nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-07-02 19:22:47 -05:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: nhyatt:2.3
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0
...
compare: nhyatt:2.4
Branches Tags
nhyatt:master
nhyatt:2.10 nhyatt:2.9 nhyatt:2.8 nhyatt:2.7 nhyatt:2.6 nhyatt:2.5 nhyatt:2.4 nhyatt:2.3 nhyatt:2.2 nhyatt:2.1 nhyatt:2.0

77 Commits
2.3 ... 2.4

Author SHA1 Message Date
Michał Trojnara
225a8f78fa release 2.4 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
 2022-08-02 21:29:07 +02:00
Michał Trojnara
23288f5a00 use the new option name for tests 2022-08-02 21:26:09 +02:00
Michał Trojnara
0e80573c58 limit platforms installing python 2022-08-01 20:59:02 +02:00
Michał Trojnara
8f6d1617eb enable built-in socket module in Python 2022-08-01 20:59:02 +02:00
Michał Trojnara
15185acb0a do not enable EH continuation metadata 2022-08-01 20:59:02 +02:00
Michał Trojnara
703ae70602 static CI build 2022-08-01 20:59:02 +02:00
Michał Trojnara
c59f5dd02c use the first cmake release that passes CI 2022-07-30 20:42:30 +02:00
Michał Trojnara
0a9dcbda6c fix the minimum required cmake 2022-07-30 12:15:50 +02:00
Michał Trojnara
f87618326f explicit cmake source path 2022-07-30 11:43:18 +02:00
Michał Trojnara
80de8e7738 create the build directory for older cmake 2022-07-30 11:37:30 +02:00
Michał Trojnara
306d467a29 try the latest supported version of cmake 2022-07-30 10:28:51 +02:00
Michał Trojnara
d0a958919d autodetect vcpkg 2022-07-30 09:53:16 +02:00
Michał Trojnara
81b58f744d simplify custom builds 2022-07-29 23:06:45 +02:00
Michał Trojnara
8f30bf28e7 set the project language 2022-07-29 19:06:00 +02:00
olszomal
a12b5c0951 suppress check compiler flag messages 2022-07-29 18:42:35 +02:00
olszomal
5bf24b34a2 remove certs directory 2022-07-29 18:42:35 +02:00
olszomal
7871e28141 fix AppleClang linker flags 2022-07-29 18:42:35 +02:00
olszomal
d7daf98db8 improve add compile and linker flags 2022-07-29 18:42:35 +02:00
olszomal
1d0918c84d Squash -Wcast-qual and -Wconversion warnings 2022-07-29 18:42:35 +02:00
olszomal
f42459ff09 Squash -Wwrite-strings warnings: 
simplify PEM_read_certs()
fix setting SpcPeImageData flags
 2022-07-29 18:42:35 +02:00
olszomal
66a6a1ced5 Squash ASN1_STRING_get0_data() returne value warning 2022-07-29 18:42:35 +02:00
olszomal
a44c8decbc Fixed clang -Wembedded-directive warning: 
embedding a directive within macro arguments has undefined behavior
 2022-07-29 18:42:35 +02:00
olszomal
d556fb78dc Add missing static specifiers 2022-07-29 18:42:35 +02:00
Michał Trojnara
4c856f3a1e Additional excludes for Windows installation 2022-07-27 16:56:34 +02:00
Michał Trojnara
1bf5f9a07b Avoid hardcoding DLL names 2022-07-27 16:41:26 +02:00
Michał Trojnara
c930d9aa7a smarter vcpkg cache restore 2022-07-27 10:10:25 +02:00
olszomal
5df8d7c181 enable python3 vcpkg dependence 2022-07-27 09:43:19 +02:00
olszomal
cf20354b91 fix sizeof java_attrs_low 2022-07-27 09:43:19 +02:00
Michał Trojnara
665ecfb64c fix Win32 builds 2022-07-27 09:30:08 +02:00
Michał Trojnara
6430bf0036 rebuild vcpkg cache on vcpkg.json changes 2022-07-26 16:56:00 +02:00
Michał Trojnara
92673b8f00 Add a build status badge 2022-07-26 16:38:08 +02:00
Michał Trojnara
3d0640a2cc CI for Linux/macOS/Windows (#166) 2022-07-26 16:27:46 +02:00
olszomal
28c68aeebf find osslsigncode path 2022-07-22 14:17:59 +02:00
olszomal
26b7d5f617 change makecers.sh mode 2022-07-21 12:21:19 +02:00
olszomal
88bf99dec8 Microsoft Visual Studio install notes 2022-07-21 12:21:19 +02:00
olszomal
757d9c39a4 fix and simplify cmake 2022-07-21 12:21:19 +02:00
olszomal
ce2d586956 Squash applink.c compilation warnings 2022-07-21 12:21:19 +02:00
olszomal
396318dcd1 Find headers 2022-07-21 12:21:19 +02:00
olszomal
24ed108099 Set bash completion 2022-07-21 12:21:19 +02:00
olszomal
7b29b45348 Set compiler and linker flags 2022-07-21 12:21:19 +02:00
olszomal
6b3450ada8 add test certificates 2022-07-21 12:21:19 +02:00
olszomal
ac3e8e5221 improve tests 2022-07-21 12:21:19 +02:00
Michał Trojnara
99400d92d6 add vcpkg.json 2022-07-18 11:38:29 +02:00
mtrojnar
b63b023c5c add 64-bit Windows targets 2022-07-17 07:48:33 +02:00
Michał Trojnara
6ffe7fa0de add faketime to ci dependencies 2022-07-16 23:22:03 +02:00
Michał Trojnara
b7d4c72756 Create ci.yml 2022-07-16 23:18:14 +02:00
mtrojnar
fb19651926 re-enable tests/install/dist on Unix 2022-07-16 21:55:04 +02:00
mtrojnar
213ea27f99 setup default 32-bit targets for MSVC 2022-07-16 21:23:48 +02:00
mtrojnar
a19d77a8a7 MSVC fixes and workarounds 2022-07-16 21:10:56 +02:00
Michał Trojnara
6a873c3a49 simplify cmake 2022-07-16 20:01:11 +02:00
fanquake
a892c50147 doc: CMAKE_C_STANDARD is C not C++ 2022-07-15 21:17:01 +02:00
olszomal
95615faf1d check PE file size 2022-07-15 21:16:07 +02:00
olszomal
860e8d6f4e cmake3 note 2022-06-20 12:13:00 +02:00
olszomal
60fe5d15fe use CMake instead of Makefile 2022-05-25 20:27:21 +02:00
olszomal
b96717506c RFC3161 section-4.3 comment 2022-04-12 11:41:27 +02:00
olszomal
157bb78a6e fix sprintf_s error stack corruption 2022-04-12 11:41:27 +02:00
olszomal
4396c451eb Revert "use a memory allocation instead of a static variable to fix sprintf_s error stack corruption" 
This reverts commit fb59d92f3c.
 2022-04-12 11:41:27 +02:00
olszomal
40bd33ee01 fix Windows build with MSVC compiler 2022-04-12 11:41:27 +02:00
olszomal
d7ae7c90f9 Revert "fix Windows build with MSVC compiler" 
This reverts commit 78220c144c.
 2022-04-12 11:41:27 +02:00
olszomal
247a82232c windows read password from file 2022-04-12 11:41:27 +02:00
olszomal
3a84987107 use a memory allocation instead of a static variable to fix sprintf_s error stack corruption 2022-04-12 11:41:27 +02:00
olszomal
afda3cc810 remove zlib dependency 2022-04-12 11:41:27 +02:00
olszomal
44eeeb1515 updated NEWS.md 2022-04-12 11:41:27 +02:00
olszomal
1c523ed616 disable verification of the Timestamp Server signature 2022-04-12 11:41:27 +02:00
olszomal
8ba94fafd9 user-specified signing and/or verifying time (-time option) 2022-04-12 11:41:27 +02:00
olszomal
82185eef18 enable "-h {md5,sha1,sha2(56),sha384,sha512}" option for "attach -signature" and "add" commands 
enable "-require-leaf-hash" option for "attach-signature" command
 2022-04-12 11:41:27 +02:00
olszomal
bec2ae2eed fix Windows build with MSVC compiler 2022-04-12 11:41:27 +02:00
olszomal
c5c23cefac more verbose timestamp response status info 2022-04-12 11:41:27 +02:00
olszomal
4c1b972f9e set the default message digest to sha256 2022-04-12 11:41:27 +02:00
Jon Turney
1bd9a87e2f Don't '#include <windows.h>' on Cygwin 
On Cygwin, don't '#include <windows.h>', so WIN32 isn't defined, so we
don't end up trying to use various MSVC functions, which don't exist in
our C runtime library.

The whole point of the Cygwin C runtime library is to try to look like
POSIX, so we always want the POSIX code in those pre-processor
conditionals.
 2022-04-10 18:00:36 +02:00
olszomal
65d17836ab disable the confusing error created while searching for the certificate 2022-04-10 17:46:30 +02:00
Dirk Müller
6a1a884f3c Add license declarations to dist tarball 
This is GPLv3, we should include the license in the sources.
 2022-04-10 17:29:24 +02:00
Michał Trojnara
98308f2e0a remove PVK conversion notes from README.md 
This is no longer needed since release 1.5, which added native support
for PVK keys.
 2022-03-06 21:57:43 +01:00
Michał Trojnara
da4413d0c7 move unauth blob documentation to README.md 
Removed dead links and references to a fork that was merged long time
ago.
 2022-03-06 21:46:47 +01:00
Michał Trojnara
c08b8cb3d5 git ignore GPG signature files 2022-03-06 21:14:26 +01:00
Michał Trojnara
5af84745de add markdown files to distribution tarballs 2022-03-06 21:11:02 +01:00
Michał Trojnara
0459fb99ef initial 2.4 commit 2022-03-06 21:00:38 +01:00
102 changed files with 2233 additions and 3513 deletions
Expand all files Collapse all files

131
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,131 @@
name: CI
on:
push:
pull_request:
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- triplet: x64-linux
os: ubuntu-latest
vcpkg_root: /usr/local/share/vcpkg
- triplet: x64-osx
os: macOS-latest
vcpkg_root: /usr/local/share/vcpkg
cache: /Users/runner/.cache/vcpkg/archives
- triplet: x64-windows
arch: x64
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
- triplet: x86-windows
arch: x86
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
- triplet: x64-windows-static
arch: x64
os: windows-latest
vcpkg_root: C:/vcpkg
cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives
runs-on: ${{matrix.os}}
steps:
- uses: actions/checkout@v3
- name: Cache the vcpkg archives
if: matrix.os != 'ubuntu-latest'
uses: actions/cache@v3
with:
path: ${{matrix.cache}}
key: ${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
restore-keys: |
${{matrix.triplet}}-${{hashFiles('vcpkg.json')}}
${{matrix.triplet}}-
- name: Configure VS Toolchain (Windows)
if: matrix.os == 'windows-latest'
uses: ilammy/msvc-dev-cmd@v1
with:
arch: ${{matrix.arch}}
- name: Install apt dependencies (Linux)
if: matrix.os == 'ubuntu-latest'
run: sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime
- name: Setup the oldest supported version of cmake (macOS)
if: matrix.os == 'macOS-latest'
uses: jwlawson/actions-setup-cmake@v1.12
with:
cmake-version: '3.17.0'
- name: Configure CMake (Linux)
if: matrix.os == 'ubuntu-latest'
run: cmake
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
- name: Configure CMake (macOS)
if: matrix.os == 'macOS-latest'
run: cmake
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
-DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
- name: Configure CMake (Windows)
if: matrix.os == 'windows-latest'
run: cmake
-G Ninja
-S ${{github.workspace}}
-B ${{github.workspace}}/build
-DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
-DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist
-DCMAKE_TOOLCHAIN_FILE=${{matrix.vcpkg_root}}/scripts/buildsystems/vcpkg.cmake
-DVCPKG_TARGET_TRIPLET=${{matrix.triplet}}
- name: Build
run: cmake
--build ${{github.workspace}}/build
--config ${{env.BUILD_TYPE}}
- name: List files (Linux/macOS)
if: matrix.os != 'windows-latest'
run: find .. -ls
- name: List files (Windows)
if: matrix.os == 'windows-latest'
run: Get-ChildItem -Recurse -Name ..
- name: Test
working-directory: ${{github.workspace}}/build
run: ctest -C ${{env.BUILD_TYPE}}
- name: Upload the errors
uses: actions/upload-artifact@v3
if: failure()
with:
name: errors-${{matrix.triplet}}
path: ${{github.workspace}}/build/Testing/Temporary/LastTest.log
- name: Install
run: cmake --install ${{github.workspace}}/build
- name: Upload the executables
uses: actions/upload-artifact@v3
with:
name: osslsigncode-${{matrix.triplet}}
path: ${{github.workspace}}/dist

43
.gitignore vendored
View File

@ -1,24 +1,21 @@
.deps
Makefile
Makefile.in
aclocal.m4
autom4te.cache/
compile
build/
CMakeFiles/
_CPack_Packages/
Testing/
.vs/
CMakeCache.txt
cmake_install.cmake
config.h
config.h.in
config.h.in~
config.log
config.status
configure
depcomp
install-sh
CPackConfig.cmake
CPackSourceConfig.cmake
CTestTestfile.cmake
install_manifest.txt
Makefile
missing
osslsigncode
osslsigncode.o
msi.o
osslsigncode.exe
stamp-h1
INSTALL
COPYING
.#*#
.*.bak
@ -26,24 +23,20 @@ COPYING
.*.rej
.*~
#*#
*.asc
*.bak
*.bz2
*.d
*.def
*.dll
*.exe
*.gz
*.la
*.lib
*.lo
*.orig
*.pc
*.pdb
*.rej
*.u
*.rc
*.pc
*~
*.gz
*.bz2
**/*.log
!myapp.exe
*.pem

95
CMakeLists.txt Normal file
View File

@ -0,0 +1,95 @@
# required cmake version
cmake_minimum_required(VERSION 3.17)
# autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined
# this needs to be configured before the project() directive
if(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake"
CACHE STRING "")
endif(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python
# configure basic project information
project(osslsigncode
VERSION 2.4
DESCRIPTION "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files"
HOMEPAGE_URL "https://github.com/mtrojnar/osslsigncode"
LANGUAGES C)
# force nonstandard version format for development packages
set(DEV "")
set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${DEV}")
# version and contact information
set(PACKAGE_STRING "${PROJECT_NAME} ${PROJECT_VERSION}")
set(PACKAGE_BUGREPORT "Michal.Trojnara@stunnel.org")
# specify the C standard
set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)
# load CMake library modules
include(FindOpenSSL)
include(FindCURL)
# load CMake project modules
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")
include(SetBashCompletion)
include(FindHeaders)
# define the target
add_executable(osslsigncode)
# add compiler/linker flags
include(SetCompilerFlags)
# create and use config.h
configure_file(Config.h.in config.h)
target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1)
# set sources
target_sources(osslsigncode PRIVATE osslsigncode.c msi.c)
if(WIN32)
target_sources(osslsigncode PRIVATE applink.c)
endif(WIN32)
# set include directories
target_include_directories(osslsigncode PRIVATE "${PROJECT_BINARY_DIR}")
# set OpenSSL includes/libraries
if(NOT OPENSSL_FOUND)
message(FATAL_ERROR "OpenSSL library not found")
endif(NOT OPENSSL_FOUND)
target_include_directories(osslsigncode PRIVATE ${OPENSSL_INCLUDE_DIR})
target_link_libraries(osslsigncode PRIVATE ${OPENSSL_LIBRARIES})
# set cURL includes/libraries
if(CURL_FOUND)
target_compile_definitions(osslsigncode PRIVATE ENABLE_CURL=1)
target_include_directories(osslsigncode PRIVATE ${CURL_INCLUDE_DIRS})
target_link_libraries(osslsigncode PRIVATE ${CURL_LIBRARIES})
message(STATUS "cURL support enabled")
else(CURL_FOUND)
message(STATUS "cURL support disabled (library not found)")
endif(CURL_FOUND)
# add paths to linker search and installed rpath
set_target_properties(osslsigncode PROPERTIES INSTALL_RPATH_USE_LINK_PATH TRUE)
# testing with CTest
include(CMakeTest)
# installation rules for a project
install(TARGETS osslsigncode RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX})
if(WIN32)
install(
DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${CMAKE_INSTALL_PREFIX}
FILES_MATCHING
PATTERN "*.dll"
PATTERN "vcpkg_installed" EXCLUDE
PATTERN "CMakeFiles" EXCLUDE
PATTERN "Testing" EXCLUDE
)
else(WIN32)
include(CMakeDist)
endif(WIN32)

50
CMakeSettings.json Normal file
View File

@ -0,0 +1,50 @@
{
"configurations": [
{
"name": "x86-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x86" ]
},
{
"name": "x86-Release",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x86" ]
},
{
"name": "x64-Debug",
"generator": "Ninja",
"configurationType": "Debug",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x64_x64" ],
"variables": []
},
{
"name": "x64-Release",
"generator": "Ninja",
"configurationType": "RelWithDebInfo",
"buildRoot": "${projectDir}\\out\\build\\${name}",
"installRoot": "${projectDir}\\out\\install\\${name}",
"cmakeCommandArgs": "",
"buildCommandArgs": "",
"ctestCommandArgs": "",
"inheritEnvironments": [ "msvc_x64_x64" ],
"variables": []
}
]
}

