#!/bin/sh
# Sign a MSI file with the add-msi-dse option.
# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
# when signing MSI files. In addition to file content, it also hashes some file metadata,
# specifically file names, file sizes, creation times and modification times.
# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm

. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=41

for file in ${script_path}/../logs/notsigned/*.*
  do
    name="${file##*/}"
    ext="${file##*.}"
    desc=""
    case $ext in
      "cat") continue;; # Warning: -add-msi-dse option is only valid for MSI files
      "msi") filetype=MSI; format_nr=2 ;;
      "ex_") continue;; # Warning: -add-msi-dse option is only valid for MSI files
      "exe") continue;; # Warning: -add-msi-dse option is only valid for MSI files
      "ps1") continue;; # Warning: -add-msi-dse option is only valid for MSI files
    esac

    number="$test_nr$format_nr"
    test_name="Sign a $filetype$desc file with the add-msi-dse option"
    printf "\n%03d. %s\n" "$number" "$test_name"

    ../../osslsigncode sign -h sha256 \
      -st "1556668800" \
      -add-msi-dse \
      -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
      -in "notsigned/$name" -out "test_$number.$ext"
    result=$?

    verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
      "UNUSED_PATTERN" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
    test_result "$?" "$number" "$test_name"
  done

exit 0