestamp.digicert.com/ \
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' -verbose \
script_path=$(pwd) -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode sign -h sha256 \ result=$?
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \ if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
-t http://timestamp.digicert.com/ \ printf "%s\n" "Compare file prefix failed"
-verbose \ test_result "1" "$number" "$test_name"
-in "sample.msi" -out "test_543.msi"' else
verify_signature "$?" "543" "msi" "fail" "@2025-01-01 12:00:00" \ verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$number" "$test_name"
fi
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the expired cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
exit 0 exit 0

108
tests/recipes/55_verify_revoked
View File

@ -1,66 +1,62 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the revoked cert. # Verify a file signed with the revoked cert.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=55
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="551. Verify PE file signed with the revoked cert" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") filetype=CAT; format_nr=1 ;;
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-ts http://time.certum.pl/ \ "ex_") filetype=CAB; format_nr=3 ;;
-ts http://timestamp.digicert.com/ \ "exe") filetype=PE; format_nr=4 ;;
-verbose \ "ps1")
-in "test.exe" -out "test_551.exe" 2>> "results.log" 1>&2' filetype=TXT
verify_signature "$?" "551" "exe" "fail" "@2019-09-01 12:00:00" \ if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" format_nr=5
test_result "$?" "$test_name" desc=" UTF-16LE(BOM)"
else elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
printf "Test skipped\n" format_nr=6
fi desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
# CAB file number="$test_nr$format_nr"
test_name="552. Verify CAB file signed with the revoked cert" test_name="Verify a $filetype$desc file signed with the revoked cert"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="553. Verify MSI file signed with the revoked cert" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -ts http://time.certum.pl/ \
then -ts http://timestamp.digicert.com/ \
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' -verbose \
script_path=$(pwd) -in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode sign -h sha256 \ result=$?
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \ if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
-ts http://timestamp.digicert.com/ \ printf "%s\n" "Compare file prefix failed"
-verbose \ test_result "1" "$number" "$test_name"
-in "sample.msi" -out "test_553.msi"' else
verify_signature "$?" "553" "msi" "fail" "@2019-09-01 12:00:00" \ verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$test_name" test_result "$?" "$number" "$test_name"
fi
done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the revoked cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
exit 0 exit 0

139
tests/recipes/56_verify_multiple
View File

@ -1,99 +1,60 @@
#!/bin/sh #!/bin/sh
# Verify PE/CAB/MSI file signed with the multiple signature. # Verify a file signed with the multiple signature.
. $(dirname $0)/../test_library . $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=56
# PE file if ! grep -q "no libcurl available" "results.log"; then
test_name="561. Verify PE file signed with the multiple signature" for file in ${script_path}/../logs/notsigned/*.*
printf "\n%s\n" "$test_name" do
if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" name="${file##*/}"
then ext="${file##*.}"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' desc=""
script_path=$(pwd) case $ext in
../../osslsigncode sign -h sha256 \ "cat") continue;; # Warning: CAT files do not support nesting
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ "msi") filetype=MSI; format_nr=2 ;;
-in "test.exe" -out "test_561_a.exe" 2>> "results.log" 1>&2 "ex_") filetype=CAB; format_nr=3 ;;
../../osslsigncode sign -h sha384 \ "exe") filetype=PE; format_nr=4 ;;
-nest \ "ps1") continue;; # Warning: TXT files do not support nesting
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ esac
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_561_a.exe" -out "test_561_b.exe" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_561_b.exe" -out "test_561.exe" 2>> "results.log" 1>&2'
verify_signature "$?" "561" "exe" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# CAB file number="$test_nr$format_nr"
test_name="562. Verify CAB file signed with the multiple signature" test_name="Verify a $filetype$desc file signed with the multiple signature"
printf "\n%s\n" "$test_name" printf "\n%03d. %s\n" "$number" "$test_name"
if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log"
then
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
../../osslsigncode sign -h sha256 \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-in "test.ex_" -out "test_562_a.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign -h sha384 \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_a.ex_" -out "test_562_b.ex_" 2>> "results.log" 1>&2
../../osslsigncode sign \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "test_562_b.ex_" -out "test_562.ex_" 2>> "results.log" 1>&2'
verify_signature "$?" "562" "ex_" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$test_name"
else
printf "Test skipped\n"
fi
# MSI file ../../osslsigncode sign -h sha256 \
test_name="563. Verify MSI file signed with the multiple signature" -st "1556668800" \
printf "\n%s\n" "$test_name" -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" -verbose \
then -in "notsigned/$name" -out "signed1_$number.$ext"
TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' ../../osslsigncode sign -h sha384 \
script_path=$(pwd) -st "1556668800" \
../../osslsigncode sign -h sha256 \ -nest \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-in "sample.msi" -out "test_563_a.msi" 2>> "results.log" 1>&2 -t http://time.certum.pl/ \
../../osslsigncode sign -h sha384 \ -t http://timestamp.digicert.com/ \
-nest \ -verbose \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ -in "signed1_$number.$ext" -out "signed2_$number.$ext"
-ts http://time.certum.pl/ \ ../../osslsigncode sign -h sha256 \
-ts http://timestamp.digicert.com/ \ -st "1556668800" \
-verbose \ -nest \
-in "test_563_a.msi" -out "test_563_b.msi" 2>> "results.log" 1>&2 -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
../../osslsigncode sign \ -ts http://time.certum.pl/ \
-nest \ -ts http://timestamp.digicert.com/ \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ -verbose \
-ts http://time.certum.pl/ \ -in "signed2_$number.$ext" -out "test_$number.$ext"
-ts http://timestamp.digicert.com/ \ result=$?
-verbose \
-in "test_563_b.msi" -out "test_563.msi" 2>> "results.log" 1>&2' verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
verify_signature "$?" "563" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
"UNUSED_PATTERN" "ASCII" "SHA384" "UNUSED_PATTERN" test_result "$?" "$number" "$test_name"
test_result "$?" "$test_name" done
else else
printf "Test skipped\n" format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the multiple signature"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi fi
exit 0 exit 0