12
Config.h.in Normal file
View File

@ -0,0 +1,12 @@
/* the configured options and settings for osslsigncode */
#define VERSION_MAJOR "@osslsigncode_VERSION_MAJOR@"
#define VERSION_MINOR "@osslsigncode_VERSION_MINOR@"
#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
#cmakedefine ENABLE_CURL
#cmakedefine HAVE_TERMIOS_H
#cmakedefine HAVE_GETPASS
#cmakedefine HAVE_SYS_MMAN_H
#cmakedefine HAVE_MMAP
#cmakedefine HAVE_MAPVIEWOFFILE
#cmakedefine _WIN32

48
INSTALL.W32.md
View File

@ -12,10 +12,10 @@
2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
```
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c msi.c msi.h -o osslsigncode.exe \
x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-lcrypto -lssl -lcurl \
-D 'PACKAGE_STRING="osslsigncode 2.3"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D 'PACKAGE_STRING="osslsigncode x.y"' \
-D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \
-D ENABLE_CURL
```
@ -24,7 +24,7 @@
path=%path%;c:\msys64\mingw64\bin
cd osslsigncode-folder
osslsigncode.exe -v
osslsigncode 2.3, using:
osslsigncode 2.4, using:
OpenSSL 1.1.1g 21 Apr 2020 (Library: OpenSSL 1.1.1g 21 Apr 2020)
libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0
@ -64,20 +64,20 @@
--disable-telnet --disable-imap --disable-smb --disable-smtp \
--disable-gopher --disable-pop --disable-pop3 --disable-rtsp \
--disable-ldap --disable-ldaps --disable-unix-sockets \
--disable-pthreads --without-zstd
--disable-pthreads --without-zstd --without-zlib
make && make install
```
3) Build 64-bit Windows executables.
```
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c msi.c msi.h -o osslsigncode.exe \
x86_64-w64-mingw32-gcc osslsigncode.c msi.c -o osslsigncode.exe \
-L 'C:/OpenSSL/lib/' -lcrypto -lssl \
-I 'C:/OpenSSL/include/' \
-L 'C:/curl/lib' -lcurl \
-I 'C:/curl/include' \
-D 'PACKAGE_STRING="osslsigncode 2.3"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D 'PACKAGE_STRING="osslsigncode x.y"' \
-D 'PACKAGE_BUGREPORT="Your.Email@example.com"' \
-D ENABLE_CURL
```
@ -87,10 +87,36 @@
copy C:\OpenSSL\bin\libssl-1_1-x64.dll
copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll
copy C:\curl\bin\libcurl-4.dll
copy C:\msys64\mingw64\bin\zlib1.dll
osslsigncode.exe -v
osslsigncode 2.3, using:
osslsigncode 2.4, using:
OpenSSL 1.1.1k 25 Mar 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021)
libcurl/7.78.0 OpenSSL/1.1.1k zlib/1.2.11
libcurl/7.78.0 OpenSSL/1.1.1k
```
### Building OpenSSL, Curl and osslsigncode sources with Microsoft Visual Studio:
1) Install and integrate vcpkg: https://vcpkg.io/en/getting-started.html
2) Git clone osslsigncode: https://github.com/mtrojnar/osslsigncode/
3) Build osslsigncode with GUI or cmake.
Navigate to the build directory and run CMake to configure the osslsigncode project
and generate a native build system:
```
mkdir build && cd build && cmake -S .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=[installation directory] -DCMAKE_TOOLCHAIN_FILE=[path to vcpkg]/scripts/buildsystems/vcpkg.cmake
```
Then call that build system to actually compile/link the osslsigncode project:
```
cmake --build .
```
4) Make tests.
```
ctest -C Release
```
5) Make install (with administrative privileges if necessary).
```
cmake --install .
```

2
LICENSE.txt
View File

@ -1,7 +1,7 @@
OpenSSL based Authenticode signing for PE/MSI/Java CAB files.
Copyright (C) 2005-2014 Per Allansson <pallansson@gmail.com>
Copyright (C) 2018-2019 Michał Trojnara <Michal.Trojnara@stunnel.org>
Copyright (C) 2018-2022 Michał Trojnara <Michal.Trojnara@stunnel.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by

21
Makefile.am
View File

@ -1,21 +0,0 @@
AUTOMAKE_OPTIONS = foreign 1.10
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/ylwrap \
$(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = .gitignore
AM_CFLAGS = $(OPENSSL_CFLAGS) $(OPTIONAL_LIBCURL_CFLAGS)
bin_PROGRAMS = osslsigncode
osslsigncode_SOURCES = osslsigncode.c msi.c msi.h
osslsigncode_LDADD = $(OPENSSL_LIBS) $(OPTIONAL_LIBCURL_LIBS)
# bash completion script
AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions'
bashcompdir = @bashcompdir@
dist_bashcomp_DATA = osslsigncode.bash

19
NEWS.md
View File

@ -1,5 +1,24 @@
# osslsigncode change log
### 2.4 (2022.08.02)
- migrated the build system from GNU Autoconf to CMake
- added the "-h" option to set the cryptographic hash function
for the "attach -signature" and "add" commands
- set the default hash function to "sha256"
- added the "attach-signature" option to compute and compare the
leaf certificate hash for the "add" command
- renamed the "-st" option "-time" (the old name is accepted for
compatibility)
- updated the "-time" option to also set explicit verification time
- added the "-ignore-timestamp" option to disable timestamp server
signature verification
- removed the "-timestamp-expiration" option
- fixed several bugs
- updated the included documentation
- enabled additional compiler/linker hardening options
- added CI based on GitHub Actions
### 2.3 (2022.03.06)
**CRITICAL SECURITY VULNERABILITIES**

119
README.md
View File

@ -1,6 +1,10 @@
osslsigncode
============
## BUILD STATUS
[![CI](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml/badge.svg)](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml)
## WHAT IS IT?
osslsigncode is a small tool that implements part of the functionality
@ -29,43 +33,47 @@ supports signature verification, removal and extraction.
This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems.
See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes.
We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead of cloning from a git repository.
### Generate the ./configure script
This step is only needed if osslsigncode was cloned from a git repository.
We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead.
### Configure, build, make tests and install osslsigncode
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
sudo apt update && sudo apt install automake pkg-config
sudo apt update && sudo apt install cmake libssl-dev libcurl4-openssl-dev
```
* Install prerequisites on macOS with Homebrew:
```
brew install automake pkg-config
```
* Generate the ./configure script:
```
./bootstrap
```
### Configure, build and install osslsigncode
* Install prerequisites on a Debian-based distributions, such as Ubuntu:
```
sudo apt update && sudo apt install build-essential pkg-config libssl-dev libcurl4-openssl-dev
```
* Install prerequisites on macOS with Homebrew:
```
brew install pkg-config openssl@1.1
brew install cmake pkg-config openssl@1.1
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
```
**NOTE:** osslsigncode requires CMake 3.6 or newer.
* Configure, build and install osslsigncode:
You may need to use `cmake3` instead of `cmake` to complete the following steps on your system.
* Navigate to the build directory and run CMake to configure the osslsigncode project
and generate a native build system:
```
./configure && make && sudo make install
mkdir build && cd build && cmake ..
```
with specific compile options:
```
-Denable-strict=ON
-Denable-pedantic=ON
```
* Then call that build system to actually compile/link the osslsigncode project (alias `make`):
```
cmake --build .
```
* Make test:
```
ctest -C Release
```
* Make install:
```
sudo cmake --install . --prefix "/home/myuser/installdir"
```
* Make tarball (simulate autotools' `make dist`):
```
cmake --build . --target package_source
```
## USAGE
@ -136,41 +144,42 @@ and then choose the signature from the list, and click on
Details. You should then be presented with a dialog that says
amongst other things that "This digital signature is OK".
## CONVERTING FROM PVK TO DER
## UNAUTHENTICATED BLOBS
(This guide was written by Ryan Rubley)
The "-addUnauthenticatedBlob" parameter adds a 1024-byte unauthenticated blob
of data to the signature in the same area as the timestamp. This can be used
while signing, while timestamping, after a file has been code signed, or by
itself. This technique (but not this project) is used by Dropbox, GoToMeeting,
and Summit Route.
If you've managed to finally find osslsigncode from some searches,
you're most likely going to have a heck of a time getting your SPC
and PVK files into the formats osslsigncode wants.
### Example 1. Sign and add blob to unsigned file
On the computer where you originally purchased your certificate, you
probably had to use IE to get it. Run IE and select Tools/Internet
Options from the menu, then under the Content tab, click the Certificates
button. Under the Personal tab, select your certificate and click the
Export button. On the second page of the wizard, select the PKCS #7
Certificate (.P7B) format. This file you export as a *.p7b is what you
use instead of your *.spc file. It's the same basic thing, in a different format.
For your PVK file, you will need to download a little utility called
PVK.EXE. This can currently be downloaded at
https://www.globalsign.com/support/code-signing/PVK.zip
Run:
```
pvk -in foo.pvk -nocrypt -out foo.pem
```shell
osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi
```
This will convert your PVK file to a PEM file.
From there, you can copy the PEM file to a Linux box, and run:
```
openssl rsa -outform der -in foo.pem -out foo.der
```
This will convert your PEM file to a DER file.
### Example 2. Timestamp and add blob to signed file
You need the *.p7b and *.der files to use osslsigncode, instead of your
*.spc and *.pvk files.
```shell
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe
```
### Example 3. Add blob to signed and time-stamped file
```shell
osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe
```
### WARNING
This feature allows for doing dumb things. Be very careful with what you put
in the unauthenticated blob, as an attacker could modify this. Do NOT, under
any circumstances, put a URL here that you will use to download an additional
file. If you do do that, you would need to check the newly downloaded file is
code signed AND that it has been signed with your cert AND that it is the
version you expect. You should consider using asymmetrical encryption for the
data you put in the blob, such that the executable contains the public key to
decrypt the data. Basically, be VERY careful.
## BUGS, QUESTIONS etc.

58
README.unauthblob.md
View File

@ -1,58 +0,0 @@
# This is NOT the official repo for osslsigncode
This project was copied from osslsigncode 1.7.1 to apply some patches for compiling with cygwin and being able to add unauthenticated blobs. The official source for the project is at: http://sourceforge.net/projects/osslsigncode/
## Features added
Adds the argument "-addUnauthenticatedBlob" to add a 1024 byte unauthenticated blob of data to the signature in the same area as the timestamp. This can be used while signing, while timestamping (new `add` command added to allow just time-stamping, after a file has been code signed, or by itself.
Examples:
```
# Example 1. Sign and add blob to unsigned file
osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi
```
```
# Example 2. Timestamp and add blob to signed file
osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe
```
```
# Example 3. Add blob to signed and time-stamped file
osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe
```
```
# Example 4. Sign, timestamp, and add blob
# Technically you can do this, but this would mean your signing certificate
# is on a computer that is connected the Internet,
# which means you are doing something wrong,
# so I'm not going to show how to do that.
```
This technique (but not this project) is used by Dropbox, GoToMeeting, and Summit Route. You can read more about this technique here:
- https://tech.dropbox.com/2014/08/tech-behind-dropboxs-new-user-experience-for-mobile/
- http://blogs.msdn.com/b/ieinternals/archive/2014/09/04/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx
## WARNING
The capability this adds can allow you to do dumb things. Be very careful with what you put in the unauthenticated blob, as an attacker could modify this. Do NOT under any circumstances put a URL here that you will use to download an additional file. If you do do that, you would need to check the newly downloaded file is code signed AND that it has been signed with your cert AND that it is the version you expect. You should consider using asymmetrical encryption for the data you put in the blob, such that the executable contains the public key to decrypt the data. Basically, be VERY careful.
## Compiling under cygwin
- Ensure you install the development libraries for openssl, libgfs, and curl.
- Install pkg-config
- Run
```
export SHELLOPTS
set -o igncr
./configure
make
```
## Download
- Compiled binary for cygwin: https://summitroute.com/downloads/osslsigncode.exe
- Compiled binary plus all the required DLL's (self-extracting exe): https://summitroute.com/downloads/osslsigncode-cygwin_files.exe

145
applink.c Normal file
View File

@ -0,0 +1,145 @@
/*
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#define APPLINK_STDIN 1
#define APPLINK_STDOUT 2
#define APPLINK_STDERR 3
#define APPLINK_FPRINTF 4
#define APPLINK_FGETS 5
#define APPLINK_FREAD 6
#define APPLINK_FWRITE 7
#define APPLINK_FSETMOD 8
#define APPLINK_FEOF 9
#define APPLINK_FCLOSE 10 /* should not be used */
#define APPLINK_FOPEN 11 /* solely for completeness */
#define APPLINK_FSEEK 12
#define APPLINK_FTELL 13
#define APPLINK_FFLUSH 14
#define APPLINK_FERROR 15
#define APPLINK_CLEARERR 16
#define APPLINK_FILENO 17 /* to be used with below */
#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */
#define APPLINK_READ 19
#define APPLINK_WRITE 20
#define APPLINK_LSEEK 21
#define APPLINK_CLOSE 22
#define APPLINK_MAX 22 /* always same as last macro */
#ifndef APPMACROS_ONLY
# include <stdio.h>
# include <io.h>
# include <fcntl.h>
# ifdef __BORLANDC__
/* _lseek in <io.h> is a function-like macro so we can't take its address */
# undef _lseek
# define _lseek lseek
# endif
static void *app_stdin(void)
{
return stdin;
}
static void *app_stdout(void)
{
return stdout;
}
static void *app_stderr(void)
{
return stderr;
}
static int app_feof(FILE *fp)
{
return feof(fp);
}
static int app_ferror(FILE *fp)
{
return ferror(fp);
}
static void app_clearerr(FILE *fp)
{
clearerr(fp);
}
static int app_fileno(FILE *fp)
{
return _fileno(fp);
}
static int app_fsetmod(FILE *fp, char mod)
{
return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
}
#ifdef __cplusplus
extern "C" {
#endif
__declspec(dllexport)
void **
# if defined(__BORLANDC__)
/*
* __stdcall appears to be the only way to get the name
* decoration right with Borland C. Otherwise it works
* purely incidentally, as we pass no parameters.
*/
__stdcall
# else
__cdecl
# endif
#pragma warning(push, 2)
OPENSSL_Applink(void)
{
static int once = 1;
static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
{ (void *)APPLINK_MAX };
if (once) {
OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
OPENSSL_ApplinkTable[APPLINK_READ] = _read;
OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
once = 0;
}
return OPENSSL_ApplinkTable;
}
#pragma warning(pop)
#ifdef __cplusplus
}
#endif
#endif

2
bootstrap
View File

@ -1,2 +0,0 @@
#!/bin/sh
autoreconf --verbose --install --force

27
cmake/CMakeDist.cmake Normal file
View File

@ -0,0 +1,27 @@
# make dist
# cmake --build . --target package_source
set(CPACK_PACKAGE_NAME ${PROJECT_NAME})
set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files")
set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME})
set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md")
set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING.txt")
set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
set(CPACK_SOURCE_GENERATOR "TGZ")
set(CPACK_SOURCE_IGNORE_FILES "\.git/;\.gitignore")
list(APPEND CPACK_SOURCE_IGNORE_FILES "Makefile")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackConfig.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackSourceConfig.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "CTestTestfile.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "cmake_install.cmake")
list(APPEND CPACK_SOURCE_IGNORE_FILES "config.h")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/CMakeFiles/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/Testing/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/_CPack_Packages/")
list(APPEND CPACK_SOURCE_IGNORE_FILES "/build/")
include(CPack)
add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source)

