1#!/bin/bash
2#
3# Copyright (c) SAS Institute Inc.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18
19cd $(dirname $0)
20set -ex
21
22rm -rf scratch
23mkdir -p scratch/token
24export SOFTHSM2_CONF=./token.conf
25softhsm2-util --slot=0 --init-token --label=functest --pin=123456 --so-pin=12345678
26relic="relic -c ./testconf.yml"
27verify_2048p="relic verify --cert testkeys/rsa2048.pgp"
28verify_2048x="relic verify --cert testkeys/rsa2048.crt"
29$relic import-key -k rsa2048 -f testkeys/rsa2048.key
30$relic serve &
31spid=$!
32trap "kill $spid" EXIT INT QUIT TERM
33
34signed=scratch/signed
35mkdir -p $signed
36echo
37
38set +x
39for x in {1..100}
40do
41 curl -skf https://localhost:6363/health && break
42 if [ i == 100 ]
43 then
44 echo server failed to start
45 exit 1
46 fi
47 sleep 0.1
48done
49set -x
50
51### RPM
52pkg="zlib-1.2.8-10.fc24.i686.rpm"
53relic verify --cert "testkeys/RPM-GPG-KEY-fedora-25-i386" "packages/$pkg"
54$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
55relic verify "$signed/$pkg" 2>/dev/null && { echo expected an error; exit 1; }
56$verify_2048p "$signed/$pkg"
57echo
58
59### Starman
60pkg="zlib-1.2.8-10.fc24.i686.tar"
61$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
62$verify_2048p "$signed/$pkg"
63echo
64
65### DEB
66pkg="zlib1g_1.2.8.dfsg-5_i386.deb"
67$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
68relic verify "$signed/$pkg" 2>/dev/null && { echo expected an error; exit 1; }
69$verify_2048p "$signed/$pkg"
70echo
71
72### PGP
73relic verify "packages/InRelease" 2>/dev/null && { echo expected an error; exit 1; }
74relic verify --cert "testkeys/ubuntu2012.pgp" "packages/InRelease"
75relic verify "packages/Release.gpg" --content "packages/Release" 2>/dev/null && { echo expected an error; exit 1; }
76relic verify --cert "testkeys/ubuntu2012.pgp" "packages/Release.gpg" --content "packages/Release"
77$relic remote sign-pgp -u rsa2048 -ba "packages/Release" -o "$signed/Release.gpg"
78$verify_2048p "$signed/Release.gpg" --content "packages/Release"
79$relic remote sign-pgp -u rsa2048 --clearsign "packages/Release" -o "$signed/InRelease"
80$verify_2048p "$signed/InRelease"
81$relic remote sign-pgp -u rsa2048 "packages/Release" -o "$signed/Release.inline"
82$verify_2048p "$signed/Release.inline"
83echo
84
85### JAR
86pkg="hello.jar"
87$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
88$verify_2048x "$signed/$pkg"
89echo
90
91### EXE
92pkg="ClassLibrary1.dll"
93$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
94$verify_2048x "$signed/$pkg"
95echo
96
97### MSI
98pkg="dummy.msi"
99$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
100$verify_2048x "$signed/$pkg"
101echo
102
103### appx
104pkg="App1_1.0.3.0_x64.appx"
105relic verify --cert "testkeys/ralph.crt" "packages/$pkg"
106$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
107$verify_2048x "$signed/$pkg"
108echo
109
110### CAB
111pkg="dummy.cab"
112$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
113$verify_2048x "$signed/$pkg"
114echo
115
116### CAT
117pkg="hyperv.cat"
118relic verify --cert "testkeys/msroot.crt" "packages/$pkg"
119$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
120$verify_2048x "$signed/$pkg"
121echo
122
123### XAP
124pkg="dummy.xap"
125$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
126$verify_2048x "$signed/$pkg"
127echo
128
129### Powershell
130pkg="hello.ps1"
131$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
132$verify_2048x "$signed/$pkg"
133pkg="hello.ps1xml"
134$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
135$verify_2048x "$signed/$pkg"
136pkg="hello.mof"
137$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
138$verify_2048x "$signed/$pkg"
139echo
140
141### ClickOnce
142pkg="WindowsFormsApplication1.exe.manifest"
143$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
144$verify_2048x "$signed/$pkg"
145echo
146
147### VSIX
148pkg="VSIXProject1.vsix"
149relic verify --cert "testkeys/ralph.crt" "packages/$pkg"
150$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg"
151$verify_2048x "$signed/$pkg"
152echo
153
154### APK
155pkg="dummy.apk"
156$relic remote sign -k rsa2048 -f "packages/$pkg" -o "$signed/$pkg" -T jar --apk-v2-present
157$relic remote sign -k rsa2048 -f "$signed/$pkg"
158$verify_2048x "$signed/$pkg"
159echo
160
161### X.509 certificate operations
162$relic x509-self-sign -k root --generate-rsa 2048 --cert-authority -n "functest CA" >"$signed/root.crt"
163$relic x509-request -k inter --generate-ecdsa 384 --commonName "functest inter" >"$signed/inter.csr"
164$relic x509-sign -k root --cert-authority "$signed/inter.csr" > "$signed/inter.crt"
165$relic x509-request -k leaf --generate-ecdsa 256 --commonName "functest leaf" --alternate-dns leaf.localdomain >"$signed/leaf.csr"
166$relic x509-sign -k inter --copy-extensions "$signed/leaf.csr" > "$signed/leaf.crt"
167openssl verify -check_ss_sig -CAfile "$signed/root.crt" -untrusted "$signed/inter.crt" "$signed/leaf.crt"
168
169trap - EXIT
170kill -QUIT $spid
171wait $spid
172
173set +x
174echo
175echo OK
176echo
View as plain text