BIN
tests/sources/good.cat Executable file
View File

Binary file not shown.

2
tests/sources/myapp.c
View File

@ -2,5 +2,5 @@
void main(void) void main(void)
{ {
printf("Hello world!\n"); printf("Hello world!");
} }

73
tests/test_library
View File

@ -7,7 +7,8 @@ cd "${result_path}"
test_result() { test_result() {
#1 last exit status #1 last exit status
#2 test name #2 test number
#3 test name
local result=0 local result=0
@ -16,7 +17,7 @@ test_result() {
printf "%s\n" "Test succeeded" printf "%s\n" "Test succeeded"
else else
printf "%s\n" "Test failed" printf "%s\n" "Test failed"
printf "%-80s\t%s\n" "$2" "failed" 1>&3 printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3
result=1 result=1
fi fi
return "$result" return "$result"
@ -32,21 +33,25 @@ modify_blob() {
initial_blob=$(echo -n "$3" | xxd -p) initial_blob=$(echo -n "$3" | xxd -p)
modified_blob=$(echo -n "FAKE" | xxd -p) modified_blob=$(echo -n "FAKE" | xxd -p)
zero_blob="00000000" zero_blob="00000000"
xxd -p -c 1000 "test_$1.$2" | \ xxd -p -c 1000 "test_$1.$2" | \
sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \ sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
xxd -p -r > "test_$1_changed.$2" xxd -p -r > "changed_$1.$2"
../../osslsigncode verify \ ../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-in "test_$1_changed.$2" 2>> "verify.log" 1>&2 -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "changed_$1.$2" 2>> "verify.log" 1>&2
result=$? result=$?
if test "$result" -ne 0 \ if test "$result" -ne 0 \
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -ne 1 -o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1
then then
printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2 printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
result=1 result=1
else else
rm -f "test_$1_changed.$2" rm -f "changed_$1.$2"
fi fi
return "$result" return "$result"
@ -55,29 +60,19 @@ modify_blob() {
search_pattern() { search_pattern() {
# $1 test number # $1 test number
# $2 filename extension # $2 filename extension
# $3 ASCII or HEX "$7 pattern" format # $3 pattern searched in a binary file or verify.log
# $4 pattern searched in a binary file or verify.log
# $5 modify requirement
local result=0 local result=0
if test "$3" = "ASCII" if ! grep -q "$3" "verify.log"
then then
hex_pattern=$(echo -n "$4" | xxd -p) hex_pattern=$(echo -n "$3" | xxd -p)
else if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
hex_pattern=$4 then
result=1
printf "Failed: $3 not found\n"
fi
fi fi
if ! grep -q "$4" "verify.log" && \
! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
then
result=1
printf "Failed: $4 not found\n"
elif test "$5" = "MODIFY"
then
modify_blob "$1" "$2" "$4"
result=$?
fi
return "$result" return "$result"
} }
@ -88,11 +83,11 @@ verify_signature() {
# $4 expected result # $4 expected result
# $5 fake time # $5 fake time
# $6 sha256sum requirement # $6 sha256sum requirement
# $7 ASCII or HEX "$7 pattern" format # $7 pattern searched in the verify.log file
# $8 pattern searched in a binary file or verify.log # $8 modify requirement
# $9 modify requirement
local result=0 local result=0
printf "" > "verify.log" printf "" > "verify.log"
if test "$1" -eq 0 if test "$1" -eq 0
then then
@ -103,26 +98,35 @@ verify_signature() {
../../osslsigncode verify \ ../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2' -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$? result=$?
rm -f "test_tmp.tmp" rm -f "test_tmp.tmp"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN"
then then
search_pattern "$2" "$3" "$7" "$8" "$9" search_pattern "$2" "$3" "$7"
result=$? result=$?
fi fi
if test "$result" -eq 0 -a "$8" = "MODIFY"
then
modify_blob "$2" "$3" "$7"
result=$?
fi
if test "$6" = "sha256sum" if test "$6" = "sha256sum"
then then