298
cmake/CMakeTest.cmake Normal file
View File

@ -0,0 +1,298 @@
# make test
# ctest -C Release
include(FindPython3)
enable_testing()
set(FILES "${PROJECT_BINARY_DIR}/Testing/files")
set(CERTS "${PROJECT_BINARY_DIR}/Testing/certs")
set(CONF "${PROJECT_BINARY_DIR}/Testing/conf")
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/files"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/conf"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/tsa_server.py"
DESTINATION "${PROJECT_BINARY_DIR}/Testing"
)
file(COPY
"${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt"
DESTINATION "${CONF}"
)
set(priv_p12 "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt")
set(priv_spc "-certs" "${CERTS}/cert.spc" "-key" "${CERTS}/key.pvk" "-pass" "passme")
set(priv_der "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme")
set(priv_pkey "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/keyp.pem" "-pass" "passme")
set(sign_opt "-time" "1556708400"
"-add-msi-dse" "-comm" "-ph" "-jp" "low"
"-h" "sha512" "-i" "https://www.osslsigncode.com/"
"-n" "osslsigncode" "-ac" "${CERTS}/crosscert.pem"
)
if(NOT CMAKE_HOST_WIN32)
execute_process(
COMMAND "${CONF}/makecerts.sh"
WORKING_DIRECTORY ${CONF}
OUTPUT_VARIABLE makecerts_output
RESULT_VARIABLE makecerts_result
)
else()
set(makecerts_result 1)
endif()
if(makecerts_result)
message(STATUS "makecerts.sh failed")
if(makecerts_output)
message(STATUS "${makecerts_output}")
endif()
file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs"
DESTINATION "${PROJECT_BINARY_DIR}/Testing"
)
endif()
execute_process(
COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der"
OUTPUT_VARIABLE sha256sum
)
string(SUBSTRING ${sha256sum} 0 64 leafhash)
set(verify_opt "-CAfile" "${CERTS}/CACert.pem"
"-CRLfile" "${CERTS}/CACertCRL.pem"
"-TSA-CAfile" "${CERTS}/TSACA.pem"
)
set(extensions_4 "exe" "ex_" "msi" "cat")
set(extensions_3 "exe" "ex_" "msi")
set(files_4 "signed" "nested" "added")
set(files_3 "removed" "attached_pem" "attached_der")
set(sign_formats "pem" "der")
set(pem_certs "cert" "expired" "revoked")
set(failed_certs "expired" "revoked")
add_test(
NAME version
COMMAND osslsigncode --version
)
foreach(ext ${extensions_4})
# Signing time: May 1 00:00:00 2019 GMT
set(sign_${ext} )
add_test(
NAME signed_${ext}
COMMAND osslsigncode "sign" ${sign_opt} ${priv_p12}
"-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME removed_${ext}
COMMAND osslsigncode "remove-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME extract_pem_${ext}
COMMAND osslsigncode "extract-signature" "-pem"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem"
)
endforeach()
foreach(ext ${extensions_3})
add_test(
NAME extract_der_${ext}
COMMAND osslsigncode "extract-signature"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der"
)
endforeach()
foreach(ext ${extensions_3})
set_tests_properties(removed_${ext} extract_pem_${ext} extract_der_${ext}
PROPERTIES DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_3})
foreach(format ${sign_formats})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME attached_${format}_${ext}
COMMAND osslsigncode "attach-signature" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-add-msi-dse" "-h" "sha512" "-nest"
"-sigin" "${FILES}/${ext}.${format}"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}"
)
set_tests_properties(attached_${format}_${ext} PROPERTIES
DEPENDS extract_pem_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
REQUIRED_FILES "${FILES}/${ext}.${format}"
)
endforeach()
endforeach()
foreach(ext ${extensions_4})
add_test(
NAME added_${ext}
COMMAND osslsigncode "add"
"-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512"
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}"
)
set_tests_properties(added_${ext} PROPERTIES
DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(ext ${extensions_4})
add_test(
NAME nested_${ext}
COMMAND osslsigncode "sign" "-nest" ${sign_opt} ${priv_der}
"-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}"
)
set_tests_properties(nested_${ext} PROPERTIES
DEPENDS sign_${ext}
REQUIRED_FILES "${FILES}/signed.${ext}"
)
endforeach()
foreach(file ${files_4})
foreach(ext ${extensions_4})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_${file}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-in" "${FILES}/${file}.${ext}"
)
set_tests_properties(verify_${file}_${ext} PROPERTIES
DEPENDS ${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}"
)
endforeach()
endforeach()
foreach(file ${files_3})
foreach(ext ${extensions_3})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_${file}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-require-leaf-hash" "SHA256:${leafhash}"
"-in" "${FILES}/${file}.${ext}"
)
set_tests_properties(verify_${file}_${ext} PROPERTIES
DEPENDS ${file}_${ext}
REQUIRED_FILES "${FILES}/${file}.${ext}"
)
endforeach()
endforeach()
foreach(ext ${extensions_3})
set_tests_properties(verify_removed_${ext} PROPERTIES
WILL_FAIL TRUE
)
endforeach()
if(Python3_FOUND)
foreach(ext ${extensions_4})
foreach(cert ${pem_certs})
add_test(
NAME sign_ts_${cert}_${ext}
COMMAND ${Python3_EXECUTABLE} "${PROJECT_BINARY_DIR}/Testing/tsa_server.py"
"--certs" "${CERTS}/${cert}.pem" "--key" "${CERTS}/key.pem"
"--input" "${FILES}/unsigned.${ext}" "--output" "${FILES}/ts_${cert}.${ext}"
)
endforeach()
endforeach()
foreach(ext ${extensions_4})
# Signature verification time: Sep 1 00:00:00 2019 GMT
add_test(
NAME verify_ts_cert_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_cert_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
)
endforeach()
# Signature verification time: Jan 1 00:00:00 2035 GMT
foreach(ext ${extensions_4})
add_test(
NAME verify_ts_future_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "2051222400"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_future_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
)
endforeach()
# Signature verification time: Jan 1 00:00:00 2035 GMT
# enabled "-ignore-timestamp" option
foreach(ext ${extensions_4})
add_test(
NAME verify_ts_ignore_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "2051222400"
"-ignore-timestamp"
"-in" "${FILES}/ts_cert.${ext}"
)
set_tests_properties(verify_ts_ignore_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_cert.${ext}"
WILL_FAIL TRUE
)
endforeach()
# Signature verification time: Sep 1 00:00:00 2019 GMT
# Certificate has expired or revoked
foreach(ext ${extensions_4})
foreach(cert ${failed_certs})
add_test(
NAME verify_ts_${cert}_${ext}
COMMAND osslsigncode "verify" ${verify_opt}
"-time" "1567296000"
"-in" "${FILES}/ts_${cert}.${ext}"
)
set_tests_properties(verify_ts_${cert}_${ext} PROPERTIES
DEPENDS sign_ts_${cert}_${ext}
REQUIRED_FILES "${FILES}/ts_${cert}.${ext}"
WILL_FAIL TRUE
)
endforeach()
endforeach()
else()
message(STATUS "Python3 was not found, skip timestamping tests")
endif()
foreach(ext ${extensions_4})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/nested.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/removed.${ext}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/added.${ext}")
foreach(cert ${pem_certs})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}")
endforeach()
foreach(format ${sign_formats})
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}")
endforeach()
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq")
set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr")
endforeach()
add_test(NAME remove_files COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})

22
cmake/FindHeaders.cmake Normal file
View File

@ -0,0 +1,22 @@
include(CheckIncludeFile)
include(CheckFunctionExists)
if(NOT MSVC)
check_function_exists(getpass HAVE_GETPASS)
check_include_file(termios.h HAVE_TERMIOS_H)
check_include_file(sys/mman.h HAVE_SYS_MMAN_H)
if(HAVE_SYS_MMAN_H)
check_function_exists(mmap HAVE_MMAP)
if(NOT HAVE_MMAP)
message(FATAL_ERROR "Error: Need mmap to build.")
endif()
endif()
endif()
# include wincrypt.h in Windows.h
if(MSVC AND NOT CYGWIN)
check_include_file(windows.h HAVE_MAPVIEWOFFILE)
if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE))
message(FATAL_ERROR "Error: Need file mapping function to build.")
endif()
endif()

13
cmake/SetBashCompletion.cmake Normal file
View File

@ -0,0 +1,13 @@
if(NOT MSVC)
find_package(bash-completion QUIET)
if(NOT BASH_COMPLETION_COMPLETIONSDIR)
if(BASH_COMPLETION_COMPATDIR)
set(BASH_COMPLETION_COMPLETIONSDIR ${BASH_COMPLETION_COMPATDIR})
else()
set(SHAREDIR "${CMAKE_INSTALL_PREFIX}/share")
set(BASH_COMPLETION_COMPLETIONSDIR "${SHAREDIR}/bash-completion/completions")
endif()
endif()
message(STATUS "Using bash completions dir ${BASH_COMPLETION_COMPLETIONSDIR}")
install(FILES "osslsigncode.bash" DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR})
endif()

111
cmake/SetCompilerFlags.cmake Normal file
View File

@ -0,0 +1,111 @@
include(CheckCCompilerFlag)
set(CMAKE_REQUIRED_QUIET ON)
function(add_debug_flag_if_supported flagname targets)
check_c_compiler_flag("${flagname}" HAVE_FLAG_${flagname})
if (HAVE_FLAG_${flagname})
foreach(target ${targets})
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:${flagname}>)
endforeach()
endif()
endfunction()
function(add_compile_flag_to_targets targets)
set(CHECKED_DEBUG_FLAGS
"-ggdb"
"-g"
"-O2"
"-pedantic"
"-Wall"
"-Wextra"
"-Wno-long-long"
"-Wconversion"
"-D_FORTIFY_SOURCE=2"
"-Wformat=2"
"-Wredundant-decls"
"-Wcast-qual"
"-Wnull-dereference"
"-Wno-deprecated-declarations"
"-Wmissing-declarations"
"-Wmissing-prototypes"
"-Wmissing-noreturn"
"-Wmissing-braces"
"-Wparentheses"
"-Wstrict-aliasing=3"
"-Wstrict-overflow=2"
"-Wlogical-op"
"-Wwrite-strings"
"-Wcast-align=strict"
"-Wdisabled-optimization"
"-Wshift-overflow=2"
"-Wundef"
"-Wshadow"
"-Wmisleading-indentation"
"-Wabsolute-value"
"-Wunused-parameter"
"-Wunused-function"
)
foreach(flag ${CHECKED_DEBUG_FLAGS})
add_debug_flag_if_supported(${flag} ${targets})
endforeach()
endfunction()
function(add_compile_flags target)
if(MSVC)
# Enable parallel builds
target_compile_options(${target} PRIVATE /MP)
# Use address space layout randomization, generate PIE code for ASLR (default on)
target_link_options(${target} PRIVATE /DYNAMICBASE)
# Create terminal server aware application (default on)
target_link_options(${target} PRIVATE /TSAWARE)
# Mark the binary as compatible with Intel Control-flow Enforcement Technology (CET) Shadow Stack
target_link_options(${target} PRIVATE /CETCOMPAT)
# Enable compiler generation of Control Flow Guard security checks
target_compile_options(${target} PRIVATE /guard:cf)
target_link_options(${target} PRIVATE /guard:cf)
# Buffer Security Check
target_compile_options(${target} PRIVATE /GS)
# Suppress startup banner
target_link_options(${target} PRIVATE /NOLOGO)
# Generate debug info
target_link_options(${target} PRIVATE /DEBUG)
if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
# High entropy ASLR for 64 bits targets (default on)
target_link_options(${target} PRIVATE /HIGHENTROPYVA)
# Enable generation of EH Continuation (EHCONT) metadata by the compiler
#target_compile_options(${target} PRIVATE /guard:ehcont)
#target_link_options(${target} PRIVATE /guard:ehcont)
else()
# Can handle addresses larger than 2 gigabytes
target_link_options(${target} PRIVATE /LARGEADDRESSAWARE)
# Safe structured exception handlers (x86 only)
target_link_options(${target} PRIVATE /SAFESEH)
endif()
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/D_FORTIFY_SOURCE=2>)
# Unrecognized compiler options are errors
target_compile_options(${target} PRIVATE $<$<CONFIG:DEBUG>:/options:strict>)
else()
check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
if(HAVE_STACK_PROTECTOR_ALL)
target_link_options(${target} PRIVATE -fstack-protector-all)
else()
check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR)
if(HAVE_STACK_PROTECTOR)
target_link_options(${target} PRIVATE -fstack-protector)
else()
message(WARNING "No stack protection supported")
endif()
endif()
# Support address space layout randomization (ASLR)
target_compile_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-fPIE -pie>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,relro>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,now>)
target_link_options(${target} PRIVATE $<$<NOT:$<C_COMPILER_ID:AppleClang>>:-Wl,-z,noexecstack>)
target_link_options(${target} PRIVATE -fstack-check)
add_compile_flag_to_targets(${target})
endif()
endfunction()
add_compile_flags(osslsigncode)

139
configure.ac
View File

@ -1,139 +0,0 @@
AC_PREREQ(2.60)
AC_INIT([osslsigncode], [2.3.0], [Michal.Trojnara@stunnel.org])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
AC_CONFIG_SRCDIR([osslsigncode.c])
# bash completion support
AC_ARG_WITH([bashcompdir],
AS_HELP_STRING([--with-bashcompdir=DIR], [directory for bash completions]), ,
[PKG_CHECK_VAR([with_bashcompdir], [bash-completion], [completionsdir], ,
[with_bashcompdir="${datarootdir}/bash-completion/completions"])])
AC_MSG_CHECKING([for bashcompdir])
AC_MSG_RESULT([$with_bashcompdir])
AC_SUBST([bashcompdir], [$with_bashcompdir])
dnl Checks for programs.
AC_PROG_CC
AC_USE_SYSTEM_EXTENSIONS
AC_ARG_ENABLE(
[strict],
[AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@disabled@:>@])],
,
[enable_strict="no"]
)
AC_ARG_ENABLE(
[pedantic],
[AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@disabled@:>@])],
,
[enable_pedantic="no"]
)
AC_ARG_WITH(
[curl],
[AS_HELP_STRING([--with-curl],[enable curl @<:@enabled@:>@])],
,
[with_curl="yes"]
)
if test "${enable_pedantic}" = "yes"; then
enable_strict="yes";
CFLAGS="${CFLAGS} -pedantic"
fi
if test "${enable_strict}" = "yes"; then
CFLAGS="${CFLAGS} -Wall -Wextra"
fi
PKG_PROG_PKG_CONFIG
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MKDIR_P
AC_PROG_SED
AC_PROG_MAKE_SET
AC_C_CONST
AC_HEADER_STDC
AC_HEADER_TIME
AC_CHECK_HEADERS(
[sys/mman.h],
[AC_CHECK_FUNC(
[mmap],
[AC_DEFINE(HAVE_MMAP, [1], [Define to 1 if you have mmap])],
[AC_MSG_ERROR([Need mmap to build.])]
)],
[have_mmap=no]
)
AC_CHECK_HEADERS(
[windows.h],
[],
[have_MapViewOfFile=no]
)
AS_IF([test "x$have_mmap$have_MapViewOfFile" = "xnono"],
[AC_MSG_ERROR([Need file mapping function to buid.])])
AC_CHECK_LIB(
[dl],
[dlopen],
[DL_LIBS="-ldl"]
)
AC_CHECK_HEADERS([termios.h])
AC_CHECK_FUNCS(getpass)
PKG_CHECK_MODULES(
[OPENSSL],
[libcrypto >= 1.1.1],
,
[PKG_CHECK_MODULES(
[OPENSSL],
[openssl >= 1.1.1],
,
[AC_CHECK_LIB(
[crypto],
[EVP_MD_CTX_new],
[OPENSSL_LIBS="-lcrypto ${SOCKETS_LIBS} ${DL_LIBS}"],
[AC_MSG_ERROR([OpenSSL 1.1.1 or later is required. https://www.openssl.org/])],
[${DL_LIBS}]
)]
)]
)
PKG_CHECK_MODULES(
[LIBCURL],
[libcurl >= 7.12.0],
,
[AC_CHECK_LIB(
[curl],
[curl_easy_strerror],
[LIBCURL_LIBS="-lcurl"],
,
[${DL_LIBS}]
)]
)
if test "${with_curl}" = "yes"; then
test -z "${LIBCURL_LIBS}" && AC_MSG_ERROR(m4_normalize([
Curl 7.12.0 or later required for timestamping support http://curl.haxx.se/
m4_newline() or libcurl development package not found, try installing:
m4_newline() * libcurl4-openssl-dev (Debian, Ubuntu)
m4_newline() * libcurl-devel (Fedora, CentOS, RHEL)
m4_newline() * libcurl_dev (Solaris)
]))
OPTIONAL_LIBCURL_CFLAGS="${LIBCURL_CFLAGS}"
OPTIONAL_LIBCURL_LIBS="${LIBCURL_LIBS}"
AC_DEFINE([ENABLE_CURL], [1], [libcurl is enabled])
fi
AC_SUBST([OPTIONAL_LIBCURL_CFLAGS])
AC_SUBST([OPTIONAL_LIBCURL_LIBS])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
# vim: set ts=4 noexpandtab:

114
msi.c
View File

@ -691,7 +691,7 @@ int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root)
OPENSSL_free(indata);
goto out;
}
BIO_write(hash, indata, inlen);
BIO_write(hash, indata, (int)inlen);
OPENSSL_free(indata);
}
if (child->type == DIR_STORAGE) {
@ -709,15 +709,14 @@ out:
}
/* Compute a simple sha1/sha256 message digest of the MSI file */
int msi_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, uint32_t fileend)
int msi_calc_digest(char *indata, int mdtype, u_char *mdbuf, uint32_t fileend)
{
BIO *bio = NULL;
EVP_MD_CTX *mdctx;
uint32_t n;
int ret = 0;
const EVP_MD *md = EVP_get_digestbynid(mdtype);
BIO *bio = BIO_new_mem_buf(indata, (int)fileend);
EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
bio = BIO_new_mem_buf(indata, fileend);
mdctx = EVP_MD_CTX_new();
if (!EVP_DigestInit(mdctx, md)) {
printf("Unable to set up the digest context\n");
goto out;
@ -732,11 +731,11 @@ int msi_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, uint32_t file
uint32_t want = fileend - n;
if (want > sizeof bfb)
want = sizeof bfb;
l = BIO_read(bio, bfb, want);
l = BIO_read(bio, bfb, (int)want);
if (l <= 0)
break;
EVP_DigestUpdate(mdctx, bfb, l);
n += l;
EVP_DigestUpdate(mdctx, bfb, (size_t)l);
n += (uint32_t)l;
}
EVP_DigestFinal(mdctx, mdbuf, NULL);
ret = 1; /* OK */
@ -746,34 +745,34 @@ out:
return ret;
}
static void ministream_append(MSI_OUT *out, char *buf, int len)
static void ministream_append(MSI_OUT *out, char *buf, uint32_t len)
{
uint32_t needSectors = (len + out->sectorSize - 1) / out->sectorSize;
if (out->miniStreamLen + len >= out->ministreamsMemallocCount * out->sectorSize) {
out->ministreamsMemallocCount += needSectors;
out->ministream = OPENSSL_realloc(out->ministream, out->ministreamsMemallocCount * out->sectorSize);
out->ministream = OPENSSL_realloc(out->ministream, (size_t)(out->ministreamsMemallocCount * out->sectorSize));
}
memcpy(out->ministream + out->miniStreamLen, buf, len);
memcpy(out->ministream + out->miniStreamLen, buf, (size_t)len);
out->miniStreamLen += len;
}
static void minifat_append(MSI_OUT *out, char *buf, int len)
static void minifat_append(MSI_OUT *out, char *buf, uint32_t len)
{
if (out->minifatLen == out->minifatMemallocCount * out->sectorSize) {
out->minifatMemallocCount += 1;
out->minifat = OPENSSL_realloc(out->minifat, out->minifatMemallocCount * out->sectorSize);
out->minifat = OPENSSL_realloc(out->minifat, (size_t)(out->minifatMemallocCount * out->sectorSize));
}
memcpy(out->minifat + out->minifatLen, buf, len);
memcpy(out->minifat + out->minifatLen, buf, (size_t)len);
out->minifatLen += len;
}
static void fat_append(MSI_OUT *out, char *buf, int len)
static void fat_append(MSI_OUT *out, char *buf, uint32_t len)
{
if (out->fatLen == out->fatMemallocCount * out->sectorSize) {
out->fatMemallocCount += 1;
out->fat = OPENSSL_realloc(out->fat, out->fatMemallocCount * out->sectorSize);
out->fat = OPENSSL_realloc(out->fat, (size_t)(out->fatMemallocCount * out->sectorSize));
}
memcpy(out->fat + out->fatLen, buf, len);
memcpy(out->fat + out->fatLen, buf, (size_t)len);
out->fatLen += len;
}
@ -838,7 +837,7 @@ static int dirent_insert(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLe
return 1; /* OK */
}
static int signature_insert(MSI_DIRENT *dirent, int len_msiex)
static int signature_insert(MSI_DIRENT *dirent, uint32_t len_msiex)
{
if (len_msiex > 0) {
if (!dirent_insert(dirent, digital_signature_ex, sizeof digital_signature_ex)) {
@ -855,8 +854,8 @@ static int signature_insert(MSI_DIRENT *dirent, int len_msiex)
return 1; /* OK */
}
static int stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, int len_msi,
u_char *p_msiex, int len_msiex, char **indata, int inlen, int is_root)
static uint32_t stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, uint32_t len_msi,
u_char *p_msiex, uint32_t len_msiex, char **indata, uint32_t inlen, int is_root)
{
if (is_root && !memcmp(entry->name, digital_signature, sizeof digital_signature)) {
*indata = (char *)p_msi;
@ -874,8 +873,8 @@ static int stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, int len_m
}
/* Recursively handle data from MSI_DIRENT struct */
static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, int len_msi,
u_char *p_msiex, int len_msiex, BIO *outdata, MSI_OUT *out, int is_root)
static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi,
u_char *p_msiex, uint32_t len_msiex, BIO *outdata, MSI_OUT *out, int is_root)
{
int i;
@ -912,15 +911,15 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, int l
ministream_append(out, indata, inlen);
/* fill to the end with known data, such as all zeroes */
if (inlen % msi->m_minisectorSize > 0) {
int remain = msi->m_minisectorSize - inlen % msi->m_minisectorSize;
memset(buf, 0, remain);
uint32_t remain = msi->m_minisectorSize - inlen % msi->m_minisectorSize;
memset(buf, 0, (size_t)remain);
ministream_append(out, buf, remain);
}
while (inlen > msi->m_minisectorSize) {
out->miniSectorNum += 1;
PUT_UINT32_LE(out->miniSectorNum, buf);
minifat_append(out, buf, 4);
inlen -= (uint32_t)msi->m_minisectorSize;
inlen -= msi->m_minisectorSize;
}
PUT_UINT32_LE(ENDOFCHAIN, buf);
minifat_append(out, buf, 4);
@ -929,19 +928,19 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, int l
/* set the first sector location if this is a stream object */
child->entry->startSectorLocation = out->sectorNum;
/* stream save */
BIO_write(outdata, indata, inlen);
BIO_write(outdata, indata, (int)inlen);
/* fill to the end with known data, such as all zeroes */
if (inlen % out->sectorSize > 0) {
int remain = out->sectorSize - inlen % out->sectorSize;
memset(buf, 0, remain);
BIO_write(outdata, buf, remain);
uint32_t remain = out->sectorSize - inlen % out->sectorSize;
memset(buf, 0, (size_t)remain);
BIO_write(outdata, buf, (int)remain);
}
/* set a sector chain in the FAT */
while (inlen > out->sectorSize) {
out->sectorNum += 1;
PUT_UINT32_LE(out->sectorNum, buf);
fat_append(out, buf, 4);
inlen -= (uint32_t)out->sectorSize;
inlen -= out->sectorSize;
}
PUT_UINT32_LE(ENDOFCHAIN, buf);
fat_append(out, buf, 4);
@ -956,19 +955,19 @@ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, int l
static void ministream_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out)
{
char buf[MAX_SECTOR_SIZE];
int remain, i;
int ministreamSectorsCount = (out->miniStreamLen + out->sectorSize - 1) / out->sectorSize;
uint32_t i, remain;
uint32_t ministreamSectorsCount = (out->miniStreamLen + out->sectorSize - 1) / out->sectorSize;
/* set the first sector of the mini stream in the entry root object */
dirent->entry->startSectorLocation = out->sectorNum;
/* ministream save */
BIO_write(outdata, out->ministream, out->miniStreamLen);
BIO_write(outdata, out->ministream, (int)out->miniStreamLen);
OPENSSL_free(out->ministream);
/* fill to the end with known data, such as all zeroes */
if (out->miniStreamLen % out->sectorSize > 0) {
remain = out->sectorSize - out->miniStreamLen % out->sectorSize;
memset(buf, 0, remain);
BIO_write(outdata, buf, remain);
memset(buf, 0, (size_t)remain);
BIO_write(outdata, buf, (int)remain);
}
/* set a sector chain in the FAT */
for (i=1; i<ministreamSectorsCount; i++) {
@ -985,7 +984,7 @@ static void ministream_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out)
static void minifat_save(BIO *outdata, MSI_OUT *out)
{
char buf[MAX_SECTOR_SIZE];
int i,remain;
uint32_t i, remain;
/* set Mini FAT Starting Sector Location in the header */
if (out->minifatLen == 0) {
@ -996,7 +995,7 @@ static void minifat_save(BIO *outdata, MSI_OUT *out)
PUT_UINT32_LE(out->sectorNum, buf);
memcpy(out->header + HEADER_MINI_FAT_SECTOR_LOC, buf, 4);
/* minifat save */
BIO_write(outdata, out->minifat, out->minifatLen);
BIO_write(outdata, out->minifat, (int)out->minifatLen);
/* marks the end of the stream */
PUT_UINT32_LE(ENDOFCHAIN, buf);
BIO_write(outdata, buf, 4);
@ -1004,8 +1003,8 @@ static void minifat_save(BIO *outdata, MSI_OUT *out)
/* empty unallocated free sectors in the last Mini FAT sector */
if (out->minifatLen % out->sectorSize > 0) {
remain = out->sectorSize - out->minifatLen % out->sectorSize;
memset(buf, FREESECT, remain);
BIO_write(outdata, buf, remain);
memset(buf, (int)FREESECT, (size_t)remain);
BIO_write(outdata, buf, (int)remain);
}
/* set a sector chain in the FAT */
out->minifatSectorsCount = (out->minifatLen + out->sectorSize - 1) / out->sectorSize;
@ -1060,13 +1059,13 @@ static char *msi_unused_dirent_get()
/* initialise 127 bytes */
memset(data, 0, DIRENT_SIZE);
memset(data + DIRENT_LEFT_SIBLING_ID, NOSTREAM, 4);
memset(data + DIRENT_RIGHT_SIBLING_ID, NOSTREAM, 4);
memset(data + DIRENT_CHILD_ID, NOSTREAM, 4);
memset(data + DIRENT_LEFT_SIBLING_ID, (int)NOSTREAM, 4);
memset(data + DIRENT_RIGHT_SIBLING_ID, (int)NOSTREAM, 4);
memset(data + DIRENT_CHILD_ID, (int)NOSTREAM, 4);
return data;
}
static int dirents_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out, int *streamId, int count, int last)
static int dirents_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out, uint32_t *streamId, int count, int last)
{
int i, childenNum;
char *entry;
@ -1084,7 +1083,7 @@ static int dirents_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out, int *str
} else {
/* make linked list rather than tree, only use next - right sibling */
count += childenNum;
dirent->entry->rightSiblingID = *streamId + count + 1;
dirent->entry->rightSiblingID = *streamId + (uint32_t)count + 1;
}
} else { /* DIR_ROOT */
dirent->entry->rightSiblingID = NOSTREAM;
@ -1123,8 +1122,7 @@ static void dirtree_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out)
{
char buf[MAX_SECTOR_SIZE];
char *unused_entry;
int i, remain;
int streamId = 0;
uint32_t i, remain, streamId = 0;
/* set Directory Starting Sector Location in the header */
PUT_UINT32_LE(out->sectorNum, buf);
@ -1163,7 +1161,7 @@ static void dirtree_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out)
static int fat_save(BIO *outdata, MSI_OUT *out)
{
char buf[MAX_SECTOR_SIZE];
int i, remain;
uint32_t i, remain;
remain = (out->fatLen + out->sectorSize - 1) / out->sectorSize;
out->fatSectorsCount = (out->fatLen + remain * 4 + out->sectorSize - 1) / out->sectorSize;
@ -1188,17 +1186,17 @@ static int fat_save(BIO *outdata, MSI_OUT *out)
/* empty unallocated free sectors in the last FAT sector */
if (out->fatLen % out->sectorSize > 0) {
remain = out->sectorSize - out->fatLen % out->sectorSize;
memset(buf, FREESECT, remain);
memset(buf, (int)FREESECT, (size_t)remain);
fat_append(out, buf, remain);
}
BIO_write(outdata, out->fat, out->fatLen);
BIO_write(outdata, out->fat, (int)out->fatLen);
return 1; /* OK */
}
static void header_save(BIO *outdata, MSI_OUT *out)
{
char buf[MAX_SECTOR_SIZE];
int remain;
uint32_t remain;
/* set Number of FAT sectors in the header */
PUT_UINT32_LE(out->fatSectorsCount, buf);
@ -1217,8 +1215,8 @@ static void header_save(BIO *outdata, MSI_OUT *out)
BIO_write(outdata, out->header, HEADER_SIZE);
remain = out->sectorSize - HEADER_SIZE;
memset(buf, 0, remain);
BIO_write(outdata, buf, remain);
memset(buf, 0, (size_t)remain);
BIO_write(outdata, buf, (int)remain);
}
static char *header_new(MSI_FILE_HDR *hdr, MSI_OUT *out)
@ -1268,14 +1266,14 @@ static char *header_new(MSI_FILE_HDR *hdr, MSI_OUT *out)
memset(data + HEADER_DIFAT_SECTORS_NUM, 0, 4); /* no DIFAT */
memcpy(data + HEADER_DIFAT, dead_food, 4); /* sector number for FAT */
for (i = 1; i < DIFAT_IN_HEADER; i++) {
memset(data + HEADER_DIFAT + 4*i, FREESECT, 4); /* free FAT sectors */
memset(data + HEADER_DIFAT + 4*i, (int)FREESECT, 4); /* free FAT sectors */
}
return data;
}
static int msiout_set(MSI_FILE *msi, int len_msi, int len_msiex, MSI_OUT *out)
static int msiout_set(MSI_FILE *msi, uint32_t len_msi, uint32_t len_msiex, MSI_OUT *out)
{
int msi_size, msiex_size;
uint32_t msi_size, msiex_size;
out->sectorSize = msi->m_sectorSize;
@ -1307,8 +1305,8 @@ static int msiout_set(MSI_FILE *msi, int len_msi, int len_msiex, MSI_OUT *out)
return 1; /* OK */
}
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, int len_msi,
u_char *p_msiex, int len_msiex, BIO *outdata)
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi,
u_char *p_msiex, uint32_t len_msiex, BIO *outdata)
{
MSI_OUT out;
int ret = 0;

49
msi.h
View File

@ -72,25 +72,25 @@
#define DIRENT_START_SECTOR_LOC 0x74
#define DIRENT_FILE_SIZE 0x78
#define GET_UINT8_LE(p) ((u_char*)(p))[0]
#define GET_UINT8_LE(p) ((const u_char *)(p))[0]
#define GET_UINT16_LE(p) (uint16_t)(((u_char*)(p))[0] | (((u_char*)(p))[1]<<8))
#define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \
(((const u_char *)(p))[1] << 8))
#define GET_UINT32_LE(p) (uint32_t)(((u_char*)(p))[0] | (((u_char*)(p))[1]<<8) | \
(((u_char*)(p))[2]<<16) | (((u_char*)(p))[3]<<24))
#define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \
(((const u_char *)(p))[1] << 8) | \
(((const u_char *)(p))[2] << 16) | \
(((const u_char *)(p))[3] << 24))
#define PUT_UINT8_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff;
#define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff);
#define PUT_UINT16_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff
#define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \
((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff)
#define PUT_UINT32_LE(i,p) \
((u_char*)(p))[0] = (i) & 0xff; \
((u_char*)(p))[1] = ((i)>>8) & 0xff; \
((u_char*)(p))[2] = ((i)>>16) & 0xff; \
((u_char*)(p))[3] = ((i)>>24) & 0xff
#define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \
((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \
((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \
((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff)
#ifndef FALSE
#define FALSE 0
@ -171,14 +171,14 @@ typedef struct {
uint32_t miniStreamLen;
uint32_t minifatLen;
uint32_t fatLen;
int ministreamsMemallocCount;
int minifatMemallocCount;
int fatMemallocCount;
int dirtreeSectorsCount;
int minifatSectorsCount;
int fatSectorsCount;
int miniSectorNum;
int sectorNum;
uint32_t ministreamsMemallocCount;
uint32_t minifatMemallocCount;
uint32_t fatMemallocCount;
uint32_t dirtreeSectorsCount;
uint32_t minifatSectorsCount;
uint32_t fatSectorsCount;
uint32_t miniSectorNum;
uint32_t sectorNum;
uint32_t sectorSize;
} MSI_OUT;
@ -222,9 +222,10 @@ MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse);
void msi_dirent_free(MSI_DIRENT *dirent);
int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root);
int msi_calc_digest(char *indata, const EVP_MD *md, u_char *mdbuf, uint32_t fileend);
int msi_calc_digest(char *indata, int mdtype, u_char *mdbuf, uint32_t fileend);
int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen);
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, int len, u_char *p_msiex, int len_msiex, BIO *outdata);
int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p, uint32_t len,
u_char *p_msiex, uint32_t len_msiex, BIO *outdata);
/*
Local Variables:

640
osslsigncode.c
View File

File diff suppressed because it is too large Load Diff

7
tests/certs/.gitignore vendored
View File

@ -1,6 +1 @@
*.der
*.pem
*.pvk
*.p12
*.spc
*.txt
*.log

22
tests/certs/CACert.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIUOK8lwJ8A1Oqw8jDAb3TF06ve+PcwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTcwMTAxMDAwMDAwWhcNMjYxMTEwMDAwMDAwWjBYMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKzObJwYq4t9Y/OOQLqUNLU8RDXq284L8zQgRLkvApF87FNN7kozIgC9
/HAgJSho/Lup5lzkCWa3fjkYm1EBrL+JihesSaCxxe7LOg6tRaY+WxikwMUnlkNE
s3R+DogeGVsla4q0FEcICiz3FHTfSAUVmrN3Nj1ll7npJXrqmXxfCuO3slgjUkHq
tdZ5t1rSWwbiUhGIQKLzo3/uw2XoOI28qpoOw+0/y8AyjWs8My3u8GrYFr+qh5fx
Y0Zp0EhhAJo23Xd43XmeVKjuKIOaHu3JiM8sp9K1WFsTvFNAO27TBRn/X0mJCeDX
T117dQxhWOCcQ/uRGuXICT4ign8MLtUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQU6ewx3DIpbR8OptEmDFlYNELRqP4wHwYDVR0jBBgwFoAU6ewx
3DIpbR8OptEmDFlYNELRqP4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
A4IBAQAhRMun0IzPmHVFM+SOfSCPVAgogWpqR5XlBAFlS+Aen6v3ukQAQjEhfBbE
dZG6ye9i0ebf9qXYTvSq5wfaqP7FGb2/Z96uPXNMXPi796KjLW2CG578DitORPb7
x1eV3UGrQX2bMQ0JbGkBU+DIdIRBqDfad/kjLtm5eHyCbaodSWdaZO4LSUIy3MBx
2UeBj2qD4RTA0Dt7hG7RA5QdTxHlZyLIk8HX3krZ+il5RmSbOnQs/XqK5DJp4J5p
122sIO4Y9ki+Wewzx8f3/7mcVbcMo67GwRHo8bk3GjWE74pczyrzfP68vDQ4tn85
NcLPeLClfSziJD09z+Iyp94EQeKX
-----END CERTIFICATE-----