sha256sum "test_$2.$3" 2>> "sha256sum_$3.log" 1>&2 sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2
fi fi
if test "$4" = "success" -a "$result" -eq 0 if test "$4" = "success" -a "$result" -eq 0
then then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "test_$2_a.$3" "test_$2_b.$3"
result=0
elif test "$4" = "fail" -a "$result" -eq 1 elif test "$4" = "fail" -a "$result" -eq 1
then then
rm -f "test_$2.$3" "test_$2_signed.$3" "test_$2_modifed.$3" "test_$2_changed.$3" rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "changed_$2.$3"
cat "verify.log" >> "results.log" cat "verify.log" >> "results.log"
result=0 result=0
else else
@ -152,6 +156,7 @@ verify_leaf_hash() {
../../osslsigncode verify \ ../../osslsigncode verify \
-CAfile "${script_path}/../certs/CACert.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2' -in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$? result=$?

39
tests/testall.sh
View File

@ -33,6 +33,7 @@ make_tests() {
rm -rf "${result_path}" rm -rf "${result_path}"
mkdir "${result_path}" mkdir "${result_path}"
cd "${result_path}" cd "${result_path}"
mkdir "notsigned" "sha256sum"
date > "results.log" date > "results.log"
../../osslsigncode -v >> "results.log" 2>/dev/null ../../osslsigncode -v >> "results.log" 2>/dev/null
@ -57,7 +58,7 @@ if test "$result" -ne 0
# PE files support # PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)" if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then then
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2 x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2
else else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
@ -66,7 +67,7 @@ if test -n "$(command -v x86_64-w64-mingw32-gcc)"
# CAB files support # CAB files support
if test -n "$(command -v gcab)" if test -n "$(command -v gcab)"
then then
gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else else
printf "%s\n" "gcab not found in \$PATH" printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package" printf "%s\n" "tests for CAB files skipped, please install gcab package"
@ -80,14 +81,36 @@ if grep -q "no libgsf available" "results.log"
if test -n "$(command -v wixl)" if test -n "$(command -v wixl)"
then then
touch FoobarAppl10.exe touch FoobarAppl10.exe
cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2
wixl -v "sample.wxs" 2>> "results.log" 1>&2 wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2
rm -f "notsigned/sample.wxs"
rm -f "FoobarAppl10.exe"
else else
printf "%s\n" "wixl not found in \$PATH" printf "%s\n" "wixl not found in \$PATH"
printf "%s\n" "tests for MSI files skipped, please install msitools package" printf "%s\n" "tests for MSI files skipped, please install wixl or msitools package depending on your OS"
fi fi
fi fi
# CAT files support
if test -s "../sources/good.cat"
then
cp "../sources/good.cat" "notsigned/good.cat"
fi
# TXT files support
if test -s "../sources/utf8.ps1"
then
cp "../sources/utf8.ps1" "notsigned/utf8.ps1"
fi
if test -s "../sources/utf8bom.ps1"
then
cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1"
fi
if test -s "../sources/utf16le.ps1"
then
cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1"
fi
# Timestamping support # Timestamping support
if grep -q "no libcurl available" "results.log" if grep -q "no libcurl available" "results.log"
then then
@ -101,9 +124,9 @@ if test -n "$(command -v faketime)"
then then
make_tests make_tests
result=$? result=$?
rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" rm -r -f "notsigned/" "sha256sum/"
rm -f "sign_pe.der" "sign_cab.der" "sign_msi.der" rm -f sign_[1-9].pem sign_[1-9].der
rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log" rm -f "verify.log"
else else
printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package" printf "%s\n" "tests skipped, please install vim-common package"