13
tests/certs/CACertCRL.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN X509 CRL-----
MIIB9zCB4AIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJQTDEVMBMGA1UE
CgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBFw0xOTAxMDEwMDAwMDBaFw00MzAx
MDEwMDAwMDBaMCcwJQIUOpY5wp7DtqsdxII7sxculedk0PYXDTIyMDcyNjEzMDk1
NlqgIzAhMB8GA1UdIwQYMBaAFJ4FrAtb4UB/ag702URPiid97ziLMA0GCSqGSIb3
DQEBCwUAA4IBAQA4Kw0vEJrtjjMam16iN/stOMxJDgkp1IQzA3narxr9fEjX5Ynk
JztuEExtowPIDOLGWCySXNEMmxCzXNAMvlUq+UQvnWrwgHQ9R7TBYIcAY+VRmzKz
T4PXvDSL2WMuJ1dLWoIcL2D0wEdti7YMvAnCrOC8HAPGgke5QcOgSfMSAYSAtpiw
PZAFgcuo53AodlCw9J+CPcHPYw+C2QExOy8s8q6d8Xgjg+Ge7v3RxLWy74sNPl0u
uZ79vcLNEeqEXxKaw5abqDqIDcUKIT3b62KsSxkak9IGNMLcTASw1V+YaKVLSYNW
NTuc5WJblfZi/q7WUMKkmRERzvdg2rf0CSH1
-----END X509 CRL-----

28
tests/certs/TSA.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCivbbTCnbOqPoV
7VVP/KJzgslx8yfX9laGwTsvzqStQtG8j40ljR85WD/bgy3I5duebudg7JhOVH2f
aSqbh8SCzP4YNDFcseDIuHdoXi54POgW3S/wbe8l8P7g3btcBgnlXh/izhUlEMib
Q/8G8UZj0n/MgKMLzcXc4t2eQ4Pzw7xAPqoXBZ20Fg2rFBfUsDDLc5F7lpO5t1WQ
dXTYmF0oAL/HLmd+HKe5Xgp9jJ6XacesjWLnhRdZ06uUP9cgo+Jem4QZxeFhOtMe
KAf7JH3Juz2Gi0a+4dMSNzES4m8RAlf6pXh4kAh7EhMNb/Ir6ZpY8uKM7dtn38mh
1f59EKc9AgMBAAECggEAK5zB0P695hYcpyGqOjxO4LvM9m+eXt7SQ1ynWuF6+j+s
62ZhAg42rux6eH5IF82ZtHSuJyhgjKVR4RWS6IlS3WbINX5PODMnNUNSJLMQqwJP
hEkUXs9nRni2JVbmrfukTUaTLvnhasR7rjhjsN2Z6ohv3UMf7rrfapmVoKMhSoLd
jqvZ2ZoaT5mfTiK/5PDyWqrt/vmvE4VlipAsvudwozG5vQDEsCNDNUTg5OTGnPUU
i0xeQTioqzCcweIlEaWhj/eMHx/eAeZ6V0Evid/YwTDlbTqVDWZGLJ/phOnKJs3V
j+eOv7E2d1ga7149SPDIv5Y0YZ91v3M06ICk5o66gQKBgQDSM+YyR5YOJTSAuAcI
uKTc33wwCbPiJF/F1zLJDdPp2IamZQbuNIX/8fOG3Gho+OnfNAykMcr3rFrug2vi
9GhWDQqguYGh16xos+2zNan6P/s0/rQ4OfPIsTEGC8X3fJeMzZUNMvnyN/FXzzus
020o29gu59esEfGHEsvAupC3IQKBgQDGMqGLgrU4oW/5mmm4BZlwwkZJNMmFH49u
Qe4Ylj87SQduExJMmTfrmANqQXu7RXG0IxLcvhwMLVCCYAkvuBv1awsbg2yfP1Pn
Wb/K+5CaHaxnpwSpRiGaN6fnAPDl8PnALMVXtQGru2MMcISxOIFQ9slHth0lmaMo
odIPIL1YnQKBgAOSskUEhn5zD3NorWXujY7blabTY2VirOYWBFz6iTGeZpuJeBaw
ed6h5DvUn0m5gXAz2EsqNYMEQP9w6HKRKPzdd+LHhHaVze5xsIatUNhaIhECi1mx
Un2E1Yp+xLyyN3lDPVdeGHWPkeCmOyNy7JYXNpOFiVr5axuarC/4e+FBAoGAeuRR
/mshaufOwnnYK15tcdlEM4gjnAOhr7/5ng0rT9tMXBg/NHeckNxE4dGQouHASu2k
eHL4eSRv0ycxCwGhdF7XGEw5QdTGdaDUp0ussaLMj8ijv0HY/AKefUG8HRd6BIq+
Ik/9pTofhEsQO8LJjCY5T9m/4NyOqlcMJI0sWpECgYBvPLnutbBXYONVAE3jL05K
hWwenKpv5Aaa11ahqzhil2Tj+VOMtmvhsSc5loSG83qp5LtN4LxyR0Vn9AGN7Z+d
Ut6LHeZ/DMW3/RPT+1MIKm6WLNxgk5YvuCxprdpfE5tTmV9/t+t3Uao7TRsLPl2o
qAKz8Fvq0el5RW3EtAgd4A==
-----END PRIVATE KEY-----

28
tests/certs/TSA.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUfRjXKciCGA4XbhbhxbAwfpcLGmowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0yODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAor220wp2zqj6Fe1VT/yic4LJcfMn1/ZWhsE7L86krULRvI+N
JY0fOVg/24MtyOXbnm7nYOyYTlR9n2kqm4fEgsz+GDQxXLHgyLh3aF4ueDzoFt0v
8G3vJfD+4N27XAYJ5V4f4s4VJRDIm0P/BvFGY9J/zICjC83F3OLdnkOD88O8QD6q
FwWdtBYNqxQX1LAwy3ORe5aTubdVkHV02JhdKAC/xy5nfhynuV4KfYyel2nHrI1i
54UXWdOrlD/XIKPiXpuEGcXhYTrTHigH+yR9ybs9hotGvuHTEjcxEuJvEQJX+qV4
eJAIexITDW/yK+maWPLijO3bZ9/JodX+fRCnPQIDAQABo4IBiDCCAYQwDAYDVR0T
AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUKWCqogni
6SseJ/P6LXo0M2cK++QwHwYDVR0jBBgwFoAU/5nNuG4Tm4v2y9uKf428/4fVQesw
gYQGCCsGAQUFBwEBBHgwdjA5BggrBgEFBQcwAoYtaHR0cDovL1RTQUNBLnRpbWVz
dGFtcGF1dGhvcml0eS5jb20vVFNBQ0EuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5UU0FDQS50aW1lc3RhbXBhdXRob3JpdHkuY29tOjkwODAwPgYDVR0fBDcw
NTAzoDGgL4YtaHR0cDovL1RTQUNBLnRpbWVzdGFtcGF1dGhvcml0eS5jb20vVFNB
Q0EuY3JsMFUGA1UdHgROMEygGDAKggh0ZXN0LmNvbTAKggh0ZXN0Lm9yZ6EwMAqH
CAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQB4YXa5nVWUzWSsUDMfYFTEETOe8boUErwfrDNBuj6z
B5en20FhI49i6PCYEfNq3vrAtPOEFJj+KPomN3C46VLxbUEvqWLdq6EyzWvVVmXK
VLeC0qV0m6CFM8GplaWzZdfFTQaaLUhgY08ZU2gp4QsoS2YjAosxlZrNSm6pBbv3
q+Og1KeSK8gKS0V89k+6e3LOEF6KaNWKSkoz5xDniQY//mTjiDcNmYUh0KhHfhdU
eO92M82uJSaDqnRs5HsWPs6z6qdfpuvj++OtQ1VCM2p5SEH2sEomdeN3YYChuG4h
yzn0mYAdbTyGJHlFm17AH+SQRbVqCKYdHDaqsMb+fWzi
-----END CERTIFICATE-----

22
tests/certs/TSACA.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDkDCCAnigAwIBAgIUJ0nfE+EVsIThltlY2LHVWMJVIq4wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0yNjExMTAwMDAwMDBaMGAxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOTX1f9dmtUiyzlsUInRIGfRMya338SVx
vYGeOwdpTSSGlYUVwR9AuFewQF5+klelstCJe+SoUG0AdzS30mRWlQrhip4UdvdW
T2gkNKbSn6DQzlWoQej9izqRLxAsbuszgkvnLOBEmPaLimDsCgu0bAN95Hp0Hls9
O/fVmzh8VuV4iscxc7q13ZB7CylWgwd55CFEGd/jpJ6kMwSHbOLoBWp4GQ3KxR+c
ASAo0FapU2WSZB2EYWszRiyq91X+AvIYN4ypTv7RccgfUvnZ2qFykJAkf/wgkynu
Qg7rCUNfUEpDc7jlqtDWR7iLrtHBkA17C3IU8ymmKQYWfw3ZyBwvAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP+ZzbhuE5uL9svbin+NvP+H1UHr
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbj3aFwIUxvzwgywO
gj01JM8GNbw1E4MGdkaNI8rgeY8ay15ZXhR9NpRWWb6Y7IXPq5XhuEktVte5Z4Kf
XLBrr7Xe9VVqJL9zd1tMzOEM/zG77rZf/iXBTZLkCtQc/GOEY4TTWKNEl5hiWVE0
po97GX5XHoeyHlWQ75sd9z6MxFxmvdp9/uyYD700e9sd5gcD8LGvHw2DNy8vntYV
ia9h95N9i1umffxU460o8W5GoIcsD13B3YftvnWhGSXqovBRFgcPAQZ4eW9Qh/zA
4zQBQrRvmREPihXVdgtWVpbRchP99oSZBrYr7Hh/P69rycklquqxJl1ol1wbT6dK
S5Gmng==
-----END CERTIFICATE-----

BIN
tests/certs/cert.der Normal file
View File

Binary file not shown.

BIN
tests/certs/cert.p12 Normal file
View File

Binary file not shown.

46
tests/certs/cert.pem Normal file
View File

@ -0,0 +1,46 @@
-----BEGIN CERTIFICATE-----
MIID7jCCAtagAwIBAgIUdLInHjkevRVCr7I78r5++6eSrZ0wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0yNDEyMzEwMDAwMDBaMIGdMQswCQYDVQQG
EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEUMBIGA1UEAwwL
Q2VydGlmaWNhdGUxJzAlBgkqhkiG9w0BCQEWGG9zc2xzaWduY29kZUBleGFtcGxl
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJLJ3Vty2lgJw+5
ouAV4ZqkIwvfWPcE7zD1CfQIL2802jVuCSTkN9cfFVYMKFEPJxQWJAKoCzr/Ux8z
Yt9BXO5o39+z7umLKmc6pfrZJ6kG4msrMjZv36LsCQyfjUc1O9H1aiOQEvRQY2pF
2v5dfqRMrAqH1ESQHCggUBjElWj9oMFax8jyO7JxTzuttOb6mhDmqz4q2u4LwZGH
lBofgOAB54Mlv41x7dDh85i/jayXuYYmsjRwCuBAn14+D2zImyPDx5UaUJJMzujo
QriOZ4KU2dHRgy0+vd7ZbrL1kRY1axyNQ+jBk7UHnlZZ2CCkhBoZIM6ez3ljPwgr
cpg0RtcCAwEAAaNiMGAwCQYDVR0TBAIwADAdBgNVHQ4EFgQUBxPEs09WXDxGqb+D
WTFgcUQd0AEwHwYDVR0jBBgwFoAUngWsC1vhQH9qDvTZRE+KJ33vOIswEwYDVR0l
BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAKK2e1s1puUFbNjglopi
mKZ4Pks2zb6LVUGG6Q4XQ1dWe25ovt68jWv56HFyCMI1N+L8q0+Ku2eOfLObS7Ej
FFRUWEIXDgipryDTGzoWRM380fuYpL/j7Rt1/xmIHWTFibf/6gK/naRXsFH3dEbb
7DDWQ5pAd2d60dB+ThUEIZQTQd/926Kuk5oESvP08fXMYTuiYARypG1gmiuvxQ9N
mDJP6CHxyJR/LB4tb0RAqnLkVsXVBDnRYWdEvkuhoqTtbhVzVbL3mPeEmVYypxxd
NdrHpU5zmxFSin2T3F0TneNcT+MDV+dQcWyTGNYs/fnmo85LsiakJixGv1qx8PTs
8iE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/cert.spc Normal file
View File

Binary file not shown.

23
tests/certs/crosscert.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIUGjZdQYlcAtlqZOsQ7eWRimQ9PIcwDQYJKoZIhvcNAQEL
BQAwbzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEMMAoGA1UE
CwwDQ1NQMRIwEAYDVQQDDAljcm9zc2NlcnQxJzAlBgkqhkiG9w0BCQEWGG9zc2xz
aWduY29kZUBleGFtcGxlLmNvbTAeFw0xODAxMDEwMDAwMDBaFw0yMDA2MTkwMDAw
MDBaMG8xCzAJBgNVBAYTAlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNV
BAsMA0NTUDESMBAGA1UEAwwJY3Jvc3NjZXJ0MScwJQYJKoZIhvcNAQkBFhhvc3Ns
c2lnbmNvZGVAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDJU6WNMOEoErLYb5Qc7jsvVgruPM7DJTZ4vUpJNYAyprSDHciaKSa4SiYS
84Mxc6tzBoJvKOAwpxzzONOqPVWUd5J244urgvfHgSGWsbA8bakiIYlETopnecFk
B3ZELR33CPqIbpYYMYujhPGFa1xxZxFykJ1iBhZ8Gh3W4wHi/2kW6hTQkihMtUPP
Xxc2XWACj/tz22OSdgNZcIfhXiy2HOuPch+0UlDR4UmlJIR5aet1y832hHoeeevo
qfhfGOm9rRf9nyxKDwTyaN7JVOb7A1k6KJEJoe1zfIwT56mgoA433iUWFMLB6hKU
be3zV1vGjk77Kk7atcvEMTRq+rwHAgMBAAGjYjBgMAkGA1UdEwQCMAAwHQYDVR0O
BBYEFEXgglEcDh+8oCCvjlxrN/Y7C4YwMB8GA1UdIwQYMBaAFEXgglEcDh+8oCCv
jlxrN/Y7C4YwMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IB
AQBo8UqUEjxGQCVU/IgphwKA8Rb/uAyBYm+AjqFDs82lA6ze0n08Bj+eciVkxscA
0deivOC1sDD88QkLzSQ9CPk4e7+m7nx5SFUnUWY+o3ln+cTbGSM0jW9hme0LtHXX
QxDSKDBhQonRQk7lQ+TwFR7ol+y5SdZy7YQ+v/25qO6MMQgSPykJIa4vF7lwrYhu
qL+1MJx/ryTbCUExcKNNkWHZJRc9ZvtdWEHYpBSZl5xmJdKMLnHAu5uv8N2pezzp
PfujldZky7bnERaTM+bf/LvKXS8RfQGrCLu9QjgPVa6ysZV6gXTsEtwYh64vucjS
s7IhdLxfiT0xYkK4JWrRLc38
-----END CERTIFICATE-----

45
tests/certs/expired.pem Normal file
View File

@ -0,0 +1,45 @@
-----BEGIN CERTIFICATE-----
MIID6jCCAtKgAwIBAgIUdtBZJAw8/6JVNMiQpN3PEROI8rowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMIGZMQswCQYDVQQG
EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UEAwwH
RXhwaXJlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsksndW3LaWAnD7mi4BXh
mqQjC99Y9wTvMPUJ9AgvbzTaNW4JJOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi30Fc
7mjf37Pu6YsqZzql+tknqQbiaysyNm/fouwJDJ+NRzU70fVqI5AS9FBjakXa/l1+
pEysCofURJAcKCBQGMSVaP2gwVrHyPI7snFPO6205vqaEOarPira7gvBkYeUGh+A
4AHngyW/jXHt0OHzmL+NrJe5hiayNHAK4ECfXj4PbMibI8PHlRpQkkzO6OhCuI5n
gpTZ0dGDLT693tlusvWRFjVrHI1D6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCtymDRG
1wIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQHE8SzT1ZcPEapv4NZMWBx
RB3QATAfBgNVHSMEGDAWgBSeBawLW+FAf2oO9NlET4onfe84izATBgNVHSUEDDAK
BggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAX1Ar7jRAXdcA0Wu37yRi58QN
hpa1VLXadqfB+i5Y4e3DzqnMbpkLWsFzreC1AG0RjLe52s4PRUE6boGlpUeAyfFC
Qu2Gl/REVWwMCYV8bq3vQZkYQjklAXCQLWFk5TrzuDmBcV8+fY518nWw+xmcYwW5
5oehLsvB4nxoBzlHgcdDwS5b2dmpCKCbZFLU9aA9DjAVvY/9B8emyj7Sh2sEK0Yf
xwHlATTVq5O0/9tvVZQmYsbpS0iCRGBM+spTEhDT4WGsaRO6wP+Ucgp6Ym3ahMvz
tHME3uUanKWVoDb69sguGZ6KlnZZZdIX1AJ3dlTXCrzEO9xsoAzqzsxVJGrraQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

22
tests/certs/intermediate.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/key.der Normal file
View File

Binary file not shown.