44
tests/testsign.sh
View File

@ -1,5 +1,11 @@
#!/bin/sh #!/bin/sh
if [ -z "$(command -v keytool)" ]; then
printf "%s\n" "keytool was not found in the \$PATH"
printf "%s\n" "Please install the default-jre-headless package"
exit 1
fi
rm -f putty*.exe rm -f putty*.exe
PUTTY_URL="http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe" PUTTY_URL="http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe"
@ -14,7 +20,12 @@ fi
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
keytool -genkey \ keytool -genkey \
-alias selfsigned -keysize 2048 -keyalg RSA -keypass passme -storepass passme -keystore key.ks << EOF -alias selfsigned \
-keysize 2048 \
-keyalg RSA \
-keypass passme \
-storepass passme \
-keystore key.ks << EOF
John Doe John Doe
ACME In ACME In
ACME ACME
@ -24,11 +35,17 @@ SE
yes yes
EOF EOF
echo "Converting key/cert to PKCS12 container" echo "Converting key/cert to PKCS12 container"
keytool -importkeystore \ keytool -importkeystore \
-srckeystore key.ks -srcstoretype JKS -srckeypass passme -srcstorepass passme -srcalias selfsigned \ -srckeystore key.ks \
-destkeystore key.p12 -deststoretype PKCS12 -destkeypass passme -deststorepass passme -srcstoretype JKS \
-srckeypass passme \
-srcstorepass passme \
-srcalias selfsigned \
-destkeystore key.p12 \
-deststoretype PKCS12 \
-destkeypass passme \
-deststorepass passme
rm -f key.ks rm -f key.ks
@ -46,7 +63,7 @@ openssl pkcs12 -in key.p12 -passin pass:passme -nokeys -out cert.pem
echo "Converting cert to SPC format" echo "Converting cert to SPC format"
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc
make -C ..
../osslsigncode sign -spc cert.spc -key key.pem putty.exe putty1.exe ../osslsigncode sign -spc cert.spc -key key.pem putty.exe putty1.exe
../osslsigncode sign -certs cert.spc -key keyp.pem -pass passme putty.exe putty2.exe ../osslsigncode sign -certs cert.spc -key keyp.pem -pass passme putty.exe putty2.exe
../osslsigncode sign -certs cert.pem -key keyp.pem -pass passme putty.exe putty3.exe ../osslsigncode sign -certs cert.pem -key keyp.pem -pass passme putty.exe putty3.exe
@ -56,19 +73,18 @@ openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
echo "" echo
echo ""
check=`sha1sum putty[1-9]*.exe | cut -d' ' -f1 | uniq | wc -l` check=`sha1sum putty[1-9]*.exe | cut -d' ' -f1 | uniq | wc -l`
cmp putty1.exe putty2.exe && \ cmp putty1.exe putty2.exe && \
cmp putty2.exe putty3.exe && \ cmp putty2.exe putty3.exe && \
cmp putty3.exe putty4.exe && \ cmp putty3.exe putty4.exe && \
cmp putty4.exe putty5.exe && \ cmp putty4.exe putty5.exe && \
cmp putty5.exe putty6.exe cmp putty5.exe putty6.exe
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "Failure is not an option." echo "Failure is not an option."
exit 1
else else
echo "Yes, it works." echo "Yes, it works."
fi fi