27
tests/certs/key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsksndW3LaWAnD7mi4BXhmqQjC99Y9wTvMPUJ9AgvbzTaNW4J
JOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi30Fc7mjf37Pu6YsqZzql+tknqQbiaysy
Nm/fouwJDJ+NRzU70fVqI5AS9FBjakXa/l1+pEysCofURJAcKCBQGMSVaP2gwVrH
yPI7snFPO6205vqaEOarPira7gvBkYeUGh+A4AHngyW/jXHt0OHzmL+NrJe5hiay
NHAK4ECfXj4PbMibI8PHlRpQkkzO6OhCuI5ngpTZ0dGDLT693tlusvWRFjVrHI1D
6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCtymDRG1wIDAQABAoIBACR/jgxT9ZgUvupR
Li6BTDXD9AiyKBwpPm3fO7JhGpTBVQorBGQw891t14hN5NLzLyTFg4mnrOTe770r
X8okL0n+3hWFWBsnCf8n2mKHob7QUfluVlEehcFsYE3dO6agFybb/mZZUAgDjNZs
hnAb45juuSlOtP10Is90DfGEDLH5IeY1xjzc7Qv/CFxCffIAC8QmQYUTihJ2m5aE
7Hvs79oEcSvbRJDYbykzrJ0eeIaEvfOxkWJnnJHrhiONzb8qgj3DLiZdX1qeo1Ao
ldNxEG9n3Axd6M0nhajz0qbDV11S8YiKfP10XRQh5xv7lZi7MjvrRxFTFYpSrXwi
YYyFNoECgYEA6YnIYg1nIe3qaI3Me1RQQTGRl8M/dQc2d98Pz5mez9vN3TIW6nEs
QYw/9OKG1ercbD+YnuaV+1izuAcA3mNlSDReTtzInAotJjTH1V3WYqvBTVUZSb6T
5qSBfRDC3AULFvHeX5c5wqgfB3U9KLDfVBfaHnMerg6dAGsYZPhPMrkCgYEAw3Eg
5BRTzbqG0WXF25rycTeHCcylMZRjI+TVcIa8AGqNSCK4HgAWp89XPIV3WceVqe2R
Lyn1jtA2MgGGcMBDFlOWF+h9j2/j27Z+pyIbBF9LAraJuBOG6dezd50y5Ur6HK/f
e5lnjvElIYdz+RX+rmw8NFcIUbSAfE7rGinDvg8CgYBDx86VzsgJC/FFySn4/X6R
fV6BSpTHVYGUhvQiz7ZNI8F7GoeWIaSznY4OeBSkT5cL/+U+8TPEkHkQx0+UPArw
Suq4PtImn7l85kK9hY+scacX18QQKDTq8wH2F4BGtVwDm81rtwt3mK3wzzEh9zvK
P2X6AnV8FReyQGMDIyJxWQKBgD6nu9WitqMTkzj6GY4nhGXLWV1I4ASe/5F4QPzM
FOVFQ3nGt6PWf2zYyay7VOHRXCeX451tJC3ejiFF3+WxnVBBB7Muc2JSiofbX4sR
Ifwq2I9MGaaLjArXfc9w8+oSOVCNCWZEbbCjmjW/iOxnorgkNsDIzf/zj+VKH5DJ
ptj9AoGAUpB6nPES3Nnj8DsbpHCnShYMl/rFxzxg2pJJosXzuS/ttuBT2DlT5eiY
aZcL1DGSp2CD4QXbVuDHPkQMPzVfZzKAuCZlotEMR9byK46aYIkQueym45e0PGZP
djKZm+cxF+W55jBkBBhV6wSOLNRWCUYiIIq3RmwWjkopNvSlwY4=
-----END RSA PRIVATE KEY-----

BIN
tests/certs/key.pvk Normal file
View File

Binary file not shown.

30
tests/certs/keyp.pem Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,6DB255395263EDD5
A83CH4mv7u89RbT8Tpz4gxImKGBw69Zr3LstRXlliGYobby5YBx/YimkA9wFCZK/
B1eitWwy0F6axDZQYHKi+yvUJDPB9arXtClvYknMhwrHV1GHLSYeqb9oZJeqNyDZ
Qd3lxTbUtkMVJgJNrl2kOezm6/srnAw4uA7NyAvrs2vEzB48q4VlysrJq+f9mLXj
vCmrfUwY999lSifRmoxqeWlqNUQ2tgHHXYMNagpvxYXsfe1UvEH9aa6+UsO9S0py
7dyfSu95QpWyVNqkWi1VAtNbo2VpjJ6NJLAk+dy/rNqN3a4KnWeIzkYssWTsKB08
VyHrRLePPx5qdarsczZtf+M2PxhHHnl/09+Nrp5BUcMV31j3v3VSM0K+CHEucAk7
95rUtSUNywKUQeSgXrG1eLX7kXwRQ7PPCz3sPtvmJRIvQlGgLiTbKPsG52m3kAIw
zgXPcH2lYb3855occznl72jMUucxXq8gq0bC4xbEg/yJV8p1IuUEFhLGI9s9T4JV
cO9NKwmSjpHFo1ULhB7o6uMmV2rYDK+5GbQHxZgHj3ES+i53eFMWGubPEEOmqSh3
9K7gtW9y971tNfhp9ba8RnYXT6xW2nMTM4koO9b4ptdwRo5bMKFvWY8eecXfsDAG
OJ+aXkDr8jsn1Xauq1m4TM71wn2wUx95KaCpL55UNBEn7aH9qlNFfxdyzXMPYS36
zgWK44BV3PTSIGgW61NVwHwzi3bFfymortVxGpelzy2dggWVvI3uzKocLFQ8f4oe
Y0HWSmGVPF3uFHNCZtCB/Tpbz6YwP/YYStqAcryeS5Yo9Hdkh8pBVnYiKdTFEUW2
RbClgeB2MV+zttsqvmodfkviS4BjWgoIV5szxWOePnO8kQAHA/Ml3CyDPOX6rqI5
lDKiUojEMLgir/3YWWcmigEIgRsyF3CL1s+kTR3S8e9QRe8RiliRUKW5gXrLEa6j
eUjs4kgCrvmQvwyZYJjWl+r7ycmk+yB/EZs8P39KRR/pfeZDUCZIOx8vkJBt57hC
oTNJ5llFzRcmEraElXmDOAuvmj3Lx/4qzY545rtzll3mFHJEX4qITslIX1ksZz1p
DncuqgIECzmZIeHPbnw7Nkv6EkoPzTOlccqnCH/SumFr2fhctv9x13gGcO4kSsqO
63yZCFHjMz/mos3l51aIAizj5wQO3BOo+RyKoSQohvPzVtSgjhYMZsAPzXKxF0/H
9VH0DekEb1WwPSbGZw8kpx9ePlglGqOBinTL6QW8YmFPbjy9RDd1di+fxh4Qe024
8gERZpdSsMoZ+NP0nr/TSbDISFPqcLzzMpC+V8Fc/QkNvSkR1GLlNQrxLoyfK0VX
0evysXDxqIWK9+TH7hIS1lf3i2gMkLMppMso1v2Cqf0zRj1oM3MI743QE9XTXKRz
iAwaEDDPZWS/00T9fqNrHgtSPNpsbeYZQPYaC2lq1kTIEOlUfZZvMy5lxVPVZ8y2
foit+0DewZsqLDJwbjZ3wYMERVEY7KagoInQa3A1ZC9SkFiCb4fNEbRF13gfjrSz
muRbKAhEhkzJDFRocIaTKZPIWdvC73tAW66v1Zha74mxuckgnQPPqQ==
-----END RSA PRIVATE KEY-----

1
tests/certs/password.txt Normal file
View File

@ -0,0 +1 @@
passme

45
tests/certs/revoked.pem Normal file
View File

@ -0,0 +1,45 @@
-----BEGIN CERTIFICATE-----
MIIDvTCCAqWgAwIBAgIUOpY5wp7DtqsdxII7sxculedk0PYwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0yNDEyMzEwMDAwMDBaMG0xCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UE
AwwHUmV2b2tlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsksndW3LaWAnD7mi
4BXhmqQjC99Y9wTvMPUJ9AgvbzTaNW4JJOQ31x8VVgwoUQ8nFBYkAqgLOv9THzNi
30Fc7mjf37Pu6YsqZzql+tknqQbiaysyNm/fouwJDJ+NRzU70fVqI5AS9FBjakXa
/l1+pEysCofURJAcKCBQGMSVaP2gwVrHyPI7snFPO6205vqaEOarPira7gvBkYeU
Gh+A4AHngyW/jXHt0OHzmL+NrJe5hiayNHAK4ECfXj4PbMibI8PHlRpQkkzO6OhC
uI5ngpTZ0dGDLT693tlusvWRFjVrHI1D6MGTtQeeVlnYIKSEGhkgzp7PeWM/CCty
mDRG1wIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQHE8SzT1ZcPEapv4NZ
MWBxRB3QATAfBgNVHSMEGDAWgBSeBawLW+FAf2oO9NlET4onfe84izATBgNVHSUE
DDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAYVJiPrkACW/tK487fYS/
gYzU3fYVCTfHpAv3njarNzy8UBNqBYr0kDg0DLoOWqGV7ogTtlbQP4IIjAQI/kW6
cEreW8yU5VxO+kxDo+7oG9VEbR85i6kQW2ubJsXV6yBtf5aAbXEqImYrtjh7UObb
BbQiUI1ll2dXWqvZGxr3Fz1uz8nPMYlBpVjpCh6JF8otdWwABmxRnqUvoLO6BZbH
/gdUkouXfio9BlWkWaJXJGXMW8B7ozpjuCHSHyfvGKDA3YIfa7++A1BIKxW72jIF
jRJDw/rwnV59tiEcBWmp2T6vV+rD8yaS+LotRPYD/ck/jEj/mV+N077KLmuZpdJF
ag==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUUPCDF21g2spK7557HZUhqSxBltMwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
MTgwMTAxMDAwMDAwWhcNMjYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyMs1XoC0NUT5YgydibOrE5SWBKk5C47B6tv6gA4t3zZJ
wejaiPkj+aTIU3Ww5DO/Gpz0GuqCHNBczIw92Cfvv8kyWzUy46bRkpBJLFav0JXS
B3xQaPlHWeXqMfVAGuM5ExT4CjjYKFsrgV1Q300thCHBhvr8TPekDIf+6J7NSz1P
062pYgypfqsA8OwKaQbgOL9v4QRmHoolnEDc1dK/FS4f3p9dlifl7kcSVGQK0yit
7Uncn250icCxMxS3MOE2NfuplUOSN6h6poWNGUsx00O7Dy9nUndUwJRpFfKXTV3v
GtlmFLNoho+ss/usnxjxggWBcRtKhqd8nGSJUlzs0wIDAQABo2YwZDASBgNVHRMB
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSeBawLW+FAf2oO9NlET4onfe84izAfBgNV
HSMEGDAWgBTp7DHcMiltHw6m0SYMWVg0QtGo/jAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBAD/FBa4stJGd/Acg2E2soI071B/l9B7FiqIRpCFuLVC4
1m7TIcjioIpZrxXwE1Egf8A9/6D/kKZtWnOljcxtPBEb+1/gB61M381RIgoMQ/Pf
7XX2yakk6mscUjbSTR//Mj1sYOs2r6ueZBp0whzF9nVvA43G6WMpf6XZqmhlg/oV
ynytW1Iu1SPoru3y8dX/lsukvKCak7MAp1eBcuUJxS56DnKcV9xgC30m3g+CErI3
qsOJ7lcfDP6fDjy7MfBsZBiY64MqwlDjjn7+Pleo69JedMwurHLhKnfm07DBPy8X
+EnQk61xHEjQtTsddXyQGQV3yjqylOF2AgsAf256uuA=
-----END CERTIFICATE-----

BIN
tests/certs/revoked.spc Normal file
View File

Binary file not shown.

50
tests/certs/tsa-chain.pem Normal file
View File

@ -0,0 +1,50 @@
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUfRjXKciCGA4XbhbhxbAwfpcLGmowDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0yODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAor220wp2zqj6Fe1VT/yic4LJcfMn1/ZWhsE7L86krULRvI+N
JY0fOVg/24MtyOXbnm7nYOyYTlR9n2kqm4fEgsz+GDQxXLHgyLh3aF4ueDzoFt0v
8G3vJfD+4N27XAYJ5V4f4s4VJRDIm0P/BvFGY9J/zICjC83F3OLdnkOD88O8QD6q
FwWdtBYNqxQX1LAwy3ORe5aTubdVkHV02JhdKAC/xy5nfhynuV4KfYyel2nHrI1i
54UXWdOrlD/XIKPiXpuEGcXhYTrTHigH+yR9ybs9hotGvuHTEjcxEuJvEQJX+qV4
eJAIexITDW/yK+maWPLijO3bZ9/JodX+fRCnPQIDAQABo4IBiDCCAYQwDAYDVR0T
AQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUKWCqogni
6SseJ/P6LXo0M2cK++QwHwYDVR0jBBgwFoAU/5nNuG4Tm4v2y9uKf428/4fVQesw
gYQGCCsGAQUFBwEBBHgwdjA5BggrBgEFBQcwAoYtaHR0cDovL1RTQUNBLnRpbWVz
dGFtcGF1dGhvcml0eS5jb20vVFNBQ0EuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8v
b2NzcC5UU0FDQS50aW1lc3RhbXBhdXRob3JpdHkuY29tOjkwODAwPgYDVR0fBDcw
NTAzoDGgL4YtaHR0cDovL1RTQUNBLnRpbWVzdGFtcGF1dGhvcml0eS5jb20vVFNB
Q0EuY3JsMFUGA1UdHgROMEygGDAKggh0ZXN0LmNvbTAKggh0ZXN0Lm9yZ6EwMAqH
CAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQB4YXa5nVWUzWSsUDMfYFTEETOe8boUErwfrDNBuj6z
B5en20FhI49i6PCYEfNq3vrAtPOEFJj+KPomN3C46VLxbUEvqWLdq6EyzWvVVmXK
VLeC0qV0m6CFM8GplaWzZdfFTQaaLUhgY08ZU2gp4QsoS2YjAosxlZrNSm6pBbv3
q+Og1KeSK8gKS0V89k+6e3LOEF6KaNWKSkoz5xDniQY//mTjiDcNmYUh0KhHfhdU
eO92M82uJSaDqnRs5HsWPs6z6qdfpuvj++OtQ1VCM2p5SEH2sEomdeN3YYChuG4h
yzn0mYAdbTyGJHlFm17AH+SQRbVqCKYdHDaqsMb+fWzi
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDkDCCAnigAwIBAgIUJ0nfE+EVsIThltlY2LHVWMJVIq4wDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0yNjExMTAwMDAwMDBaMGAxCzAJBgNVBAYT
AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOTX1f9dmtUiyzlsUInRIGfRMya338SVx
vYGeOwdpTSSGlYUVwR9AuFewQF5+klelstCJe+SoUG0AdzS30mRWlQrhip4UdvdW
T2gkNKbSn6DQzlWoQej9izqRLxAsbuszgkvnLOBEmPaLimDsCgu0bAN95Hp0Hls9
O/fVmzh8VuV4iscxc7q13ZB7CylWgwd55CFEGd/jpJ6kMwSHbOLoBWp4GQ3KxR+c
ASAo0FapU2WSZB2EYWszRiyq91X+AvIYN4ypTv7RccgfUvnZ2qFykJAkf/wgkynu
Qg7rCUNfUEpDc7jlqtDWR7iLrtHBkA17C3IU8ymmKQYWfw3ZyBwvAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP+ZzbhuE5uL9svbin+NvP+H1UHr
MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbj3aFwIUxvzwgywO
gj01JM8GNbw1E4MGdkaNI8rgeY8ay15ZXhR9NpRWWb6Y7IXPq5XhuEktVte5Z4Kf
XLBrr7Xe9VVqJL9zd1tMzOEM/zG77rZf/iXBTZLkCtQc/GOEY4TTWKNEl5hiWVE0
po97GX5XHoeyHlWQ75sd9z6MxFxmvdp9/uyYD700e9sd5gcD8LGvHw2DNy8vntYV
ia9h95N9i1umffxU460o8W5GoIcsD13B3YftvnWhGSXqovBRFgcPAQZ4eW9Qh/zA
4zQBQrRvmREPihXVdgtWVpbRchP99oSZBrYr7Hh/P69rycklquqxJl1ol1wbT6dK
S5Gmng==
-----END CERTIFICATE-----

100
tests/certs/makecerts.sh → tests/conf/makecerts.sh
View File

@ -18,6 +18,7 @@ make_certs() {
script_path=$(pwd)
cd "${result_path}"
mkdir "tmp/"
rm -rf "../certs"
# OpenSSL settings
CONF="${script_path}/openssl_intermediate.cnf"
@ -29,16 +30,18 @@ make_certs() {
OPENSSL=openssl
fi
mkdir "demoCA/" 2>> "makecerts.log" 1>&2
touch "demoCA/index.txt"
echo -n "unique_subject = no" > "demoCA/index.txt.attr"
echo 1000 > "demoCA/serial"
mkdir "CA/" 2>> "makecerts.log" 1>&2
touch "CA/index.txt"
echo -n "unique_subject = no" > "CA/index.txt.attr"
$OPENSSL rand -hex 16 > "CA/serial"
$OPENSSL rand -hex 16 > "tsa-serial"
echo 1001 > "CA/crlnumber"
date > "makecerts.log"
"$OPENSSL" version 2>> "makecerts.log" 1>&2
echo -n "$password" > "password.txt"
echo -n "$password" > tmp/password.txt
printf "\nGenerate root CA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out demoCA/CA.key \
"$OPENSSL" genrsa -out CA/CA.key \
2>> "makecerts.log" 1>&2
test_result $?
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
@ -46,20 +49,20 @@ make_certs() {
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_root.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key demoCA/CA.key -out tmp/CACert.pem \
"$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/CA.key -out tmp/CACert.pem \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out demoCA/intermediate.key \
"$OPENSSL" genrsa -out CA/intermediate.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_intermediate.cnf"
"$OPENSSL" req -config "$CONF" -new -key demoCA/intermediate.key -out demoCA/intermediate.csr \
"$OPENSSL" req -config "$CONF" -new -key CA/intermediate.key -out CA/intermediate.csr \
-subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
@ -68,39 +71,39 @@ make_certs() {
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_root.cnf"
"$OPENSSL" ca -config "$CONF" -batch -in demoCA/intermediate.csr -out demoCA/intermediate.cer \
"$OPENSSL" ca -config "$CONF" -batch -in CA/intermediate.csr -out CA/intermediate.cer \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
"$OPENSSL" x509 -in demoCA/intermediate.cer -out tmp/intermediate.pem \
"$OPENSSL" x509 -in CA/intermediate.cer -out tmp/intermediate.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
"$OPENSSL" genrsa -des3 -out demoCA/private.key -passout pass:"$password" \
"$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \
2>> "makecerts.log" 1>&2
test_result $?
cat demoCA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
test_result $?
printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
"$OPENSSL" rsa -in demoCA/private.key -passin pass:"$password" -out tmp/key.pem \
"$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/revoked.csr \
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -batch -in demoCA/revoked.csr -out demoCA/revoked.cer \
"$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in demoCA/revoked.cer -out tmp/revoked.pem \
"$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nRevoke above certificate\n" >> "makecerts.log"
"$OPENSSL" ca -config "$CONF" -revoke demoCA/revoked.cer \
"$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \
2>> "makecerts.log" 1>&2
test_result $?
@ -124,27 +127,27 @@ make_certs() {
test_result $?
printf "\nGenerate CSP Cross-Certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out demoCA/cross.key \
"$OPENSSL" genrsa -out CA/cross.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_intermediate.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 900 -key demoCA/cross.key -out tmp/crosscert.pem \
"$OPENSSL" req -config "$CONF" -new -x509 -days 900 -key CA/cross.key -out tmp/crosscert.pem \
-subj "/C=PL/O=osslsigncode/OU=CSP/CN=crosscert/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate code signing certificate\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/cert.csr \
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -batch -in demoCA/cert.csr -out demoCA/cert.cer \
"$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in demoCA/cert.cer -out tmp/cert.pem \
"$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \
2>> "makecerts.log" 1>&2
test_result $?
@ -179,14 +182,14 @@ make_certs() {
test_result $?
printf "\nGenerate expired certificate\n" >> "makecerts.log"
"$OPENSSL" req -config "$CONF" -new -key demoCA/private.key -passin pass:"$password" -out demoCA/expired.csr \
"$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \
-subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in demoCA/expired.csr -out demoCA/expired.cer \
"$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in demoCA/expired.cer -out tmp/expired.pem \
"$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \
2>> "makecerts.log" 1>&2
test_result $?
@ -194,23 +197,51 @@ make_certs() {
cat tmp/intermediate.pem >> tmp/expired.pem 2>> "makecerts.log"
test_result $?
printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log"
"$OPENSSL" genrsa -out CA/TSACA.key \
2>> "makecerts.log" 1>&2
TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
script_path=$(pwd)
OPENSSL="$0"
export LD_LIBRARY_PATH="$1"
CONF="${script_path}/openssl_tsa_root.cnf"
"$OPENSSL" req -config "$CONF" -new -x509 -days 3600 -key CA/TSACA.key -out tmp/TSACA.pem \
2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
test_result $?
printf "\nGenerate TSA certificate\n" >> "makecerts.log"
CONF="${script_path}/openssl_tsa.cnf"
"$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \
2>> "makecerts.log" 1>&2
test_result $?
CONF="${script_path}/openssl_tsa_root.cnf"
"$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \
2>> "makecerts.log" 1>&2
test_result $?
"$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \
2>> "makecerts.log" 1>&2
test_result $?
printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log"
cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log"
# copy new files
if test -s tmp/intermediate.pem -a -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \
-a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \
-a -s tmp/cert.pem -a -s tmp/cert.p12 -a -s tmp/cert.der -a -s tmp/cert.spc \
-a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc
-a -s tmp/crosscert.pem -a -s tmp/expired.pem -a -s tmp/revoked.pem -a -s tmp/revoked.spc \
-a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem
then
cp tmp/* ./
printf "%s\n" "keys & certificates successfully generated"
printf "%s\n" "makecerts.sh finished"
mkdir "../certs"
cp tmp/* ../certs
printf "%s" "keys & certificates successfully generated"
else
printf "%s\n" "makecerts.sh failed"
printf "%s\n" "error logs ${result_path}/makecerts.log"
printf "%s" "error logs ${result_path}/makecerts.log"
result=1
fi
# remove the working directory
rm -rf "demoCA/"
rm -rf "CA/"
rm -rf "tmp/"
exit "$result"
@ -222,8 +253,7 @@ if test -n "$(command -v faketime)"
make_certs "$1"
result=$?
else
printf "%s\n" "faketime not found in \$PATH"
printf "%s\n" "tests skipped, please install faketime package"
printf "%s" "faketime not found in \$PATH, please install faketime package"
result=1
fi

17
tests/certs/openssl_intermediate.cnf → tests/conf/openssl_intermediate.cnf
View File

@ -1,19 +1,20 @@
# OpenSSL intermediate CA configuration file
[ ca ]
[ default ]
name = intermediate
default_ca = CA_default
[ CA_default ]
# Directory and file locations
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
rand_serial = yes
private_key = $dir/demoCA/intermediate.key
certificate = $dir/tmp/intermediate.pem
private_key = $dir/CA/$name.key
certificate = $dir/tmp/$name.pem
crl_extensions = crl_ext
default_md = sha256
preserve = no

12
tests/certs/openssl_root.cnf → tests/conf/openssl_root.cnf
View File

@ -6,13 +6,13 @@ default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = .
certs = $dir/demoCA
crl_dir = $dir/demoCA
new_certs_dir = $dir/demoCA
database = $dir/demoCA/index.txt
serial = $dir/demoCA/serial
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
rand_serial = yes
private_key = $dir/demoCA/CA.key
private_key = $dir/CA/CA.key
certificate = $dir/tmp/CACert.pem
crl_extensions = crl_ext
default_md = sha256

46
tests/conf/openssl_tsa.cnf Normal file
View File

@ -0,0 +1,46 @@
# OpenSSL Timestamp Authority configuration file
oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ req ]
# Options for the `req` tool
default_bits = 2048
encrypt_key = yes
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = ca_distinguished_name
[ ca_distinguished_name ]
countryName = "PL"
organizationName = "osslsigncode"
organizationalUnitName = "Timestamp Authority"
commonName = "Test TSA"
# Time Stamping Authority command "openssl-ts"
[ tsa ]
default_tsa = tsa_config
[ tsa_config ]
dir = ./Testing/certs
signer_cert = $dir/TSA.pem
signer_key = $dir/TSA.key
certs = $dir/tsa-chain.pem
serial = $dir/tsa-serial
default_policy = tsa_policy1
other_policies = tsa_policy2, tsa_policy3
signer_digest = sha256
digests = sha256, sha384, sha512
accuracy = secs:1, millisecs:500, microsecs:100
ordering = yes
tsa_name = yes
ess_cert_id_chain = yes
ess_cert_id_alg = sha256

83
tests/conf/openssl_tsa_root.cnf Normal file
View File

@ -0,0 +1,83 @@
# OpenSSL Root Timestamp Authority configuration file
[ default ]
name = TSACA
domain_suffix = timestampauthority.com
aia_url = http://$name.$domain_suffix/$name.crt
crl_url = http://$name.$domain_suffix/$name.crl
ocsp_url = http://ocsp.$name.$domain_suffix:9080
name_opt = utf8, esc_ctrl, multiline, lname, align
default_ca = CA_default
[ CA_default ]
dir = .
certs = $dir/CA
crl_dir = $dir/CA
new_certs_dir = $dir/CA
database = $dir/CA/index.txt
serial = $dir/CA/serial
crlnumber = $dir/CA/crlnumber
rand_serial = yes
private_key = $dir/CA/$name.key
certificate = $dir/tmp/$name.pem
default_md = sha256
default_days = 3650
default_crl_days = 365
policy = policy_match
default_startdate = 20180101000000Z
default_enddate = 20280101000000Z
unique_subject = no
x509_extensions = tsa_extensions
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ tsa_extensions ]
basicConstraints = critical, CA:false
extendedKeyUsage = critical, timeStamping
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = @issuer_info
crlDistributionPoints = @crl_info
nameConstraints = @name_constraints
[ issuer_info ]
caIssuers;URI.0 = $aia_url
OCSP;URI.0 = $ocsp_url
[ crl_info ]
URI.0 = $crl_url
[ name_constraints ]
permitted;DNS.0=test.com
permitted;DNS.1=test.org
excluded;IP.0=0.0.0.0/0.0.0.0
excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0
[ req ]
# Options for the `req` tool
default_bits = 2048
encrypt_key = yes
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = ca_distinguished_name
x509_extensions = ca_extensions
[ ca_distinguished_name ]
countryName = "PL"
organizationName = "osslsigncode"
organizationalUnitName = "Timestamp Authority Root CA"
commonName = "TSA Root CA"
[ ca_extensions ]
# Extension to add when the -x509 option is used
basicConstraints = critical, CA:true
subjectKeyIdentifier = hash
keyUsage = critical, keyCertSign, cRLSign

BIN
tests/files/unsigned.cat Executable file
View File

Binary file not shown.

BIN
tests/files/unsigned.ex_ Normal file
View File

Binary file not shown.

BIN
tests/files/unsigned.exe Executable file
View File

Binary file not shown.

BIN
tests/files/unsigned.msi Normal file
View File

Binary file not shown.

53
tests/recipes/01_sign_pem
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Sign a file with a certificate and a private key in the PEM format.
# -st 1556668800 is the Unix time of May 1 00:00:00 2019 GMT
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=1
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

53
tests/recipes/02_sign_pass
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Sign a file with an encrypted private key in the PEM format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=2
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the PEM format"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

54
tests/recipes/03_sign_der
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Sign a file with an encrypted private key in the DER format.
# Requires OpenSSL 1.0.0 or later
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=3
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with an encrypted private key in the DER format"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

54
tests/recipes/04_sign_spc_pvk
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Sign a file with a certificate in the SPC format
# and a private key in the Microsoft Private Key (PVK) format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=4
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a SPC certificate and a PVK private key"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-spc "${script_path}/../certs/cert.spc" -key "${script_path}/../certs/key.pvk" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

53
tests/recipes/05_sign_pkcs12
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Sign a file with a certificate and a key stored in a PKCS#12 container.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=5
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a certificate and a key stored in a PKCS#12 container"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-pass passme \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

34
tests/recipes/06_test_sha256sum
View File

@ -1,34 +0,0 @@
#!/bin/sh
# Checking SHA256 message digests for 01x-05x tests
. $(dirname $0)/../test_library
script_path=$(pwd)
result=0
test_nr=6
for file in ${script_path}/../logs/sha256sum/*.*
do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
result=1
cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum/$name"
test_result "$result" "$number" "$test_name"
done
exit 0

61
tests/recipes/07_sign_timestamp
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Sign a file with Authenticode timestamping
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=7
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Sign a file with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

65
tests/recipes/08_sign_rfc3161
View File

@ -1,65 +0,0 @@
#!/bin/sh
# Sign a file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by
# a single binary bit, since it was notarized and time-stamped.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=8
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Sign a file with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

33
tests/recipes/09_sign_page_hashes
View File

@ -1,33 +0,0 @@
#!/bin/sh
# Generate page hashes for a file
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=9
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"exe") filetype=PE; format_nr=4 ;;
*) continue ;; # Warning: -ph option is only valid for PE files
esac
number="$test_nr$format_nr"
test_name="Generate page hashes for a $filetype file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 -ph \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

53
tests/recipes/10_sign_blob
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Sign a file with addUnauthenticatedBlob.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=10
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with addUnauthenticatedBlob"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

42
tests/recipes/11_sign_nest
View File

@ -1,42 +0,0 @@
#!/bin/sh
# Sign a file twice with the "nest" flag in the second time
# in order to add the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=11
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode sign -h sha512 \
-nest \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

54
tests/recipes/12_sign_readpass_pem
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Sign a file with a PEM key and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=12
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PEM key and a password read from password.txt file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-addUnauthenticatedBlob \
-readpass "${script_path}/../certs/password.txt" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

54
tests/recipes/13_sign_readpass_pkcs12
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Sign a file with the certificate and key stored in a PKCS#12 container
# and a password read from password.txt file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=13
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a PKCS#12 container and the file with a password"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-readpass "${script_path}/../certs/password.txt" \
-pkcs12 "${script_path}/../certs/cert.p12" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

53
tests/recipes/14_sign_descryption
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Sign a file with a descryption.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=14
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with a descryption"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-n "DESCRYPTION_TEXT" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "DESCRYPTION_TEXT" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

54
tests/recipes/15_sign_url
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Sign a file with specified URL for expanded description of the signed content
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=15
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with specified URL"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-i "https://www.osslsigncode.com/" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "https://www.osslsigncode.com/" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

58
tests/recipes/16_sign_comm
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Sign a file with Microsoft Commercial Code Signing purpose set for SPC_STATEMENT_TYPE_OBJID
# object ID numbers (OIDs) "1.3.6.1.4.1.311.2.1.11"
# changes default Microsoft Individual Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15"
# sets Microsoft Commercial Code Signing:
# "0x30, 0x0c, x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16"
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=16
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the common purpose set"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-comm \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Microsoft Commercial Code Signing" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

55
tests/recipes/17_sign_crosscertfile
View File

@ -1,55 +0,0 @@
#!/bin/sh
# Add an additional certificate to the signature block of the file.
# https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps
# https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-cross-certification
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=17
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an additional certificate to the signature block of a $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-ac "${script_path}/../certs/crosscert.pem" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "crosscert" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

52
tests/recipes/21_sign_hash_md5
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Sign a file with MD5 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=21
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with MD5 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h md5 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MD5" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

52
tests/recipes/22_sign_hash_sha1
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Sign a file with SHA1 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=22
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA1 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha1 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA1" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

52
tests/recipes/23_sign_hash_sha2
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Signing a file with SHA2 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=23
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA2 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha2 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA2" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

52
tests/recipes/24_sign_hash_sha384
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Sign a file with SHA384 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=24
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA384 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha384 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

52
tests/recipes/25_sign_hash_sha512
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Sign a file with SHA512 set of cryptographic hash functions.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=25
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with SHA512 set of cryptographic hash functions"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

55
tests/recipes/26_extract_signature_pem
View File

@ -1,55 +0,0 @@
#!/bin/sh
# Extract the signature in the PEM format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=26
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Extract the PEM signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature \
-pem \
-in "test_$number.$ext" -out "sign_$format_nr.pem"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

54
tests/recipes/27_extract_signature_der
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Extract the signature in the DER format.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=27
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Extract the DER signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha512 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
../../osslsigncode extract-signature\
-in "test_$number.$ext" -out "sign_$format_nr.der"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

58
tests/recipes/31_attach_signature_der
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Attach the DER signature to the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=31
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the DER signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode attach-signature \
-sigin "sign_$format_nr.der" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$result" -ne 0; then
cp "sign_$format_nr.der" "sign_$number.der"
fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

58
tests/recipes/32_attach_signature_pem
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Attach the PEM signature to the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=32
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode attach-signature \
-sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$result" -ne 0; then
cp "sign_$format_nr.der" "sign_$number.der"
fi
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

58
tests/recipes/33_attach_signed
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Attach the signature to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=33
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \
-sigin "sign_$format_nr.pem" \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"sha256sum" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

44
tests/recipes/34_attach_nest
View File

@ -1,44 +0,0 @@
#!/bin/sh
# Attach the signature to the signed file with the "nest" flag in order to
# attach the new signature instead of replacing the first one.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=34
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode attach-signature \
-sigin "sign_$format_nr.pem" \
-nest \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

54
tests/recipes/35_remove_signature
View File

@ -1,54 +0,0 @@
#!/bin/sh
# Remove the signature from the file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=35
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Unsupported command
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Remove the signature from the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode remove-signature \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

34
tests/recipes/36_varia_sha256sum
View File

@ -1,34 +0,0 @@
#!/bin/sh
# Checking SHA256 message digests for "extract" and "attach" tests.
. $(dirname $0)/../test_library
script_path=$(pwd)
result=0
test_nr=36
for file in ${script_path}/../logs/sha256sum/*.*
do
name="${file##*/}"
case $name in
"cat.log") filetype=CAT; format_nr=1 ;;
"msi.log") filetype=MSI; format_nr=2 ;;
"ex_.log") filetype=CAB; format_nr=3 ;;
"exe.log") filetype=PE; format_nr=4 ;;
"ps1.log") filetype=TXT; format_nr=5 ;;
esac
number="$test_nr$format_nr"
test_name="Checking SHA256 message digests for a $filetype file test"
printf "\n%03d. %s\n" "$number" "$test_name"
if test $(cat "sha256sum/$name" | cut -d' ' -f1 | uniq | wc -l) -ne 1
then
result=1
cat "sha256sum/$name" >> "results.log"
printf "Non-unique SHA256 message digests found\n" >> "results.log"
fi
rm -f "sha256sum/$name"
test_result "$result" "$number" "$test_name"
done
exit 0

64
tests/recipes/37_add_signature_timestamp
View File

@ -1,64 +0,0 @@
#!/bin/sh
# Add an authenticode timestamp to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=37
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Add an authenticode timestamp to the signed file"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

64
tests/recipes/38_add_signature_rfc3161
View File

@ -1,64 +0,0 @@
#!/bin/sh
# Add a RFC 3161 timestamp to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=38
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Timestamp Server Signature" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Add a RFC 3161 timestamp to the signed file"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

55
tests/recipes/39_add_signature_blob
View File

@ -1,55 +0,0 @@
#!/bin/sh
# Add an unauthenticated blob to the signed file.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=39
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Add an unauthenticated blob to the $filetype$desc signed file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "signed_$number.$ext"
../../osslsigncode add \
-addUnauthenticatedBlob \
-in "signed_$number.$ext" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Unauthenticated Data Blob" "MODIFY"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

51
tests/recipes/40_verify_leaf_hash
View File

@ -1,51 +0,0 @@
#!/bin/sh
# Compare the leaf certificate hash against specified SHA256 message digest for the file
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=40
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Compare the leaf hash against SHA256 message digest for the $filetype$desc file"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_leaf_hash "$result" "$number" "$ext" "@2019-05-01 00:00:00"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

41
tests/recipes/41_sign_add_msi_dse
View File

@ -1,41 +0,0 @@
#!/bin/sh
# Sign a MSI file with the add-msi-dse option.
# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
# when signing MSI files. In addition to file content, it also hashes some file metadata,
# specifically file names, file sizes, creation times and modification times.
# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=41
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"msi") filetype=MSI; format_nr=2 ;;
"ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files
"ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the add-msi-dse option"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-add-msi-dse \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

38
tests/recipes/42_sign_jp_low
View File

@ -1,38 +0,0 @@
#!/bin/sh
# Sign a CAB file with "low" level of permissions in Microsoft Internet Explorer 4.x for CAB files
# https://support.microsoft.com/en-us/help/193877
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=42
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: -jp option is only valid for CAB files
"msi") continue;; # Warning: -jp option is only valid for CAB files
"ex_") filetype=CAB; format_nr=3 ;;
"exe") continue;; # Warning: -jp option is only valid for CAB files
"ps1") continue;; # Warning: -jp option is only valid for CAB files
esac
number="$test_nr$format_nr"
test_name="Sign a $filetype$desc file with the jp low option"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-jp low \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Low level of permissions" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
exit 0

36
tests/recipes/45_verify_fake_pe
View File

@ -1,36 +0,0 @@
#!/bin/sh
# Verify changed file after signing.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=45
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
exit 0

46
tests/recipes/46_verify_timestamp
View File

@ -1,46 +0,0 @@
#!/bin/sh
# Verify changed file after signing with Authenticode timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=46
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with Authenticode timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with Authenticode timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

46
tests/recipes/47_verify_rfc3161
View File

@ -1,46 +0,0 @@
#!/bin/sh
# Verify changed file after signing with RFC 3161 timestamping.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=47
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Test is not supported for non-PE files
"msi") continue;; # Test is not supported for non-PE files
"ex_") continue;; # Test is not supported for non-PE files
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Test is not supported for non-PE files
esac
number="$test_nr$format_nr"
test_name="Verify changed $filetype$desc file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "Hello world!" "MODIFY"
test_result "$?" "$number" "$test_name"
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify changed file after signing with RFC 3161 timestamping"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

52
tests/recipes/51_verify_time
View File

@ -1,52 +0,0 @@
#!/bin/sh
# Verify a file signed after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=51
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify $filetype$desc file signed after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
exit 0

62
tests/recipes/52_verify_timestamp
View File

@ -1,62 +0,0 @@
#!/bin/sh
# Verify a file signed with Authenticode timestamping after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=52
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with Authenticode after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

62
tests/recipes/53_verify_rfc3161
View File

@ -1,62 +0,0 @@
#!/bin/sh
# Verify a file signed with RFC3161 timestamping after the cert has been expired.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=53
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "success" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with RFC3161 after the cert has been expired"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

62
tests/recipes/54_verify_expired
View File

@ -1,62 +0,0 @@
#!/bin/sh
# Verify a file signed with the expired cert.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=54
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the expired cert"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2025-01-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the expired cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

62
tests/recipes/55_verify_revoked
View File

@ -1,62 +0,0 @@
#!/bin/sh
# Verify a file signed with the revoked cert.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=55
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") filetype=CAT; format_nr=1 ;;
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1")
filetype=TXT
if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
format_nr=5
desc=" UTF-16LE(BOM)"
elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
format_nr=6
desc=" UTF-8(BOM)"
else
format_nr=7
desc=" UTF-8"
fi ;;
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the revoked cert"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "notsigned/$name" -out "test_$number.$ext"
result=$?
if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
printf "%s\n" "Compare file prefix failed"
test_result "1" "$number" "$test_name"
else
verify_signature "$result" "$number" "$ext" "fail" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
fi
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the revoked cert"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

60
tests/recipes/56_verify_multiple
View File

@ -1,60 +0,0 @@
#!/bin/sh
# Verify a file signed with the multiple signature.
. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=56
if ! grep -q "no libcurl available" "results.log"; then
for file in ${script_path}/../logs/notsigned/*.*
do
name="${file##*/}"
ext="${file##*.}"
desc=""
case $ext in
"cat") continue;; # Warning: CAT files do not support nesting
"msi") filetype=MSI; format_nr=2 ;;
"ex_") filetype=CAB; format_nr=3 ;;
"exe") filetype=PE; format_nr=4 ;;
"ps1") continue;; # Warning: TXT files do not support nesting
esac
number="$test_nr$format_nr"
test_name="Verify a $filetype$desc file signed with the multiple signature"
printf "\n%03d. %s\n" "$number" "$test_name"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \
-verbose \
-in "notsigned/$name" -out "signed1_$number.$ext"
../../osslsigncode sign -h sha384 \
-st "1556668800" \
-nest \
-certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \
-t http://time.certum.pl/ \
-t http://timestamp.digicert.com/ \
-verbose \
-in "signed1_$number.$ext" -out "signed2_$number.$ext"
../../osslsigncode sign -h sha256 \
-st "1556668800" \
-nest \
-certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
-ts http://time.certum.pl/ \
-ts http://timestamp.digicert.com/ \
-verbose \
-in "signed2_$number.$ext" -out "test_$number.$ext"
result=$?
verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
"UNUSED_PATTERN" "SHA384" "UNUSED_PATTERN"
test_result "$?" "$number" "$test_name"
done
else
format_nr=0
number="$test_nr$format_nr"
test_name="Verify a file signed with the multiple signature"
printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
fi
exit 0

174
tests/test_library
View File

@ -1,174 +0,0 @@
# this file is a library sourced from recipes/*
result_path=$(pwd)
cd $(dirname "$0")/../
script_path=$(pwd)
cd "${result_path}"
test_result() {
#1 last exit status
#2 test number
#3 test name
local result=0
if test "$1" -eq 0
then
printf "%s\n" "Test succeeded"
else
printf "%s\n" "Test failed"
printf "%03d. %-90s\t%s\n" "$2" "$3" "failed" 1>&3
result=1
fi
return "$result"
}
modify_blob() {
# $1 test number
# $2 filename extension
# $3 text searched in a binary file
local result=0
initial_blob=$(echo -n "$3" | xxd -p)
modified_blob=$(echo -n "FAKE" | xxd -p)
zero_blob="00000000"
xxd -p -c 1000 "test_$1.$2" | \
sed "s/$initial_blob$zero_blob/$initial_blob$modified_blob/" | \
xxd -p -r > "changed_$1.$2"
../../osslsigncode verify -verbose \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "changed_$1.$2" 2>> "verify.log" 1>&2
result=$?
if test "$result" -ne 0 \
-o $(grep -e "Calculated DigitalSignature" -e "Calculated message digest" "verify.log" | uniq | wc -l) -gt 1
then
printf "Failed: verify error or non-unique message digests found\n" 2>> "verify.log" 1>&2
result=1
else
rm -f "changed_$1.$2"
fi
return "$result"
}
search_pattern() {
# $1 test number
# $2 filename extension
# $3 pattern searched in a binary file or verify.log
local result=0
if ! grep -q "$3" "verify.log"
then
hex_pattern=$(echo -n "$3" | xxd -p)
if ! xxd -p -c 1000 "test_$1.$2" | grep "$hex_pattern" 2>> /dev/null 1>&2
then
result=1
printf "Failed: $3 not found\n"
fi
fi
return "$result"
}
verify_signature() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 expected result
# $5 fake time
# $6 sha256sum requirement
# $7 pattern searched in the verify.log file
# $8 modify requirement
local result=0
printf "" > "verify.log"
if test "$1" -eq 0
then
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$5" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify -verbose \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN"
then
search_pattern "$2" "$3" "$7"
result=$?
fi
if test "$result" -eq 0 -a "$8" = "MODIFY"
then
modify_blob "$2" "$3" "$7"
result=$?
fi
if test "$6" = "sha256sum"
then
sha256sum "test_$2.$3" 2>> "sha256sum/$3.log" 1>&2
fi
if test "$4" = "success" -a "$result" -eq 0
then
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
elif test "$4" = "fail" -a "$result" -eq 1
then
rm -f "test_$2.$3" "signed_$2.$3" "signed1_$2.$3" "signed2_$2.$3"
rm -f "changed_$2.$3"
cat "verify.log" >> "results.log"
result=0
else
cat "verify.log" >> "results.log"
result=1
fi
else
result=1
fi
return "$result"
}
verify_leaf_hash() {
# $1 sign exit code
# $2 test number
# $3 filename extension
# $4 fake time
local result=0
printf "" > "verify.log"
if test "$1" -eq 0
then
cp "test_$2.$3" "test_tmp.tmp"
TZ=GMT faketime -f "$4" /bin/bash -c '
printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log"
script_path=$(pwd)
../../osslsigncode verify -verbose \
-CAfile "${script_path}/../certs/CACert.pem" \
-CRLfile "${script_path}/../certs/CACertCRL.pem" \
-TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
-require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \
-in "test_tmp.tmp" 2>> "verify.log" 1>&2'
result=$?
rm -f "test_tmp.tmp"
if test "$result" -eq 0
then
rm -f "test_$2.$3"
else
cat "verify.log" >> "results.log"
fi
else
result=1
fi
return "$result"
}

135
tests/testall.sh
View File

@ -1,135 +0,0 @@
#!/bin/sh
# mingw64-gcc, gcab, msitools, libgsf, libgsf-devel
# vim-common, libfaketime packages are required
result=0
count=0
skip=0
fail=0
result_path=$(pwd)
cd $(dirname "$0")
script_path=$(pwd)
result_path="${result_path}/logs"
certs_path="${script_path}/certs"
make_tests() {
for plik in ${script_path}/recipes/*
do
/bin/sh $plik 3>&1 2>> "results.log" 1>&2
done
count=$(grep -c "Test succeeded" "results.log")
skip=$(grep -c "Test skipped" "results.log")
fail=$(grep -c "Test failed" "results.log")
printf "%s\n" "testall.sh finished"
printf "%s\n" "summary: success $count, skip $skip, fail $fail"
return $fail
}
rm -rf "${result_path}"
mkdir "${result_path}"
cd "${result_path}"
mkdir "notsigned" "sha256sum"
date > "results.log"
../../osslsigncode -v >> "results.log" 2>/dev/null
cd ${certs_path}
if test -s CACert.pem -a -s crosscert.pem -a -s expired.pem -a -s cert.pem \
-a -s CACertCRL.pem -a -s revoked.pem -a -s key.pem -a -s keyp.pem \
-a -s key.der -a -s cert.der -a -s cert.spc -a -s cert.p12
then
printf "%s\n" "keys & certificates path: ${certs_path}"
else
./makecerts.sh $1
result=$?
fi
cd "${result_path}"
if test "$result" -ne 0
then
exit $result
fi
# PE files support
if test -n "$(command -v x86_64-w64-mingw32-gcc)"
then
x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "notsigned/test.exe" 2>> "results.log" 1>&2
else
printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH"
printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package"
fi
# CAB files support
if test -n "$(command -v gcab)"
then
gcab -c "notsigned/test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2
else
printf "%s\n" "gcab not found in \$PATH"
printf "%s\n" "tests for CAB files skipped, please install gcab package"
fi
# MSI files support
if grep -q "no libgsf available" "results.log"
then
printf "%s\n" "signing MSI files requires libgsf/libgsf-devel packages and reconfiguration osslsigncode"
else
if test -n "$(command -v wixl)"
then
touch FoobarAppl10.exe
cp "../sources/sample.wxs" "notsigned/sample.wxs" 2>> "results.log" 1>&2
wixl -v "notsigned/sample.wxs" 2>> "results.log" 1>&2
rm -f "notsigned/sample.wxs"
rm -f "FoobarAppl10.exe"
else
printf "%s\n" "wixl not found in \$PATH"
printf "%s\n" "tests for MSI files skipped, please install wixl or msitools package depending on your OS"
fi
fi
# CAT files support
if test -s "../sources/good.cat"
then
cp "../sources/good.cat" "notsigned/good.cat"
fi
# TXT files support
if test -s "../sources/utf8.ps1"
then
cp "../sources/utf8.ps1" "notsigned/utf8.ps1"
fi
if test -s "../sources/utf8bom.ps1"
then
cp "../sources/utf8bom.ps1" "notsigned/utf8bom.ps1"
fi
if test -s "../sources/utf16le.ps1"
then
cp "../sources/utf16le.ps1" "notsigned/utf16le.ps1"
fi
# Timestamping support
if grep -q "no libcurl available" "results.log"
then
printf "%s\n" "configure --with-curl is required for timestamping support"
fi
# Tests requirements
if test -n "$(command -v faketime)"
then
if test -n "$(command -v xxd)"
then
make_tests
result=$?
rm -r -f "notsigned/" "sha256sum/"
rm -f sign_[1-9].pem sign_[1-9].der
rm -f "verify.log"
else
printf "%s\n" "xxd not found in \$PATH"
printf "%s\n" "tests skipped, please install vim-common package"
fi
else
printf "%s\n" "faketime not found in \$PATH"
printf "%s\n" "tests skipped, please install faketime package"
fi
exit $result

90
tests/testsign.sh
View File

@ -1,90 +0,0 @@
#!/bin/sh
if [ -z "$(command -v keytool)" ]; then
printf "%s\n" "keytool was not found in the \$PATH"
printf "%s\n" "Please install the default-jre-headless package"
exit 1
fi
rm -f putty*.exe
PUTTY_URL="http://the.earth.li/~sgtatham/putty/0.64/x86/putty.exe"
[ -f putty.exe ] || wget -q -O putty.exe $PUTTY_URL
[ -f putty.exe ] || curl -o putty.exe $PUTTY_URL
if [ ! -f putty.exe ]; then
echo "FAIL: Couldn't download putty.exe"
exit 1
fi
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
keytool -genkey \
-alias selfsigned \
-keysize 2048 \
-keyalg RSA \
-keypass passme \
-storepass passme \
-keystore key.ks << EOF
John Doe
ACME In
ACME
Springfield
LaLaLand
SE
yes
EOF
echo "Converting key/cert to PKCS12 container"
keytool -importkeystore \
-srckeystore key.ks \
-srcstoretype JKS \
-srckeypass passme \
-srcstorepass passme \
-srcalias selfsigned \
-destkeystore key.p12 \
-deststoretype PKCS12 \
-destkeypass passme \
-deststorepass passme
rm -f key.ks
echo "Converting key to PEM format"
openssl pkcs12 -in key.p12 -passin pass:passme -nocerts -nodes -out key.pem
echo "Converting key to PEM format (with password)"
openssl rsa -in key.pem -out keyp.pem -passout pass:passme
echo "Converting key to DER format"
openssl rsa -in key.pem -outform DER -out key.der -passout pass:passme
echo "Converting key to PVK format"
openssl rsa -in key.pem -outform PVK -pvk-strong -out key.pvk -passout pass:passme
echo "Converting cert to PEM format"
openssl pkcs12 -in key.p12 -passin pass:passme -nokeys -out cert.pem
echo "Converting cert to SPC format"
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc
make -C ..
../osslsigncode sign -spc cert.spc -key key.pem putty.exe putty1.exe
../osslsigncode sign -certs cert.spc -key keyp.pem -pass passme putty.exe putty2.exe
../osslsigncode sign -certs cert.pem -key keyp.pem -pass passme putty.exe putty3.exe
../osslsigncode sign -certs cert.spc -key key.der putty.exe putty4.exe
../osslsigncode sign -pkcs12 key.p12 -pass passme putty.exe putty5.exe
../osslsigncode sign -certs cert.spc -key key.pvk -pass passme putty.exe putty6.exe
rm -f cert.pem cert.spc key.der key.p12 key.pem key.pvk keyp.pem
echo
check=`sha1sum putty[1-9]*.exe | cut -d' ' -f1 | uniq | wc -l`
cmp putty1.exe putty2.exe && \
cmp putty2.exe putty3.exe && \
cmp putty3.exe putty4.exe && \
cmp putty4.exe putty5.exe && \
cmp putty5.exe putty6.exe
if [ $? -ne 0 ]; then
echo "Failure is not an option."
exit 1
else
echo "Yes, it works."
fi

Some files were not shown because too many files have changed in this diff Show More